Budget’s cybersecurity allocations welcomed as government focuses on fixing past mistakes

After a year in which Budget allocations focused on cybersecurity industry and capability development, that industry has cautiously welcomed the more targeted funding announced as the Turnbull government uses this week’s federal Budget for 2017-18 to respond to a series of government IT-security disasters.

Industry enthusiasm focused on the $10.7m allocation, over the next four years, for the creation of the new Cyber Security Advisory Office (CSAO), an inter-agency security which will sit inside the Digital Transformation Agency (DTA) to provide “strengthened central governance and assurance for cyber security and broader project vulnerability across government”.

The investment – which, the Budget papers note, are a response to recommendations in the Review of the Events Surrounding the disastrous 2016 eCensus, “validates the country’s commitment to improving our infrastructure and should be welcomed by all,” Tenable Security APAC vice president Gary Jackson said in a statement. “The rapid pace of tech innovation has left organisations and the government exposed to threats and vulnerabilities.”

“It’s important that we continue to prioritise cybersecurity. This means making smart investments and deploying the right tools to ensure organisations understand and reduce their level of exposure and cyber risk.”

Other cybersecurity-related allocations were focused on specific projects, with the DTA’s GovPass user-authentication framework getting unspecified funding. A $26.7m commitment to ‘managing national security risks in critical infrastructure’ is likely to have a cybersecurity component, given the widespread recognition that cybersecurity vulnerabilities represent a clear and present danger to critical infrastructure. Australia, in particular, has been criticised by being well behind the curve when it comes to preventing cybersecurity compromises of critical infrastructure.

Simon Howe, ANZ director of sales with LogRhythm, was among those welcoming the infrastructure-security commitment. “As major security breaches in Australia continue to dominate headlines, it has become critical that government take the threats to business and the country’s key infrastructure installations seriously,” he said in a statement.

“The current political turmoil taking place globally means that cyber attackers are now well equipped to target the country’s critical infrastructure including power stations, water treatment facilities, communication hubs. Robust security initiatives need to be developed and implemented urgently and the government’s interest and investment in this space is to be applauded.”

Other major allocations were focused squarely on the biggest government IT cybersecurity embarrassments of recent years. This includes an unspecified amount of funding for “improved security and resilience” at the Bureau of Meteorology, which was compromised in late 2015, as well as $600,000 in supporting funding for enabling organisations including the DTA and Department of Finance.

Other major allocations included modernisation projects for Medicare and the Department of Immigration, and a $129.6m commitment in a Public Service Modernisation Fund – designed “to support [agencies’] transition to more modern and sustainable operating models” that will necessarily include improvements in security and risk management.

The new Budget also includes additional enforcement funding for the Australian Federal Police, whose role in cybersecurity enforcement continues to grow.

The new commitments bolster the investments made last year to consolidate government and academic cybersecurity research capability, as well as progressing with efforts to improve reporting and transparency of cybersecurity vulnerabilities. The latest funding will drive projects in a climate of higher visibility set by the impending Notifiable Data Breaches (NDB) regime.

“The Government’s commitment in its Budget outline to a substantial investment to be made in cyber security and ongoing digital innovation is to be commended,” noted ASI Solutions director Justin Lowe. “As digitisation of every function continues to gather pace and IoT, mobility and the cloud becomes accessible to more Australians, it is it is critical that the Australian government is seen to take a lead and send out a message to the global market that Australia is a nation that embraces innovation and change, and should be considered by business as an opportunity for substantial investment.”