Australia’s National Cyber Security Strategy

Earlier this year, the Department of Home Affairs consulted on its 2023-2030 Australian National Cyber Security Strategy Discussion Paper. The proposed strategy aims to position Australia as the most cyber secure nation in the world by 2030. The Department plans to consider input from stakeholders and finalise and publish the strategy in July 2023. 

auDA participated in the consultation. A summary of key issues explored in our submission to the Department are set out below.  

auDA believes that cyber security should be viewed as prerequisite to enhance the overall health and wellbeing of the digital ecosystem and the focus of the final Australian National Cyber Security Strategy should be on making Australians’ digital lives more secure. Cyber security should not be considered as an end in itself, nor simply a national security problem. 

We agree that cyber security and resilience require a whole-of-nation approach involving a wide range of stakeholders. However, the Government must ensure that the right initiatives, mechanisms and programs are in place to enable public and private sector stakeholders to achieve this together. 

The internet is the underlying infrastructure that powers the digital economy. Keeping the internet secure must be a key consideration in the strategy to maintain the integrity of, and people’s trust in, the internet.  

Emphasising the significance of internet infrastructure security would also help raise awareness of secure internet protocols amongst Australians. This would also foster greater adoption of internet security standards such as the Domain Name System Security Extensions (DNSSEC), which provides encrypted protection for data on the .au DNS. The adoption of such standards could help lift the overall security of the internet. 

The Discussion Paper proposed the introduction of a single reporting portal for all cyber incidents. If such a portal was introduced, clarification on how the portal would function would be required. This includes consideration of how different reporting requirements (e.g. Security of Infrastructure Act (2018) (SOCI Act)) and obligations (e.g. Notifiable Data Breaches (NDB) scheme) would be captured. In auDA’s view, such a portal should incorporate the reporting requirements for each regime. 

With amendments to the SOCI Act made only recently, additional changes to the Act seem premature. Critical infrastructure operators should be allowed time to implement and evaluate changes. Additional amendments should only be introduced if evidence and identified gaps suggest the need to do so. Further, pending amendments resulting from the review of the Privacy Act (1988) must also be considered. Therefore, we suggest holding off making additional amendment to the SOCI Act at this stage. 

In August 2023, auDA will host the Asia Pacific Regional Internet Governance Forum (APrIGF), a key regional initiative on internet governance. auDA invites the Government to use the APrIGF as an opportunity to collaborate with our Asia-Pacific partners, and to support cyber security capacity building initiatives in the region.  

auDA’s submission to the Department will be published on our website once it has been reviewed and published by the Department of Home Affairs. In the meantime, you can read our positions on key policy matters on auDA’s submissions webpage.