《澳大利亞政府：2023-2030澳大利亞網絡安全戰略報告（英文版）（64頁）.pdf》由會員分享，可在線閱讀，更多相關《澳大利亞政府：2023-2030澳大利亞網絡安全戰略報告（英文版）（64頁）.pdf（64頁珍藏版）》請在三個皮匠報告上搜索。

1、20232030Australian Cyber Security Strategy Commonwealth of Australia 2023With the exception of the Commonwealth Coat of Arms,all material presented in this publication is provided under a Creative Commons Attribution 4.0 International license at https:/creativecommons.org/licenses/by/4.0/legalcode.T

2、his means this license only applies to material as set out in this document.The details of the relevant license conditions are available on the Creative Commons website at https:/creativecommons.org/as is the full legal code for the CC BY 4.0 license at https:/creativecommons.org/licenses/by/4.0/leg

3、alcode.Use of the Coat of Arms The terms under which the Coat of Arms can be used are detailed at the Department of the Prime Minister and Cabinet website https:/www.pmc.gov.au/government/commonwealth-coat-arms.Contact us Enquiries regarding the licence and any use of this document are welcome at:De

4、partment of Home Affairs PO Box 25 BELCONNEN ACT 2616P-23-02503-a20232030Australian Cyber Security StrategyContentsMinisters foreword 4Executive summary:Our 2030 Vision 6Strategic context 11Why we must act now 12Why Australia has an opportunity to lead 13Our Strategy 15Shield 1:Strong businesses and

5、 citizens 161.Support small and medium businesses to strengthen their cyber security 182.Help Australians defend themselves from cyber threats 193.Disrupt and deter cyber threat actors from attacking Australia 204.Work with industry to break the ransomware business model 225.Provide clear cyber guid

6、ance for businesses 236.Make it easier for Australian businesses to access advice and support after a cyber incident 257.Secure our identities and provide better support to victims of identity theft 26Shield 2:Safe technology 288.Ensure Australians can trust their digital products and software 299.P

7、rotect our most valuable datasets 3110.Promote the safe use of emerging technology 32Shield 3:World-class threat sharing and blocking 3411.Create a whole-of-economy threat intelligence network 3512.Scale threat blocking capabilities to stop cyber attacks 37Shield 4:Protected critical infrastructure

8、3813.Clarify the scope of critical infrastructure regulation 4014.Strengthen cyber security obligations and compliance for critical infrastructure 4115.Uplift cyber security of the Commonwealth Government 4216.Pressure-test our critical infrastructure to identify vulnerabilities 44Shield 5:Sovereign

9、 capabilities 4617.Grow and professionalise our national cyber workforce 4718.Accelerate our local cyber industry,research and innovation 50Shield 6:Resilient region and global leadership 5219.Support a cyber resilient region as the partner of choice 5320.Shape,uphold and defend international cyber

10、rules,norms and standards 55Next steps:Implementation and evaluation 57How we will ensure we are on track to deliver 57Appendix A:List of acronyms 5920232030 Australian Cyber Security Strategy3 Ministers forewordThe Hon Clare ONeil MPMinister for Home Affairs|Minister for Cyber SecurityCyber securit

11、y is an urgent national problem,and we need to act now.After a decade of malaise,Australia has fallen behind.For too long,Australian citizens and businesses have been left to fend for themselves against global cyber threats.Cyber security touches the lives of every Australian.Over the past 18 months

12、,millions of Australians have been affected by devastating cyber incidents.On average,one cybercrime is reported every 6 minutes,with ransomware alone causing up to$3 billion in damages to the Australian economy every year1.And,we have good reasons to believe that the threat is going to continue to

13、grow.Artificial intelligence and machine learning will bring new kinds of risk.The Internet of Things will lead to billions of additional devices being connected to the Internet,opening new scope for cyberattack.And,our geopolitical environment is the most challenging we have faced since the Second

14、World War.We must not forget that cyber security is also a big opportunity for our country.The global cyber industry is massive and it is growing rapidly,and it is here to stay.If we play it right,Australia is uniquely placed to create well-paid jobs for Australians and products that we can export a

15、ll over the world.Over the last 12 months,I have engaged hundreds of business leaders,community representatives and cyber experts within Australia and from around the world.I have stepped into the security operations centres of some of the biggest Australian companies.I have spoken with small busine

16、ss owners,universities,not-for-profits,and community leaders.The one thing I have heard consistently is that Australians are demanding action on cyber.It is time for real and meaningful change.Thats why the Albanese Labor Government is launching the 2023-2030 Australian Cyber Security Strategy.This

17、Strategy sets out our bold vision for Australia to be a world leader in cyber security by 2030.Our Strategy will change the game for Australias cyber security.Under the Strategy,we are building six cyber shields to help defend our citizens and businesses from cyber threats.Each shield provides an ad

18、ditional layer of defence,making Australia a harder target.But were not only reinforcing our defences.Were also investing in national cyber resilience,so we can bounce back when we get hit.And were fighting back,deploying Australias leading cyber capabilities to put malicious actors on notice.We are

