Cyber security is a never-ending journey

Building Australia’s defensive and offensive cyber capability is crucial to protecting our economic and security interests.  

Cyber security has become a cross-cutting issue for government, private sector organisations and the not-for-profit sector.  

Every organisation uses technology – whether in service delivery, product development, manufacturing or in a multitude of other instances.

However, many companies don’t fully appreciate how tech heavy they actually are.  

Indeed, technology is one of the few factor areas where organisations can gain significant productivity benefits.

Not every organisation realises this and subsequently, not enough have a technology strategy.  

Without a roadmap on how and where to invest in new and emerging technologies, it’s difficult to consider the cyber security package which will enable the use of such enabling technology in a safe, secure and trustworthy way.

A cyber security strategy needs to place resilience from cyber attack at its core.

Thinking people and systems can be fully protected is a misnomer.  

Cyber security is a never-ending journey where acknowledgement is needed that a desired state of protection can never be maintained.

Cyber attacks, whether by nation-state actors or serious and organised criminals, are constantly being directed at a range of computer networks, including government systems.

Effectively securing these systems, and the data within them, is therefore a matter of national security and sovereignty.

As evidenced by the projects arising from the federal government’s cyber security strategy, strengthened partnerships among all levels of government are essential in order to deliver a comprehensive cyber security strategy for Australia.

Much work needs to be done in concert with state and territory counterparts to ensure the provision of essential services whose delivery is dependent on the safe and secure operation of their cyber systems.

Government has a clear leadership role, but the wider commercial ecosystem, the not-for-profit sector and all consumers need to foster innovation to detect and address cyber threats.

A key part of securing our digital assets is in training and education.  

While all internet users need the tools and techniques to become good digital citizens, ensuring their own (and those they transact with) good user experiences, we also need to focus on providing high-end technical training to those designated to protecting Australia’s critical infrastructure.  

Much of the hardware and software originally developed to facilitate our interconnected digital environment has prioritised efficiency, cost and the convenience of the end user.

Unfortunately, security is often an after-thought and in some instances not thought of at all.  

While a utopian view is to ensure vulnerabilities are discovered and addressed during design and manufacture, we need a large cohort of specialists who can identify hardware and software weaknesses in existing systems.

Such technical training needs to focus on all aspects of the internet beyond traditional computers and mobile phones into “smart” systems, sensors the broader ‘internet of things’ and critical infrastructure protection.

This includes internet enabled systems and technologies which underpin our daily lives, such as power grids, air traffic control systems, satellites, medical technologies, industrial plants and traffic lights.

Through training and education, UNSW Canberra Cyber is working to combat threats to national security, the economy and the safety of individuals due to the exploitation of information systems and the proliferation of social media platforms.

Organisations also need to have a broader commitment to the online eco-system.  

It is one thing ensuring their own information, networks and staff are protected from online threats, but much more work needs to be done to protect all consumers.  

If a customer has their trust and confidence diminished through a bad online user experience, then they will be reticent to perform other online transactions.

This is to the detriment of all organisations, whether it be online delivery of government services, e-commerce transactions or simply information portals.

For many organisations a cyber incident will be inevitable, so planning for incident response is of equal importance to other technical measures, such as penetration testing and patching; and non-technical measures, such as privacy policies.

The organisations which win in the future will use technology to provide the goods and services consumers want in an efficient manner.  

Those organisations will only continue to win if they embed online trust, safety and confidence into all their processes.

Trust and safety through cyber security will become the economic and security currency for Australia.

​Nigel Phair is director of UNSW Canberra Cyber.