In a world where cyber attacks are multiplying, and where whole cities being taken hostage by hackers is longer science fiction, many of the government agencies are struggling to achieve the absolute minimum.The current approach of allowing each agency to make its own cyber decisions is not working. At the moment, many haven’t even implemented the Australian Signals Directorate’s Essential Eight, a list of mitigation strategies developed by government as a minimum standard – there are 35 in total.
What’s specially unfortunate about the inability to implement the ASD Essential Eight is that these recommendations, in large part, are simple. Patching applications? Restricting administrative privilege? Multi-factor authentication? These are some very basic protections without which you would not be able to turn on a government computer without them.Is it any surprise then that some of the best minds in Australian cyber security, true professionals tasked with raising Australia’s cyber posture, have resigned?
If we look to our near neighbour Singapore and farther to the US our federal government’s complete lack of a cyber strategy looks even more inadequate.In recent years, Singapore has strengthened its critical information infrastructure, developed a vibrant cybersecurity ecosystem, forged international cyber partnerships, and mobilised the business community.
In US, the government released a comprehensive cyber strategy that includes plans for building a workforce that is educated and able to respond to cyber threats