19、 rallying our international network of cyber guns to help break the business model of ransomware and cybercrime.1.ASD(2023).ASD Cyber Threat Report 20222023.20232030 Australian Cyber Security Strategy4 Our Strategy calls for a new era of collaboration on cyber in Australia.Were leading by example,pr

20、oducing a strategy that defines a clear vision for both domestic and international cyber security for the first time.We want to remain the security partner of choice for nations in the Pacific family.Weve consulted closely with our regional partners to understand their unique cyber challenges.Weve h

21、eard from Pacific Islands that digitisation and connectivity are key parts of their economic development strategies,but also increase the cyber risks they face as nations.Consultation is at the heart of this Strategy.Input from thousands of experts,businesses and citizens across nearly every sector

22、of the economy have contributed to this plan.In December 2022,I appointed an Expert Advisory Board to guide the development of the Strategy chaired by Andrew Penn AO,former CEO of Telstra,with Rachael Falk,CEO of the Cyber Security Cooperative Research Centre,and Mel Hupfeld AO DSC.The Board authore

23、d a Discussion Paper which received over 330 written responses.I am deeply grateful for the stewardship of the Board,and for their immense contribution to the Strategy.Cyber security requires government and big business to lead.From today,we are shifting more of the cyber risk to those who are most

24、capable.We are holding industry to higher standards to protect our devices,our data,and our critical infrastructure.For the first time,Government will hold itself to the same standard it expects of industry.The strategy is bold and ambitious and it has to be.Because one thing is abundantly clear fro

25、m whats happened to our cyber environment in the last five years:we simply cant continue as we are.We need to push harder,we need to get in front of this problem,and for the first time,Australias Cyber Security Strategy will help our country do just that.The Hon Clare ONeil MP Minister for Home Affa

26、irs and Cyber Security20232030 Australian Cyber Security Strategy5 By 2030,Australia will be a world leader in cyber security.We envisage a future where stronger cyber defences enable our citizens and businesses to prosper,and to bounce back quickly following a cyber attack.To achieve our vision,we

27、need to protect Australians.We will do this with six cyber shields.Each shield provides an additional layer of defence against cyber threats and places Australian citizens and businesses at its core.Throughout the period covered by the 20232030 Australian Cyber Security Strategy(the Strategy),the Au

28、stralian Government will work with industry to reinforce these shields and build our national cyber resilience.Figure 1:Cyber shieldsExecutive summary:Our 2030 VisionStrong businesses and citizensResilient region and global leadershipSovereign capabilitiesProtected critical infrastructureWorld-class

29、 threat sharing and blockingSafe technology12345620232030 Australian Cyber Security Strategy6 Our cyber shieldsStrong businesses and citizensOur citizens and businesses are better protected from cyber threats,and can recover quickly following a cyber attack.1Safe technologyAustralians can trust that

30、 their digital products and services are safe,secure and fit for purpose.2World-class threat sharing and blockingAustralia has access to real-time threat data,and we can block threats at scale.3Protected critical infrastructureOur critical infrastructure and essential government systems can withstan

31、d and bounce back from cyber attacks.4Sovereign capabilitiesAustralia has a flourishing cyber industry,enabled by a diverse and professional cyber workforce.5Resilient region and global leadershipAustralias region is more cyber resilient,and will prosper from the digital economy.We will continue to

32、uphold international law and norms and shape global rules and standards in line with our shared interests.620232030 Australian Cyber Security Strategy7 We need to act now.Cyber security touches the lives of every person in the country.Australia is an attractive target for cyber criminals;over the pa

33、st year,millions of Australians have had their personal data stolen and released online.Emerging technology is changing our digital landscape,with the rise of artificial intelligence(AI)and quantum computing creating new opportunities and challenges for cyber security.The stakes in protecting our pe

34、ople and businesses have never been higher.Cyber security presents rich opportunities for Australia.Cyber security is not just about defending ourselves against threats its critical to support the rapid adoption of new technologies,boosting productivity and growing the digital economy.Cyber security

35、 presents a thriving and growing business opportunity for our country.An investment in our cyber security is an investment in our economic security.If we act quickly,Australia can take advantage of the opportunity to turbocharge our tech sector and create prosperity for our citizens.We can become a

36、global leader in cyber technologies and be recognised as a top destination of choice for cyber talent.Our strategy will put Australia in the fast lane for cyber research,innovation,and entrepreneurship.By 2030,Australia can lead the cyber frontier.Australia is uniquely placed to capture this opportu

37、nity.Although theres a lot of work to do,we are starting from a position of strength.Australia has an extensive track record of trailblazing legislative reform.From our workplace health and safety reforms to our tobacco plain packaging laws,Australia has continuously set global standards for public

38、safety.But regulation is not the only solution weve also got strong cyber offensive capabilities,led by the Australian Signals Directorate(ASD)and the Australian Federal Police(AFP).Our world-class research and education institutions will allow Australia to become a global leader in cyber innovation

39、.Our tech sector is growing rapidly,enabled by the Governments once-in-a-generation reform of the migration system.Were supported by our deep and trusted partnerships across the globe,including strong relationships with our regional neighbours,Quad and Five Eyes partners.We will deliver our strategy

