The government's recent launch of the national Cyber Security Strategy (CSS) left few surprises for this week's 2016-17 Budget, but clarification around where the $230m in funding will come from did highlight the relative priority of cybersecurity to the variously involved arms of the government.
Detailed Budget expense measures showed the Attorney-General's Department will carry the brunt of the expense around implementation of the CSS, with funding of $12.8m in the 2016-17 financial year increasing to $17.4m, $17.7m, and $18.3m in subsequent years.
This expenditure includes $47.3m to establish Joint Cyber Threat Centres and an online threat sharing portal; $21.5m to expand Computer Emergency Response Team (CERT) Australia; $10m for a cyber-security awareness campaign to replace the long-running Stay Smart Online program; $1.6m to develop national good-practice guidance around cybersecurity; $2m to expand the government's exercising program for cyber incidents; and a cost-recovery system for delivering cybersecurity 'health checks' for ASX100-listed companies.
This was well ahead of the contributions by the Australian Crime Commission ($1.7m, $4.8m, $4.4m, and $4.4m) and Australian Federal Police ($3.1m, $5.3m, $5.4m, $5.4m) – which will both use the funding the bolster their ability to fight cybercrime.
The Department of Education and training will contribute $900,000 next year, $800,000 in each of the two following yeasr, and $900,000 in 2019-20 – supporting the establishment of up to six academic centres of cybersecurity excellence. The Department of Industry, Innovation and Science's (DIST's) contribution of $700,000 next year and $600,000 in 2017-18 will surge to $5.4m in 2018-19 and $8.2m in 2019-20. This expenditure will see DIST expanding the Council of Registered Security Testers (CREST) Australia.
DFAT will also spend $2.7m over four years to establish a Cyber Ambassador within its department, while Official Development Assistance will provide $4m for “cyber capacity building projects in the Indo-Pacific Region”. Despite the Budget's relatively conservative design, firm funding commitments for cybersecurity initiatives reflect the Turnbull government's prioritisation of the area and a commitment to genuine action that will, Mailguard CEO Craig McDonald says, see the CSS driving “easier conversations” between cybersecurity-related private and public sector organisations.
“What a fantastic initiative that [Turnbull] is putting forward,” McDonald told CSO Australia. “It's a fantastic opportunity for innovative companies in Australia to take a fully colaborative approach to closing the gap around cybersecurity. It is an absolute giant step from where we were before.”
CSS-related funding also includes $51.1m for the Department of Defence, which will spend $38.8m to relocate the Australian Cyber Security Centre to a “more flexible facility for public-private engagment”; $11.0m on identifying vulnerabilities in government systems; and $1.3m to conduct cyber security assessments for Commonwealth entities.
Other IT-related investments outlined in the budget include $24.8m on building a business case for veteran-centric reform and $23.9m to improve processing systems at the Department of Veterans' Affairs; $12.4m to upgrade tendering and procurement systems around the implmentation of the Trans-Pacific Partnership (TPP) trade agreement; $3.5m to help the Department of the Environment upgrade critical regulatory workflow systems; $39.2m to upgrade ASIC's industry-monitoring systems; The Budget also allocates an unspecified amount of money for “improved data and service supporting supercomputer capability” at the Bureau of Meteorology, which was hit by a serious cybersecurity breach late last year.