This Cyber Security Strategy sets out my Government’s philosophy and program for meeting the dual challenges of the digital age—advancing and protecting our interests online.
The maintenance of our security online and the protection of freedom online are not only compatible but reinforce each other. A secure cyberspace provides trust and confidence for individuals, business and the public sector to share ideas and information and to innovate online.
The Internet is transforming how we socialise and do business in ways its founders could not have imagined. It is changing how we are entertained and informed, affecting almost every aspect of our lives.
The need for an open, free and secure Internet therefore goes far beyond economics. It is important for ensuring public and financial accountability and strengthening democratic institutions. It underpins freedom of expression and reinforces safe and vibrant communities.
If we are to fully realise the social, economic and strategic benefits of being online, we must ensure the Internet continues to be governed by those who use it—not dominated by governments. Equally cyberspace cannot be allowed to become a lawless domain. Both Government and the private sector have vital roles to play. While governments can take the lead in facilitating innovation and providing security, businesses need to ensure their cyber security practices are robust and up to date.
Australia and Australians are targets for malicious actors—including serious and organised criminal syndicates and foreign adversaries—who are all using cyberspace to further their aims and attack our interests. The scale and reach of malicious cyber activity affecting Australian public and private sector organisations and individuals is unprecedented. The rate of compromise is increasing and the methods used by malicious actors are rapidly evolving.
The Australian Government has a duty to protect our nation from cyber attack and to ensure that we can defend our interests in cyberspace. We must safeguard against criminality, espionage, sabotage and unfair competition online.
Australia and its allies will work together internationally to promote norms of behaviour that are consistent with a free, open and secure Internet. These norms include that states should not knowingly conduct or support cyber-enabled intellectual property theft for commercial advantage. We need to do this while redoubling our efforts to counter the spread of propaganda online which incites extremist and terrorist violence.
As the Snowden disclosures demonstrate, often the most damaging risk to government or business online security is not ‘malware’ but ‘warmware’; the ability of a trusted insider to cause massive disruption to a network or to use legitimate access to obtain classified material and then illegally disclose it.
Technical solutions are important but cultural change will be most effective in mitigating this form of cyber attack.
As businesses and governments we must better educate and empower our employees to use sound practices online. This Strategy seeks to promote an improved institutional cyber culture and raise awareness of cyber practice across government and business to enable all Australians to be secure online.
The Strategy complements the key elements of my Government’s Economic Plan—helping the transition to a new and more diverse economy which is fuelled by innovation, the opening of new markets and more investment in Australian enterprise. The cyber security industry is in its relative infancy but undergoing rapid growth. Australia is well placed to be a leader in cyber security. We can use technology as a means to manage the threats and risks that come with being online and interconnected—and to grow our true potential.
With the Innovation and Science Agenda and the Defence Industry Plan, this Strategy will help bring more Australian technologies to market, prepare our children for the jobs of the future by boosting science, technology, engineering and mathematics (STEM) participation and support and create innovative Australian companies.
Most importantly, this Strategy will play a key role in securing Australia in the 21st Century. It also represents a significant investment in cyber security. The Government will invest more than $230 million over four years to enhance Australia’s cyber security capability and deliver new initiatives. This complements the significant investment in cyber security outlined in the Defence White Paper, boosting Defence cyber capabilities by up to $400 million over the next decade.
The Government will show leadership locally, regionally and globally. I will designate a Minister Assisting the Prime Minister on cyber security and appoint a Special Adviser on Cyber Security in my Department, the Government’s lead on cyber security policy. The Minister for Foreign Affairs will also appoint Australia’s first Cyber Ambassador and the Department of Defence will continue to lead the co-location of the Government’s operational cyber security capabilities in the Australian Cyber Security Centre.
This new structure will ensure cyber security is given the attention it demands in an age where cyber opportunities and threats must be considered together and must be addressed proactively, not simply as a reaction to the inevitability of future cyber events. This Strategy will develop partnerships between the Australian public and private sectors, support home-grown cyber security capabilities and promote international cyber cooperation. We will change and adapt when needed to stay competitive and influential in the constantly changing technology landscape.
I look forward to working with governments both at home and abroad, the private sector and the community to strengthen trust online and together better realise Australia’s digital potential.
The Hon Malcolm Turnbull MP
21 April 2016