40、 across three horizons.The journey to achieve our 2030 vision requires multiple phases of work and ongoing collaboration between the Government and industry to uplift our cyber maturity.We will deliver our strategy in three phases:In Horizon 1(202325):we will strengthen our foundations.We will addre

41、ss critical gaps in our cyber shields,build better protections for our most vulnerable citizens and businesses,and support improved cyber maturity uplift across our region.In Horizon 2(202628):we will scale cyber maturity across the whole economy.We will make further investments in the broader cyber

42、 ecosystem,continuing to scale up our cyber industry and grow a diverse cyber workforce.In Horizon 3(202930):we will advance the global frontier of cyber security.We will lead the development of emerging cyber technologies capable of adapting to new risks and opportunities across the cyber landscape

43、.20232030 Australian Cyber Security Strategy8 We have a clear roadmap for delivery.Alongside the Strategy,we are releasing an Action Plan that outlines the initiatives that we will deliver in Horizon 1.The Action Plan details immediate actions that we will take as our first steps on the journey towa

44、rds our 2030 vision.It defines clear accountabilities for each initiative,identifying lead and supporting agencies.To ensure that we remain on track,the Government will continue to evaluate our progress and adjust our plan in response to new threats or emerging technologies.We will continue to engag

45、e with industry at every step.As part of Horizon 1,Government will work with industry to co-design a suite of landmark legislative reforms that will help us strengthen our cyber shields.This will include options for new cyber obligations,streamlined reporting processes,improved incident response and

46、 better sharing of lessons learned after a cyber incident.This package will be designed with careful consideration to minimise regulatory burden.As we want our laws to reflect expert advice and consider the needs of all Australians,we are kicking off a targeted co-design process before these changes

47、 are made.Our vision is bold and ambitious,but we have a plan to get there.Australians deserve gold-standard cyber defences and access to the vast economic opportunities that a strong cyber posture presents.This Strategy marks a significant shift in Australias approach to protecting our people and b

48、usinesses from cyber threats.By building and strengthening our cyber shields,Australians will work together to secure a safe and prosperous digital future.This Strategy charts our course to get there.20232030 Australian Cyber Security Strategy9 20232030 Australian Cyber Security Strategy10 20232030

49、Australian Cyber Security Strategy11 Strategic context20232030 Australian Cyber Security Strategy11 The cyber landscape is evolving quickly,but Australia has a unique opportunity to lead.Today,Australia faces a complex cyber security landscape.Australias economy is digital,and the continued adoption

50、 of safe and secure digital platforms,technologies and online services is critical for our nations productivity and future prosperity.However,cyber attacks are growing in number,speed and sophistication.The stakes are higher than ever before,with our most sensitive data and most vulnerable members o

51、f the community at risk.But we also have a unique opportunity to become a global leader in cyber security.Why we must act nowCyber attacks are accelerating faster than ever before,and we cant afford to wait any longer.Malicious activity targeting Australians through cyberspace continues to grow at a

52、n unprecedented rate,with cybercriminals and state-based or state-sponsored actors routinely targeting our networks and data.The industrialisation of cybercrime has made it easier than ever for malicious actors to steal valuable data,disrupt our systems and extort Australians for financial gain.Capa

53、bilities and skills that were once solely the domain of states are now available for purchase and hire by state and non-state groups.State-sponsored actors continue to use cyber operations to steal information and challenge our sovereignty.Criminals and states not only seek to exploit vulnerabilitie

54、s in our devices and people,but also disrupt critical infrastructure and government systems.As malicious actors grow in number,they are also taking advantage of more advanced tools.Critical and emerging technologies such as AI,quantum computing and biotechnology will revolutionise every aspect of Au

55、stralian life.They will create economic and commercial opportunities,improve the provision of government services,and enable better health outcomes.However,these technologies will also create new opportunities for malicious cyber actors.As our networks and systems become increasingly interconnected,

56、our attack surface will expand,allowing malicious actors greater opportunity to target Australians with scale and speed.Data that is safe today may not be tomorrow.Failing to defend our country from cyber attacks will have devastating impacts on our society and digital economy.As a prosperous countr

57、y with high online connectivity,Australia is a very attractive and profitable target for cybercriminals.Ransomware,cyber extortion,scams and digital theft all take a significant toll on Australian businesses and the community.The cost of cybercrime on Australian businesses is growing by up to 14%per

58、 annum 2.2.ASD(2023).ASD Cyber Threat Report 20222023.Strategic context20232030 Australian Cyber Security Strategy12 Why Australia has an opportunity to leadAustralia is not starting from scratch.We have a solid foundation on which to become a world leader in cyber security.It is on this foundation

59、that we have built our Strategy.One of Australias core strengths is our robust legislative system.Our strong legislative and regulatory frameworks will help enforce new cyber security standards,while our ability to quickly change these laws will help us adapt to meet our evolving cyber security need

60、s.From regulation of critical infrastructure under the Security of Critical Infrastructure Act 2018(the SOCI Act)to the protection of people,information and assets in the Australian Government under the Protective Security Policy Framework and associated state and territory arrangements,the Australi

61、an Government can access a suite of levers to enhance our national cyber security.We are well placed to enact further legislative reform to achieve real whole-of-society changes.Not only do we have strong laws,we also have strong defences.Australia has a wide range of intelligence,defensive and offe

