惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

T
The Exploit Database - CXSecurity.com
A
Arctic Wolf
K
Kaspersky official blog
T
Threat Research - Cisco Blogs
PCI Perspectives
PCI Perspectives
www.infosecurity-magazine.com
www.infosecurity-magazine.com
P
Privacy International News Feed
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
U
Unit 42
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
Simon Willison's Weblog
Simon Willison's Weblog
P
Privacy & Cybersecurity Law Blog
O
OpenAI News
量子位
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
C
Cisco Blogs
AWS News Blog
AWS News Blog
Vercel News
Vercel News
Microsoft Security Blog
Microsoft Security Blog
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
美团技术团队
T
Threatpost
S
Schneier on Security
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
C
Cyber Attacks, Cyber Crime and Cyber Security
Last Week in AI
Last Week in AI
C
CERT Recently Published Vulnerability Notes
Blog — PlanetScale
Blog — PlanetScale
C
Cybersecurity and Infrastructure Security Agency CISA
F
Full Disclosure
博客园_首页
N
Netflix TechBlog - Medium
Security Latest
Security Latest
有赞技术团队
有赞技术团队
Google DeepMind News
Google DeepMind News
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
The Register - Security
The Register - Security
Application and Cybersecurity Blog
Application and Cybersecurity Blog
Recent Announcements
Recent Announcements
博客园 - Franky
P
Palo Alto Networks Blog
Project Zero
Project Zero
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
H
Help Net Security
Hacker News: Ask HN
Hacker News: Ask HN
Cisco Talos Blog
Cisco Talos Blog
H
Heimdal Security Blog
The Hacker News
The Hacker News
博客园 - 【当耐特】
GbyAI
GbyAI

Insights

ChatGPT is the ultimate phishing tool, so why aren’t companies boosting security budgets? Absolute, Trellix team up to enhance endpoint security Overcoming the challenges faced by a modern-day SOC Top 3 trade-offs commonly encountered in identity security circles The linkages between privileged access management and zero trust Cyber security in the Pacific: How island nations are building their online defences State sanctioned (cyber) violence, Australia’s next security threat Drawing a line in the sand for cyber conflict Automation: The future of the combat vehicle?
Billion-dollar cyber boost: A cash cow for defence SMEs?
2020-08-07 · via Insights

While the release of the national Cyber Security Strategy 2020 yesterday reflects an uptick in financial support for business, government, and household cyber resilience, much of the $1.67 billion promised is pegged to defence – representing an unprecedented opportunity for defence SMEs to expand into the space.

Following on from months of review, the Commonwealth has finally handed down its grand strategy for "creating a more secure online world for Australians". While some would argue the report – which replaces a 2016 iteration – is long overdue, others have argued it articulates a timely, robust response to mounting external pressures.

"We work to actively prevent cyber attacks, minimise damage, and respond to malicious cyber activity directed against our national interests. We deny and deter, while balancing the risk of escalation," the strategy states in its opening paragraph.

You’re out of free articles for this month

To continue reading the rest of this article, please log in.

"Our actions are lawful and aligned with the values we seek to uphold, and will therefore be proportionate, always contextual, and collaborative.”

The paper sets itself the lofty goal of evaluating:

  • Action by governments to strengthen the protection of Australians, businesses and critical infrastructure from the most sophisticated threats;
  • Action by businesses to secure their products and services and protect their customers from known cyber vulnerabilities; and
  • Action by the community to practice secure online behaviours and make informed purchasing decisions.

The full package will see $1.67 billion directed towards shoring up cyber resilience over the next 10 years, representing a marked increase on the $230 million laid out in the 2016 paper. Yet compared with the previous paper, the 2020 Strategy was remarkably clear about where this funding is being directed – and in large part, that’s towards defence.

Scaling up

As laid out yesterday, Canberra looks to ramp up funding towards intelligence cyber capabilities in the years to come. This comes, naturally, on the back of a rapidly shifting geostrategic environment – including, perhaps most ostensibly, a high-profile state-sponsored attack on the national infrastructure.

