Cyber Security Should Be A Mandatory Requirement

Uploaded on 2020-09-17 in GOVERNMENT-National, FREE TO VIEW

The role of Government  in cyber security is growing as the global demand and dependency on the Internet and Internet-connected devices continue to increase. With increasing threats and fewer opportunities to fail, governments must rise to the challenge to protect both national security and economic prosperity.  

The process most governments use when creating regulations and laws encourages debate, argument, the careful examination of all sides of an issue, and the development of bartered consensus between groups with differing needs and opinions.  This model has been very successful at promoting economic success, however, it is less effective at regulating highly dynamic issues like cybersecurity.  

Networks, devices, applications, and services are changing at an exponential rate.Users and organisations are wrestling with threats on devices that didn’t even exist 18 months ago and trying to codify cybersecurity regulations is aiming at a moving target. In western democracies, the last 20 years have been characterised by wide-scale deregulation and privatisation, with much national critical infrastructure, in sectors such as energy, transport, finance and medicine, now in the hands of the private sector. 

Adversaries constantly target these critical infrastructure sectors, with security threats potentially causing both cascading and crippling effects regionally, nationally, and even internationally, as a result of the increased interconnectedness and interdependency in our society. 

Cyber security should be a mandatory government procurement requirement to create an industry-wide standard and lift cyber resilience across the economy, according to a significant new report.

The report, commissioned by the Australian Strategic Policy Institute (ASPI), calls for federal and state governments to strategically use their $20 billion annual technology expenditure to create a effective benchmark for improved cyber security and hardened supply chains. 

The Report recommends unification of standards; a sandbox or testing environment to enable small business to test and certify their offerings; the adoption of cyber insurance; and the building of sovereign capability by encouraging Australian providers. "Australian governments are the nation's largest spenders on ICT, Information and Communications Technology, but they're failing to maximise the leverage that market power gives them to drive improved cyber security and more secure supply chains," it concludes.

Wanted: A Strategic Approach

The ASPI report highlights the multiple standards different agencies use and the lack of a national strategic approach to public sector cyber practices. "Current approaches are fragmented and having limited impact, so a concerted national effort is needed, underpinned by major strategic changes in approach," it says. 

The report recommends the current array of supplier standards be simplified to a single set that enables suppliers to provide multiple levels that can be used for different risk levels and allows suppliers to demonstrate progress and enhanced levels of security.

On testing and certification, the report says a quick win would be to set up a centralised library of evaluations conducted by individual departments, so other departments can reuse work already done.Requiring providers to have mandatory cyber insurance would ensure security risks are effectively factored into supplier quotes. This would be similar to the current requirements government have for suppliers to have liability insurance.

Publication of the ASPI report coincides with a significant new investments in national cyber security by the Australian Government following a barrage of state-sponsored attacks on business and other infrastructure, which are widely attributed to China. 

Channel News:   Australian Financial Review:     McKinsey:         FireEye:     Information Commissioner:      Fortinet

You Might Also Read:

Wanted: International Cyber Standards:

 

« Latest Cyber Security Threats & Trends: 2020 In Review
A Hospital Hack Caused A Patient To Die »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Marsh

Marsh

Marsh is a global leader in insurance broking and risk management and has been a leader in combatting cyber threats since their emergence.

Sopra Steria

Sopra Steria

Sopra Steria is a leading European information technology consultancy.

Disklabs

Disklabs

Disklabs are industry leaders in data recovery, digital forensics and data erasure.

Exostar

Exostar

Exostar is the cloud platform of choice for secure enterprise and supply chain collaboration solutions and identity and access management expertise.

WetStone Technologies

WetStone Technologies

WetStone develops software solutions that support investigators and analysts engaged in eCrime Investigation, eForensics and incident response activities.

RedSeal

RedSeal

RedSeal’s network modeling and risk scoring platform is the foundation for enabling enterprise networks to be resilient to cyber events.

NSIDE Attack Logic

NSIDE Attack Logic

NSIDE Attack Logic simulates real-world cyber attacks to detect vulnerabilities in corporate networks and systems.

NSHC

NSHC

NSHC is a provider of mobile security solutions, cyber security consulting and training, and offensive research.

National Cyber Security Centre (NCSC) - New Zealand

National Cyber Security Centre (NCSC) - New Zealand

The role of the NCSC is to help New Zealand’s most significant public and private sector organisations to protect their information systems from advanced cyber-borne threats.

Asvin

Asvin

Asvin provides secure update management and delivery for Internet of Things - IoT Edge devices.

Jobsora

Jobsora

Jobsora is an innovative job search platform in the UK and more than 35 other countries around the world. Sectors covered include IT and cybersecurity.

Netsurion

Netsurion

Netsurion powers secure and agile networks for highly distributed and small-to-medium enterprises and the IT providers that serve them.

Private Machines

Private Machines

Private Machines develops unique patent-pending technology protects cloud and data center workloads.

Trackd

Trackd

At trackd, we’re re-imaging vulnerability remediation for the benefit of the entire cyber security community. Automating Vulnerability Remediation without the Fear of Disruption.

Lodestone

Lodestone

Lodestone partners with clients to help them mitigate business and reputational risk, through our human-based, approach to cyber security, digital forensics and incident response.

SecureKloud Technologies

SecureKloud Technologies

SecureKloud is a global leader in the Cloud services arena. Our experience in cloud consulting and servicing for highly regulated industries extends more than a decade.