62、nsive cyber capabilities to respond to serious cyber attacks.The ASD works across the full spectrum of cyber operations to defend Australia from global threats and advance our national interests.ASD acquires signals intelligence,provides proactive cyber risk advice and assistance,and may deploy offe

63、nsive cyber operations.These operations are designed to deter,disrupt,degrade and deny adversaries where consistent with ASDs existing legislative and oversight framework,in addition to domestic and international law.The AFP leads the investigation of serious and organised cybercrime activity impact

64、ing government,systems of national significance,or the wider Australian economy.The capabilities of ASD and AFP are also enabled by many other government agencies,industry leaders and community groups.This includes our world-class research,education and tech sectors,which are driving major technolog

65、ical advancements in cyber security and adjacent fields.Australia has many globally successful technology companies and strong research capabilities in critical technologies,including quantum,robotics and AI.Deep partnerships between academia,industry and government mean that we can afford to raise

66、our aspirations about what Australia can achieve.In our region,Australia is a trusted partner of choice.We place great value on a strong region and collective capacity building.We have strengthened cyber resilience in our region by supporting the establishment of national computer emergency response

67、 teams,assisting in the development of new or strengthened national cyber strategies and legislation,delivering awareness-raising campaigns promoting online safety,and advocating for global tech companies to take security and safety more seriously.Globally,Australia is a leading voice on cyber secur

68、ity.Through multilateral forums,we have demonstrated a long-standing commitment to upholding the rules-based international order.We have stood up for responsible state behaviour in cyberspace and called out instances of malicious cyber activity by nation states.As a trusted voice on the internationa

69、l stage,Australia has an opportunity to uplift global standards for cyber security.These strengths are the backbone of our Strategy,and they fuel our vision for a more secure future.By building on our strategic advantages and capturing new opportunities,Australia can become a world leader in cyber s

70、ecurity by 2030.20232030 Australian Cyber Security Strategy13 20232030 Australian Cyber Security Strategy14 Our Strategy20232030 Australian Cyber Security Strategy15 Our citizens and businesses are better protected from cyber threats,and can bounce back quickly following a cyber attack.What success

71、looks likeIn 2030,all Australians will benefit from a strong digital economy.We envision a future where every individual and business has the skills and resources they need to be cyber secure.Cyber is no longer a technical topic but a whole-of-nation effort.Responsibility for cyber security is share

72、d across the community,with more cyber risk allocated to those who are most capable of addressing them.Small businesses and vulnerable groups will have dedicated support from government and industry.Government will help business leaders understand their cyber maturity and find ways to embrace digita

73、l technology while continuing to protect their customers.Diverse communities including remote and regional communities,culturally and linguistically diverse groups,First Nations communities,young people,seniors,people with disabilities,and neuro-diverse people will be empowered to build their cyber

74、resilience.Australians will have a clear understanding of cyber risks and know how to get help quickly.By 2030,Australia will be a hard target for cyber attacks.Our objective is to undermine cybercrime business models and put Australians in a strong position to respond effectively,including if they

75、are asked to pay a ransom.Larger businesses will play a central role in strengthening the security of the economy by helping to protect those less able to do so.If cyber extortion occurs,Australians will know how to respond safely.Cyber incidents are inevitable;its a part of life and doing business

76、online.Yet if things go wrong,the Australian Government and our community will be well prepared to work together and bounce back swiftly.The National Cyber Security Coordinator(Cyber Coordinator)and the National Office of Cyber Security will coordinate whole-of-government incident response efforts.B

77、usinesses will find it easier to report cyber incidents and victims of cybercrimes will get the support they need to recover.Strong businesses and citizensShield 120232030 Australian Cyber Security Strategy16 How well get thereTo achieve our 2030 vision,the Australian Government will:support small a

78、nd medium businesses to strengthen their cyber security;help Australians defend themselves from cyber threats;disrupt and deter cyber threat actors from attacking Australia;work with industry to break the ransomware business model;provide clear cyber guidance for businesses;make it easier for busine

79、sses to access advice and support after a cyber incident;and secure our identities and provide better support to victims of identity theft.20232030 Australian Cyber Security Strategy17 1 Support small and medium businesses to strengthen their cyber securityThe problem we faceSmall and medium busines

80、ses play a vital role in our economy,contributing more than$500 billion3 to annual gross domestic product and employing around 43%of the private sector labour market.4 But Australian small businesses consistently express concern over their lack of time,resources and expertise to uplift their cyber s

81、ecurity.They struggle to attract and retain skilled cyber professionals,procure the right services or know where to invest in uplifting their cyber resilience.As a consequence,small and medium businesses can take longer to recover from a cyber incident and face higher costs compared to larger busine

82、sses.For large organisations,incidents affecting a small or medium business in their supply chain can cause significant damage.An incident in a large organisations supply chain can cause major downstream impacts,disrupting service delivery.Or,where a small business is integrated into the networks of

83、 a large organisation,a cyber attack on the smaller entity can unlock a back door into the larger organisation that malicious actors can easily exploit.How the Government will take actionThe Australian Government recognises that uplifting cyber maturity can be challenging for small and medium busine