With a view to bolster offensive, as well as defensive, capability, just under one-third of the funding has been earmarked for the Australian Signals Directorate; $470 million will be used to create some 500-odd jobs within the agency, as well as a further $62.3 million spent on a "classified national situational awareness capability" to help ASD respond to threats.

As well as being handed a host of new cyber tools and legislative powers, the Australian Federal Police (AFP) is set to receive an additional $88 million in funding – though no specifics were given regarding any additional roles added to the agency.

Cyber security training and employment has been high on the priority list for some time. AustCyber has previously estimated that the nation will need 17,000 extra cyber security professionals by 2026. It’s clear that, words aside, the strategy update is likely to create a surge in cyber security employment on the government side, as well as academia. But what of private business?

A role to play for SMEs

While a groundswell in support for government cyber security agencies is likely to lead to flow-on effects through the public-private supply chain, this year’s strategy also injects funding and opportunity directly into the private side of the equation.

One key aspect of the report, which seems to have been skimmed over by most commentators so far, is undoubtedly the $50 million investment into the industry, referred to as the Cyber Security National Workforce Growth Program.

Split into four tranches, the blueprint for growth is designed to maximise SME involvement in both supply chains and critical government research initiatives – which, as we’ll discuss, is critical for protecting the contribution of SMEs as a whole.

There’s the $26.5 million Cyber Skills Partnerships Innovation Fund, which seeks to bring businesses and academia together to partner on innovative skills projects that directly meet employers’ skills needs.

Whether it’s scholarships, apprenticeships, specialist cyber security courses for working professionals, or retraining initiatives (key in the current climate), this component of the strategy shouldn’t be overlooked for decreasing entry barriers for those looking to get into the profession.

Similarly, smaller packages dished out to specific institutions – like the Australian Cyber Security Centre ($6.3 million) and Canberra’s Questacon ($14.9 million) might not seem like much initially; but they represent a significant improvement on previous rounds of funding.

Training, mentoring and coaching programs are all important for bringing talent into the fold, but $2.5 million has even been allocated towards data collection targeted at evaluating why there’s a cyber security skills shortage in the first place.

A self-protection mechanism?

Writing in ASPI’s The Strategist, Ian Bloomfield, Alison Howe and Max Heinrich make the case that small businesses are on the frontline of the nation’s battle with its cyber security woes. If correct, the Cyber Security National Workforce Growth Program could provide the perfect mixture of opportunity and incentive to stimulate defence SME involvement in the cyber sector over the next decade.

Drawing on years of experience in the field, the authors argue that taking cyber resilience more seriously improves the experience of small businesses and SMEs, and sets them up to succeed. Citing a survey of small and medium businesses conducted by the Australian Cyber Security Centre in 2019, they note that the sector is highly vulnerable to malicious cyber activity.

Now, while it’s far from often that Australia hits the headlines worldwide for cyber innovation, recent years have shown that we certainly have the talent to do so – and that much of it exists outside of government agencies and public research institutions.

Earlier in the year, Adelaide-based SME CyberOps proved it doesn’t shy away from complex, large-scale contracts – after the company took on a $299,000 contract to develop a security framework to support the nano-satellite development programs and operating systems in partnership with the Department of Defence.

And in February, Canberra-based Penten scored funding under a contract with AustCyber, the Australian Cyber Security Growth Network, to provide secure network access to a pilot group of regional SMEs and academia.

At the time, company CEO Matthew Wilson put it particularly succinctly. "SMEs are the future growth and innovation engine of the Australian cyber economy,” he said. “These businesses provide invaluable opportunities for Defence to gain advantage. Without them, we are missing out. Australia is missing out."

What other avenues should Australia pursue to foster long-term involvement in the cyber security sector from SMEs? Is the strategy update a step in the right direction in this respect, or does it miss the mark? Let us know your thoughts in the comments section below, or get in touch with [email protected] or at [email protected].

Cyber DailyWant to see more stories from trusted news sources?
Make Cyber Daily a preferred news source on Google.