The Prime Minister’s new Cyber Resilience Taskforce has hosted its first workshop in Canberra for a group of representatives from companies, industry associations and government.
Taskforce lead Sandra Ragg says the group will try to combine “leadership and partnership” roles as it rapidly works toward the goals of generally improving the ability of organisations across the country to respond to cyber attacks. It is clear the PM wants practical outcomes as soon as possible.
“We kicked off with a workshop involving a broad range of cyber security stakeholders from industry, government and community support groups to help us define the issues and develop ideas,” reports Ragg, who also heads up the Office of the PM’s special cyber-advisor, Alastair MacGibbon in the Department of the Prime Minister and Cabinet.
“We have a lot of ground to cover before the end of September when we are due to report. But we’ve been overwhelmed by the support of stakeholders from across the cyber security community including from companies and organisations that want to see Australia build its national cyber resilience.
“Cyber security is an issue of social development and economic prosperity: to maximise the enormous benefits of the Internet as part of a technology-driven future for Australia we must have trust and confidence in our online interactions.”
The new taskforce is still finalising its plans and recruiting new members, according to a report from its inaugural “cyber security sprint” that was held on June 22 in Canberra, and its first job will be to produce a series of “threat scenarios” for all kinds of organisations:
“A collaboration between the Office of the Cyber Security Special Adviser, the Australian Cyber Security Centre (ACSC) and a range of industry volunteers, the threat scenarios will cover a broad range of threat actors, consequence impacts and stakeholder engagement dimensions.
The scenarios will be used for workshops with both public and private sector stakeholders and will simulate the multidimensional nature of cyber incident response. This will include the testing of response protocols, incident assessment frameworks, and communications strategies.”
MacGibbon’s team say the taskforce “will need to do its work with great agility and create an environment that enables active participation and collaboration” and it is very open to ideas, opinions, advice and other forms of support:
“We welcome views from government and private sector on how we can best achieve the Taskforce goal to deliver fast action to improve Australia’s capability and response to cyber security and cybercrime threats and incidents. This might be through part time resources, hosting or participating in workshops or through sharing of cyber security incident management tools and strategies.”
Announcing the establishment of the body in June, Malcolm Turnbull said the massive global outbreak of WannaCry ransomware was a “wake-up call” showing how widespread the risks are to all sorts of organisations — and that was before it was followed by the Petya outbreak.
— Cyber Security (@CyberGovAU) July 13, 2017
It’s not clear exactly who the participants were, except that they got involved via the Australian Information Industry Association. There were “over 30 companies, industry association and government representatives” present at PwC’s Canberra office and they focused on “issues and ideas” as well as future directions and priorities, according to the PM&C report, which encourages anyone else who wants to get involved to email the taskforce directly. At the workshop:
“Central themes were the importance of leadership, knowledge sharing, scale and pace of reach, capability uplift, and clear communications to effectively respond to the full range of cyber security and cybercrime threats facing Australia. Future workshops will provide an opportunity to focus in greater detail on the identified themes and translate ideas into practical initiatives.”
A spokesperson for the department said “a range of stakeholders, influencers and thought leaders from across the cyber security community in the Commonwealth and state government and the private sector, along with the broader business community” were invited by MacGibbon’s office.
“Invitations were based on our network of existing relationships and advice from peak bodies,” the spokesperson said.
“This early engagement was just the start. We have members of the private sector as well as government on our core review team, and we will be looking to host workshops and test ideas and products to access as broad a range of thinking as possible, while keeping the approach agile and practical.”
There will be “further similar opportunities for others to input” at some point. Taskforce members and their “private and public sector partners” will be revealed soon, according to Ragg, and she suggests following PM&C’s cyber security Twitter account, checking the department’s website and keeping an eye out for a fortnightly newsletter.