84、sses,particularly when balancing competing priorities.Without appropriate support and guidance,investment in cyber security can seem overwhelming.Under this initiative,the Government will:1.OfferadviceandguidancetosupportsmallandmediumbusinessesThe Government will create a cyber health-check program

85、 that will offer a free,tailored assessment of cyber security maturity to small and medium businesses.Based on international exemplars,the health-check program will provide educational tools and materials to help small and medium businesses improve their cyber security posture.The health check progr

86、am will support the delivery of the existing Cyber Wardens Program for small businesses,which allows them to better understand cyber security risks and build in house capability to manage cyber threats.As cyber security requirements for small and medium businesses evolve,the Government will continue

87、 to adapt its guidance for business leaders.The Government will ensure that small business support programs are easy to understand and accessible,and that businesses have strong incentives to participate.Wherever possible,the Government will limit regulatory burden on small businesses and help them

88、to do what they do best:focus on their businesses and the goods and services they provide.3.Australian Small Business and Family Enterprise Ombudsman(2023).Small Business Matters.4.Reserve Bank of Australia(2023).Recent Developments in Small Business Finance and Economic Conditions.20232030 Australi

89、an Cyber Security Strategy18 2.Build cyber resilience and provide support when an incident occursThe Government will continue to provide victim support services for small businesses to help them respond to cyber incidents and bounce back quickly.These services will be closely coordinated with other

90、support for small businesses,including anti-scams programs led by the National Anti-Scam Centre.The Governments new Small Business Cyber Security Resilience Service will provide small businesses with advice on how to build their cyber security capability and resilience.This one-stop-shop will also h

91、elp small businesses deal with the aftermath of a cyber incident and recover quickly.Staffed by professionals who understand small business,cyber security and mental health,this service will provide small businesses with assistance that is tailored to their situation,capability and level of cyber ri

92、sk.2 Help Australians defend themselves from cyber threatsThe problem we faceWe must do more to lift cyber awareness across our community.It can be difficult to understand how to protect ourselves online and for many Australians,good cyber security behaviours are not front of mind.Yet much like wash

93、ing our hands or putting on our seatbelts,cyber security needs to become part of our everyday routine.Its important to emphasise that basic actions like maintaining a secure pass-phrase,keeping our software up to date,or not clicking on suspicious links can have the most effective outcomes.The lands

94、cape of cyber security advice remains hard to navigate for many Australians,particularly for diverse communities who may be more vulnerable to cyber incidents and cybercrime.Further collaborative and coordinated action between government,business and civil society is necessary to simplify the way we

95、 talk about cyber security and emphasise that secure cyber practices can be an everyday skill.How the Government will take actionBuilding cyber awareness will provide Australians with confidence and trust to embrace digital technologies and the opportunities they present.The Australian Government re

96、cognises that genuine behavioural change will take time and is committed to delivering awareness-raising programs over the long term.Under this initiative,the Government will:1.Extend the reach and accessibility of cyber awareness programsThe Government will continue the national cyber awareness cam

97、paign to help Australians understand critical cyber security threats and how to protect themselves online.Partnerships with the private sector and civil society will be critical to extend the reach of this national campaign and maintain consistent messaging.The Government will also coordinate this w

98、ork with other related areas such as scams,fraud,identity resilience and Digital ID to uplift consumer awareness against online threats across the board.20232030 Australian Cyber Security Strategy19 2.Empower vulnerable communities to grow their cyber literacyThe Government will empower community or

99、ganisations to deliver tailored cyber awareness campaigns to diverse groups,funded by a community grant program.This program will allow local community leaders to tailor cyber awareness campaigns to the unique needs of diverse cohorts such as remote and regional communities,culturally and linguistic

100、ally diverse groups,First Nations communities,young people,seniors,people with disability and neuro-diverse people.Through this program,Government will collaborate with community leaders to develop bespoke strategies and materials to more effectively engage these groups.This program will be coordina

101、ted with other awareness campaigns,such as on scams,to ensure that these communities receive clear and consistent advice.3 Disrupt and deter cyber threat actors from attacking AustraliaThe problem we face Cybercrime,including ransomware and cyber extortion,can cause large-scale harm to the Australia

102、n economy and national security.Cyberspace is borderless:malicious state actors and cybercriminals can compromise systems and technologies at distance and at scale.Such attacks often require minimal technical expertise and few resources,yet can have a major impact potentially crippling core business

103、 functions and critical services like our telecommunication networks,health system,food supply chains and educational institutions.Cybercrime is causing significant disruption to our economy.From mid-2022 to mid-2023,the cost of cybercrime for Australian businesses rose by 14%.The average cost of cy

104、bercrime for small businesses is now$46,000;$97,200 for medium businesses;and$71,600 for large businesses.5 These cyber attacks on our businesses,democratic institutions and critical infrastructure are unacceptable.Rules and law apply online,just as they do offline.How the Government will take actio

105、nThe Australian Government recognises the significant impact cybercrime can have on individuals.Responsibility for cyber deterrence should sit with those most capable of taking defensive action,so the Government will use all lawful and appropriate levers to deter and disrupt cybercrime.Under this in

