The government will frame a revised cyber security strategy later this year around six “cyber shields” it plans to build as a multi-layered defence against attacks.

Government to create six "cyber shields" to layer Australian protection

Home Affairs Minister Clare O’Neil unveiled the structure at an AFR Cyber Summit on Monday.

O’Neil described the shields as being built “around our nation” and as being elements of a “cohesive, planned national response that builds to a more protected Australia.”

The first shield is to raise awareness among citizens and businesses on a mass scale – so they “understand that they actually do have the power to protect themselves.”

“By 2030, what we want is citizens and businesses who understand the cyber threat, understand those actions that they can take to protect themselves and have proper support in place so that when they are the victim of cyber attack they’re able to get back up off the mat very quickly,” O’Neil said.

The second shield, as described by O’Neil, appears to be a minimum cyber security standard for digital products, and/or an enforcement of secure-by-design principles.

“Why do we continue to allow digital products for sale in our country when the makers of those products sometimes know them to be cyber insecure? We would never accept this from any other type of consumer product,” O’Neil said.

“In 2030, our vision for safe technology is a world where we have clear global standards for digital safety in products that will help us drive the development of security into those products from their very inception, a world where just as you can’t go into a car yard and buy a car that will not be safe to use, when you buy a digital product on sale in our country we know that it’s safe for you to use.”

O’Neil said the third “cyber shield” is “world-class threat sharing and threat blocking.”

“In some ways I see this as a real key to making the change that we need to make in this country, and it’s – to me – one of the most exciting parts of the strategy,” she said.

“By 2030, we envision a world where threat intelligence can be exchanged between government and business at real-time machine speed and then threats blocked before they cause any harm to the Australian population.

“There’s a lot of inspiring, interesting work to be done here and a lot of things that we can do in the short term about it.”

The fourth “shield” is about access to critical infrastructure, including that which is government-owned. No detail was provided here, but the express aim is for an uplift in cyber defence posture.

The other “shields” are about building domestic capability, particularly a pipeline of skills, and striking close alliances globally through which unspecified “action” may be coordinated, though it seems that is mostly preventative, related to building resilience.

O’Neil said more detail on the “shields” would be provided when the cyber security strategy is released, anticipated to be sometime before the end of the year.

‘Horizons’ for action

She added that with a 2030 horizon for the strategy, a critical element will be what happens in the first stage of execution.

“What’s actually really hard is what does the next two or three years look like?” she said. 

“We can see a world of 2030 where we’ve got AI and machine learning running real-time exchanging of threat sharing and threat blocking – that’s an exciting vision.

“But what I care about is my job – to protect Australians today, tomorrow and the next day in this problem. And that’s why we’ve pushed really hard to be specific [in the strategy].”

She suggested that the strategy execution would be broken into several “horizons” – the first of which would run through to 2025.

“As the cyber challenge reshapes, we will take stock and each two years [we’ll] build out the next phase of this plan that will ultimately see the country surrounded by these six firm shields of protection,” O’Neil said.

“If we push as hard as we have over the last year all the way up until 2030 I truly and genuinely believe that our country will be a world-class cyber security nation by 2030.”