Strengthening Australia’s Cyber Security Regulations and Incentives

In September 2021, as a result of the Department of Home Affairs’ call for views against the ‘Strengthening of Australia’s Cyber Security Regulations and Incentives’ Discussion Paper, the OCSC lodged its submission and shared its evidenced based perspective on how to best address some of the gaps, challenges and opportunities in strengthening the Australian cyber security regulations and incentives environment:

In this submission we propose that Australia’s regulatory framework for cyber security and associated incentives are currently overly complex, sectoral, and generally not fit for purpose. Therefore, steps should be taken to remedy the current framework to ensure greater coherency. Reform should also be tailored towards providing a clear outline of cyber security best practices, resolving the current regulatory gaps, introduce measures of accountability, and finally, provide remedies. Overall, the workability of the current framework needs to be developed through repackaging, expansion in scope, and education.

Read the full submission.

Protecting Critical Infrastructure and Systems of National Significance

In September 2020 the OCSC and the OCSC CMM Ambassador team responded to the Australian Department of Home Affairs call for submissions on Protecting Critical Infrastructure and Systems of National Significance. With the underlying theme of ‘defining the new frontier’  The OCSC’s submission provided snippets of OCSC’s collective cybersecurity multi-dimensional subject matter expertise, their thoughts and various recommendations on actions and solutions.

Protecting what is critical to Australia’s sovereignty requires looking beyond our own borders to include our neighbours and partners. Setting clear parameters on what defines critical infrastructure and what constitutes effective national security governance must be considered at a national and international level. Our submission provides specifically researched and referenced examples of where frameworks, definitional aspects and enhance information sharing could assist the government to achieve this objective. A starting point as articulated in our response to Question 24 would be to conduct a Cybersecurity Capacity Maturity Model for Nations (CMM) review for Australia to assess the technical and non-technical dimensions of Australia’s critical infrastructure assets related to cybersecurity, with a view to build an evidence base, independent from government and industry, around best-practice responses to advanced and persistent threats. This would add to the intentions of the Critical Infrastructure Program for Modelling and Analysis (CIPMA) and would provide the necessary research, threat, data and risk analysis required to provide a more detailed depiction of the threat environment and subsequently contribute to better policy outcomes.

Read the full published submission.

Critical Technology Supply Chain Principles

In November 2020 the OCSC responded to the Australian Department of Home Affairs call for submissions on Critical Technology Supply Chain Principles. OCSC’s subject matter experts, Carsten Rudolph, Iqbal Gondal and James Boorman addressed and informed various questions posed:

Governments need to play an important role in addressing the security of supply chain systems for critical processes such as critical technology and food security. However, it is not clear what the Government considers to be critical technology. It will be important to develop a clear definition with criteria and examples for determining what is considered critical technology. This definition should involve widespread consultation, though care must be taken to avoid an all encompassing definition which loses focus on protecting what is important. An unnecessarily strict regulation of supply chains stifles innovation and limits the ability of organisations to compete on a global scale.

Read the full submission.