106、itiative,the Government will:1.BuildourlawenforcementandoffensivecapabilitiesWe will amplify our domestic law enforcement and offensive cyber activities to make Australia a harder target for cyber criminals.We approach this task from a position of strength:Australia is considered a world leader in o

107、ur investigatory powers and criminalisation frameworks to combat cybercrime.5.ASD(2023).ASD Cyber Threat Report 20222023.20232030 Australian Cyber Security Strategy20 The Government will expand the AFPs contribution to Operation Aquila,the AFP-and ASD-led joint standing operation aimed at investigat

108、ing and disrupting criminal syndicates.Through Operation Aquila,the AFP and ASD use offensive cyber capability as a criminal investigation tool towards prosecution or disruption.Operation Aquila focuses on the highest-priority cybercrime threats impacting Australia,both nationally and internationall

109、y.New funding for Operation Aquila will enhance the AFPs offensive cyber capability to investigate and disrupt cybercrime activity.The Government is also continuing to deliver ASDs Project REDSPICE to build world-class,innovative offensive cyber capabilities that can deliver real world impact to det

110、er,disrupt,degrade and deny cybercrime.Project REDSPICE will triple Australias offensive cyber capabilities and put malicious threat actors on notice.While details of specific offensive cyber capabilities and operations remain classified,we are committed to transparency about the rights and obligati

111、ons that govern their use.2.Shape international legal frameworks and cooperation on cybercrimeCybercrime is a global threat that requires global solutions.Deepening international collaboration is essential to combat the transnational threat of cybercrime.The Government will continue to driveglobalco

112、operationtoeffectivelyprevent,deterandrespond to cybercrime.We will continue to work with our international partners to crack down on cyber criminals,including close collaboration with the Five Eyes and international law enforcement partners via our existing network of AFP liaison officers.We will c

113、ontinue to advocate for global legal frameworks that effectively combat cybercrime in addition to frameworks that protect human rights,fundamental freedoms and the rule of law.This includes supporting global efforts to adopt and implement the Council of Europe Budapest Convention on cybercrime.In co

114、llaboration with our global partners,we will seek to hold criminal groups accountable for their actions.We will also seek to hold states accountable for malicious cyber activity perpetrated by actors given safe haven in their territories.We will impose a cost on those responsible for cyber incidents

115、,including making public attributions and imposing sanctions when we have sufficient evidence and it is in our national interests to do so.We will also buildregionalcapabilitiestofightcybercrime in the Pacific and Southeast Asia,through forums such as the Pacific Islands Law Officers Network and ASE

116、AN Senior Officials Meeting on Transnational Crime.To protect our shared interests,Government will continue to support more countries within our region to shape the development of new and emerging international legal frameworks on cybercrime.20232030 Australian Cyber Security Strategy21 4 Work with

117、industry to break the ransomware business modelThe problem we face Ransomware is one of the most disruptive cyber threats in the world today.Ransomware and cyber extortion attacks have demonstrated their capacity to disrupt the lives and livelihoods of Australians.Malicious cyber actors are developi

118、ng new technologies to automate ransomware attacks.Ransomware-as-a-service products can be purchased on the dark web,making it easier than ever for criminals to steal valuable data.Ransomware incidents are under-reported,limiting our national understanding of their true impact on the economy.Reduced

119、 visibility of ransomware attacks can impact incident response and harm mitigation efforts.Poor visibility of threats may also contribute to underdeveloped business risk models.The ransomware business model is fuelled by payments made to cybercriminals,with cryptocurrency transactions enabling malic

120、ious actors to anonymously profit from extortion claims.Paying a ransom does not guarantee that sensitive data will be recovered.It also makes Australia a more attractive target for criminal groups.Throughout consultation,we have heard that businesses feel alone when tackling ransomware.Business lea

121、ders do not have clear guidance on how to prevent and respond to cyber extortion.How the Government will take actionTo make Australia a hard target for ransomware,we must disrupt the ransomware business model.The Australian Government will take strong action to prevent cybercriminals from profiting

122、from attacks on Australian citizens and businesses.Under this initiative,the Government will:1.Enhance visibility of the ransomware threatWe need early warnings of ransomware attacks to enable the Government to provide the right support at the right time.We also need to build an improved picture of

123、the ransomware threat so that we can develop appropriate responses.To stay ahead of the threat,we will co-design with industry options to legislate a no-fault,no-liability ransomware reporting obligation for businesses.Pending design,anonymised reports of ransomware and cyber extortion trends could

124、be shared with industry and the broader community to help us take steps to build our national resilience against cybercrime.2.Provide clear guidance on how to respond to ransomwareConsistent with our Counter Ransomware Initiative(CRI)commitment,the Australian Government continues to strongly discour

125、age businesses and individuals from paying ransoms to cybercriminals.There is no guarantee you will regain access to your information,or prevent it from being sold or leaked online.You may also be targeted by another attack.20232030 Australian Cyber Security Strategy22 Weve consistently heard that A

126、ustralian businesses and citizens need clearer advice on how to respond to ransom demands.As a next step,the Government will build a ransomware playbook.This playbook will provide clear guidance to businesses and citizens on how to prepare for,deal with,and bounce back from ransom demands.3.Drive gl

