Americas

  • United States

Asia

Oceania

David Braue
Editor at Large

Australian government doubles down on cybersecurity in new digital-forward budget

News Analysis
Oct 14, 20205 mins
CyberattacksGovernmentSecurity

The 2021 budget is heavy on tech and cyber support—but security specialists warn that increased digitalisation makes agencies, businesses even bigger targets.

Australia’s cybersecurity industry has responded warmly to a range of cybersecurity budget investments, which will be even more important as the federal government doubles down on digital transformation to speed recovery from the COVID-19 pandemic’s economic disaster.

Billed as an Economic Recovery Plan for Australia, the country’s annual budget for 2020-21—delivered several months later than usual in a reflection of major disruption that saw the government invest $299 billion in support measures—which will increase to $507 billion with the new measures announced in the budget.

Chief among these is a formal JobMaker Digital Business Plan, an $800 million allocation that includes a host of modernisation programs that, Prime Minister Scott Morrison said in announcing the funding, has been designed to directly support widespread digital transformation efforts.

“Many businesses moved online quickly when the pandemic hit, undergoing a decade of change in months, finding new customers or new ways of doing things,” Morrison said, noting that the package—which removes “out-dated regulatory barriers” as well as backing technology update and boosting small-business capabilities—“provides significant backing to continue that digital push and expanded opportunities for businesses to grow and create more jobs.”

Digital investments focus of the 2021 budget

Specific initiatives outlined within the funding include a $256.6 million Digital Identity system that would streamline interaction with government services and, eventually, private-sector entities; $419.9 million to finalise the Modernising Business Registers (MBR) program for consolidating business registry data; and $28.5 million in additional support for extending the Consumer Data Right (CDR) to banking and energy sectors.

The industry group the Australian Information Industry Association (AIIA) was rapt about the new investments, which also included separate initiatives such as supporting startups in and out of cyber by reversing proposed cuts to R&D tax incentives and tackling the IT skills gap through expanded support for the Women in STEM and Entrepreneurship program.

“It is pleasing that the Morrison Government clearly understand that digital investments are critical to our economic recovery and sustainability through creation of employment and stimulus through spending on projects,” AIIA CEO Ron Gauci said in a statement welcoming the “historic” budget.

Despite its many benefits, Gauci added, the investments—including an additional $1.7 billion in cybersecurity program funding—still need to be complemented with additional investments to address “important skills shortages in key ICT roles” that “support our digital transformation and digital sovereignty.”

Greater digital infrastructure will require better cybersecurity

The announced budget programs seem more focused on supporting the creation of foundational capabilities that will support greater digital interaction with government bodies—eventually extending to the private sector in a move that will effectively deliver a national foundation for digital interaction.

Identity-based initiatives will be particularly important in maintaining governance and data protection, but their higher profile during the nationwide COVID-19 recovery is likely to also make them high-profile targets for cybercriminals, who have shown great alacrity in exploiting the major workforce and operational changes of the past eight months.

Working to head them off, the budget also includes an additional $201.5 million to support its $1.7 billion 2020 Cyber Security Strategy, and $300.2 million to bolster Australian Federal Police capabilities around cybersecurity.

That strategy—which includes $470 million to bolster the country’s cybersecurity workforce on top of $1.4 billion for government security efforts—“will put our nation on the front foot in combatting cyberthreats,” said Minister for Defence Linda Reynolds as the budget measures were made public.

Noting that “malicious cyberactivity against Australia is increasing in frequency, scale, and sophistication,” she said, “our investment in a cybersecurity workforce will help ensure we have the people we need to meet future cyberchallenges.”

The current measures build on the government’s previously announced $1.4 billion Cyber Enhanced Situational Awareness and Response (CESAR) package, which includes a raft of measures to improve Australia’s strategic cybercapabilities.

Yet for all its investment in Australia’s digital-led renaissance, some industry figures argued that the government should have done more to help Australian small and medium businesses improve their cybersecurity positioning.

“With an increase in digital connectivity comes an increase in the likelihood of cyberattacks,” warned Commvault ANZ vice president of sales David Rajkovic, who said the government’s $8.3 million two-year investment in [small and medium business] cybersecurity resilience is “not enough to protect the backbone of Australia’s economy”.

“While it’s great to see the government’s significant investments to [help] Australian businesses access the tools and awareness training required to effectively reduce the risks of cyber threats,” he said, “the government could have done more to support Australian [small and medium businesses] if they ever face a cyberattack.”

Scott McKinnel, ANZ country manager at Tenable, was quick to point out that businesses had long ago run out of excuses for poor cyberhygiene—and that their past performance would be tested as digital-first business came to the forefront. “As organisations transition further into digital,” he said, “it’s critical to remember that most cyberattacks occur because the basics aren’t taken care of. … So whilst the onus still rightly remains on businesses to protect themselves, basic steps, such as taking a risk-based approach to vulnerability management, can ensure that organisations make the most of these new digital opportunities without reinventing the wheel on security.”