Cyber Security Should Be A Mandatory Requirement

The role of Government  in cyber security is growing as the global demand and dependency on the Internet and Internet-connected devices continue to increase. With increasing threats and fewer opportunities to fail, governments must rise to the challenge to protect both national security and economic prosperity.  

The process most governments use when creating regulations and laws encourages debate, argument, the careful examination of all sides of an issue, and the development of bartered consensus between groups with differing needs and opinions.  This model has been very successful at promoting economic success, however, it is less effective at regulating highly dynamic issues like cybersecurity.  

Networks, devices, applications, and services are changing at an exponential rate.Users and organisations are wrestling with threats on devices that didn’t even exist 18 months ago and trying to codify cybersecurity regulations is aiming at a moving target. In western democracies, the last 20 years have been characterised by wide-scale deregulation and privatisation, with much national critical infrastructure, in sectors such as energy, transport, finance and medicine, now in the hands of the private sector. 

Adversaries constantly target these critical infrastructure sectors, with security threats potentially causing both cascading and crippling effects regionally, nationally, and even internationally, as a result of the increased interconnectedness and interdependency in our society. 

Cyber security should be a mandatory government procurement requirement to create an industry-wide standard and lift cyber resilience across the economy, according to a significant new report.

The report, commissioned by the Australian Strategic Policy Institute (ASPI), calls for federal and state governments to strategically use their $20 billion annual technology expenditure to create a effective benchmark for improved cyber security and hardened supply chains. 

The Report recommends unification of standards; a sandbox or testing environment to enable small business to test and certify their offerings; the adoption of cyber insurance; and the building of sovereign capability by encouraging Australian providers. "Australian governments are the nation's largest spenders on ICT, Information and Communications Technology, but they're failing to maximise the leverage that market power gives them to drive improved cyber security and more secure supply chains," it concludes.

Wanted: A Strategic Approach

The ASPI report highlights the multiple standards different agencies use and the lack of a national strategic approach to public sector cyber practices. "Current approaches are fragmented and having limited impact, so a concerted national effort is needed, underpinned by major strategic changes in approach," it says. 

The report recommends the current array of supplier standards be simplified to a single set that enables suppliers to provide multiple levels that can be used for different risk levels and allows suppliers to demonstrate progress and enhanced levels of security.

On testing and certification, the report says a quick win would be to set up a centralised library of evaluations conducted by individual departments, so other departments can reuse work already done.Requiring providers to have mandatory cyber insurance would ensure security risks are effectively factored into supplier quotes. This would be similar to the current requirements government have for suppliers to have liability insurance.

Publication of the ASPI report coincides with a significant new investments in national cyber security by the Australian Government following a barrage of state-sponsored attacks on business and other infrastructure, which are widely attributed to China. 

Channel News:   Australian Financial Review:     McKinsey:         FireEye:     Information Commissioner:      Fortinet

You Might Also Read:

Wanted: International Cyber Standards:

 

« Latest Cyber Security Threats & Trends: 2020 In Review
A Hospital Hack Caused A Patient To Die »

CyberSecurity Jobsite
Check Point

Directory of Suppliers

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Metasploit

Metasploit

Metasploit penetration testing software helps find security issues, verify vulnerabilities and manage security assessments.

Cyber Exchange

Cyber Exchange

Cyber Exchange provides a focal point for UK organisations connected with, or with an interest in, cyber security to connect, engage and collaborate.

Center for Cyber Safety and Education

Center for Cyber Safety and Education

The Center for Cyber Safety and Education works to ensure that people across the globe have a positive and safe experience online through our educational programs, scholarships, and research.

Tenfold Software

Tenfold Software

Tenfold is the unique, centralized platform for managing user and permissions efficiently and automatically.

Cyfirma

Cyfirma

CYFIRMA offers Cyber threat visibility and intelligence suite and services aimed at keeping your organization’s cybersecurity posture up-to-date.

Guardian Data Destruction

Guardian Data Destruction

Guardian Data Destruction provides a comprehensive suite of onsite e-data destruction services.

Socure

Socure

Socure’s identity verification increases auto approval rates, reduces false positives and captures more fraud. In real time.

FraudLabs Pro

FraudLabs Pro

FraudLabs Pro detects fraud and helps merchants to reduce e-commerce chargebacks by identifying high risk transactions.

Citadel Cyber Security

Citadel Cyber Security

Citadel is a leading 'One Stop Shop' provider of consulting services in cyber and information security. Our experts operate in hundreds of business organizations in Israel and around the world.

ESC - Enterprise Security Center

ESC - Enterprise Security Center

ESC is a system house specializing exclusively in IT security - Security Implementation & Optimization, Operations, Managed Security Services.

SignalFire

SignalFire

SignalFire invest across both enterprise and consumer sectors at the seed and early growth stages.

Sitehop

Sitehop

Sitehop is a cybersecurity technology company developing and supplying FPGA hardware-enforced cyber security solutions for networks.

BSS

BSS

BSS is a solutions and services business based in the UK with a focus on Cyber Security, Data, Financial Crime, Internal Audit, Change, Risk and Resilience.

Trovent Security

Trovent Security

Trovent was founded with a clear goal: to support medium-sized companies in significantly increasing their IT security level.

HYCU

HYCU

HYCU was born of the need to simplify data protection and provide equivalent levels of backup and recovery support across on premises, public cloud, and SaaS workloads.

SignPath

SignPath

SignPath provides leading-edge software and SaaS services that ensure code integrity from development to distribution.