127、obal counter-ransomware operationsWe will continue to work with our international partners to drive the CRI and lead global cooperation to break the ransomware business model.Australia will take a leadership role to drive international action to fight back against the threat,starting with our role a

128、s Chair of the International Counter Ransomware Taskforce.Under the CRI,we are working with 50 international partners to execute counter-ransomware operations.The Australian Government will continue working with CRI members to strongly discourage anyone from paying a ransomware demand.The Government

129、 will also continue its efforts to regulate the use of cryptocurrencies.The Attorney-Generals Department is consulting on major reforms of Australias anti-money laundering and counter-terrorism financing laws,including their application to transactions involving digital currencies.Separately,the Dep

130、artment of the Treasury is consulting industry on defining digital asset types and seeking to identify gaps in the current regulatory framework in relation to digital currencies.5 Provide clear cyber guidance for businesses The problem we faceCyber security is not just good practice;its good busines

131、s.A clear understanding of how to manage cyber risks is essential for Australian businesses embracing the digital economy.Many cyber risks could be mitigated by better corporate governance from the board down.Businesses already have existing obligations to protect their businesses from risk.These ob

132、ligations include protecting their businesses and customers from cyber attacks.But many expectations of cyber governance are unclear,and there is scope to identify gaps in the current suite of cyber obligations.Industry feedback has flagged that more could be done to help businesses understand what

133、good cyber security looks like.When a major incident occurs,it is important that we understand the vulnerabilities that led to the malicious attack and share lessons learned with industry to enhance future cyber readiness.The Government must enable the efficient and well-targeted delivery of appropr

134、iate guidance to industry to ensure identified vulnerabilities are not further exploited.20232030 Australian Cyber Security Strategy23 How the Government will take actionThe Australian Government will work with industry to ensure cyber security is appropriately considered in the boardroom,informed b

135、y clear guidance on cyber best-practice and lessons learned from previous cyber incidents.Under this initiative,the Government will:1.Clarify business expectations of cyber governanceThe Government will consider how best to provide additional information on cyber security guidance for businesses to

136、help them navigate important obligations and requirements that should be considered when developing cyber security frameworks.As a first step,the Government will publish an overview of corporate obligations for critical infrastructure owners and operators.Next,the Government will consider how best t

137、o collaborate with industry to design best-practice principles to guide good cyber governance.Initiatives in this space would aim to be principles-based,technology neutral and applicable to a range of organisations,regardless of their cyber maturity.It will build on existing resources available thro

138、ugh the Australian Institute of Company Directors,Australian Information Security Association,Australian Securities and Investments Commission,ASDs Australian Cyber Security Centre(ACSC),the National Anti-Scam Centre,and the Cyber Security Cooperative Research Centre.2.Share lessons learned from cyb

139、er incidentsThe Government will establish a new process for conducting lessons-learned reviews of significant cyber incidents.We will work with industry to establish a new Cyber Incident Review Board,drawing on international and domestic models,including the United States Cyber Safety Review Board a

140、nd the Australian Transport Safety Bureau.Following major cyber incidents,this no-fault post-incident review mechanism will seek to uplift collective cyber security,boosting our ability to hone incident preparation and response.The proposed review mechanism will not make findings of fault and will n

141、ot interfere with incident response or regulatory,intelligence or law enforcement functions.Lessons learned from these reviews will be shared with the business community and the wider public.Insights on cyber best-practice will be fed into our national threat intelligence sharing and blocking networ

142、ks,our cyber awareness programs,national cyber exercises and other initiatives to continue to improve our national cyber resilience.20232030 Australian Cyber Security Strategy24 6 Make it easier for Australian businesses to access advice and support after a cyber incidentThe problem we faceWhen a cy

143、ber incident occurs,every moment matters.Rapid response will increase the chances of timely recovery and help Australian businesses bounce back quickly.However,industry have flagged barriers that make it challenging to get help after a cyber incident.Australias current regulatory reporting requireme

144、nts for cyber incidents are complex.Businesses often need to report an incident to multiple regulators,depending on their sector,the nature of the incident,and the severity of the consequences.These obligations serve an important purpose,but they must not hinder the capacity of business leaders to r

145、espond to an incident.Additionally,industry are increasingly reluctant to share detailed and timely cyber incident information with ASD.Businesses are concerned that the information they share could be used for regulatory action.Such reluctance can limit the Governments capacity to offer support dur

146、ing an incident,and it reduces our understanding of the national threat picture.Industry has also flagged difficulties when engaging incident response firms.There is lack of clarity around professional standards for incident response providers,leading to inconsistent service quality.Without rapid an

147、d high-quality support,incidents can grow in scale and cause devastating consequences for Australian businesses and citizens.How the Government will take actionThe Australian Government has already taken steps by appointing the Cyber Coordinator to lead the coordination and triaging of government ac

148、tion in response to a major cyber incident.Building on this,the Government will put measures in place to ensure industry is supported as effectively as possible during a cyber incident.Under this initiative,the Government will:1.Simplify incident reportingThrough Project REDSPICE,the Government is a

149、lready enhancing cyber security incident reporting through its one-stop shop at cyber.gov.au.To help industry navigate mandatory cyber incident reporting obligations,the Government has developed a single reporting portal on cyber.gov.au that brings key reporting links together in one place.As a next

150、 step,the Government will explore options to make it easier for businesses to meet their regulatory obligations,which may include potential regulatory change or form simplification.20232030 Australian Cyber Security Strategy25 2.Promote access to trusted support after an incidentInformation provided

151、 to Government in the early stages of a cyber incident is critical to effective incident response.We will encourage open engagement with Government during an incident by co-designing options to legislate a limited use obligation for ASD and the Cyber Coordinator.This obligation would aim to limit ho

152、w information that industry shares with ASD and the Coordinator can be used by other Australian Government entities,including regulators.A limited use obligation would not impact regulatory or law enforcement actions,or provide an immunity from legal liability.As an immediate step,we will start by d

153、eveloping an interim approach for ASD.The Government also seeks to provide business and community leaders with greater confidence when they engage cyber security professionals.This will include co-designing an industry code of practice for incident response providers.This code will clearly define th

154、e service quality and professional standards that are expected from third-party cyber incident response providers.This code will be co-designed with industry to ensure that cyber security firms provide fit-for-purpose services consistent with public expectations.7 Secure our identities and provide b

155、etter support to victims of identity theftThe problem we faceOur identities are one of the most sensitive and valuable types of personal data.Cybercriminals go to great lengths to steal identities of Australian citizens,including through large-scale breaches of business customer data.Personal data,i

156、ncluding identity information,is bought and sold on the dark web for a high price.Identity theft can have devastating consequences for individuals.Recent high-profile cyber incidents have demonstrated the enduring harms experienced by Australians if their identities are stolen.Victims of identity th

157、eft may spend days or weeks trying to reclaim their stolen identities,facing significant financial loss.Currently,victims need to navigate a complex web of services and are often left to shoulder the emotional and financial burdens alone.Diverse communities can be more vulnerable to cyber incidents

158、and face additional barriers in seeking assistance.Culturally and linguistically diverse groups may face language barriers when seeking support.People who are hard of hearing may find it challenging to access support services if capacity constraints restrict in-person support.Other groups including

159、First Nations communities and seniors face significant challenges if their identities are lost.Beyond the personal toll on victims,identity theft has a substantial collective impact on society at large.The most recent survey in 2019 indicated that identity theft has cost Australia more than$3.1 bill

160、ion6 and has affected 20 per cent of Australians.7 If identities can be easily stolen or defrauded,our communities may lose trust in our public institutions.Essential services that rely on digital identity verification such as our financial and banking systems could be at risk of severe disruption.6

161、.Australian Institute of Criminology(AIC)(2021).Identity crime and misuse in Australia:Results of the 2021 online survey.7.AIC(2023).Cybercrime in Australia 2023.20232030 Australian Cyber Security Strategy26 How the Government will take actionThe Australian Government aims to secure our identities f

162、rom cyber attacks and provide better support to victims of identity crime.Under this initiative,the Government will:1.Expand the Digital ID program to help keep Australians identities safeThe Government is continuing to develop the Digital ID program and the National Strategy for Identity Resilience

163、 to reduce the need for people to share sensitive personal information with government and businesses to access services online.This will mean fewer records of individuals ID data and documents held by commercial and government organisations reducing the risks and impact of identity theft and fraud.

164、Cyber security of the Australian Governments Digital ID System is central to its design and the expanded program will continue to adopt best-practice cyber security standards such as ISO/IEC standards,the Australian Governments Protective Security Policy Framework,and the Australian Cyber Security C

165、entres Essential Eight to mitigate cyber security incidents.This is supplemented by additional protective security requirements specific to Digital ID for accredited providers participating in the Digital ID system.2.Expand support services for victims of identity theftThe Government will increase f

166、unding for victim support services to help more individuals recover from identity theft to better protect themselves and other Australians.This will build on existing services provided by government and not-for-profit organisations and will be closely integrated with support services through cyber.g

167、ov.au.This funding will enable case management services to allow individual victims of identity crime to obtain specialised support including guidance on how to recover their identity,advice on how to mitigate damage and replace identity credentials,and education on warning signs that their identiti

168、es continue to be misused.20232030 Australian Cyber Security Strategy27 Australians can trust that their digital products and services are safe,secure and fit for purpose.What success looks likeCyber security is a public good.By 2030,all Australians should feel protected by a secure and resilient di

169、gital economy.They should feel confident that cyber security will be enforced by those most capable of managing it across each layer of the technology supply chain.Consumers and businesses will benefit from widespread adoption of cyber security standards across our technology and software markets.Ou

170、r digital products will be secure by design and default.When purchasing digital devices or software,consumers should have peace of mind knowing that their technology is protected from cyber attacks and does not have embedded vulnerabilities that will put them or their families at risk.In consultatio

171、n,industry has called for a harmonised approach to cyber security standards for digital products.Our technology security standards will be designed to be consistent with international best-practice.Australia will work closely with industry and our international partners to design and align common se

172、curity standards.In addition to protecting our software and hardware,we also need to secure our data.Our most valuable datasets require adequate protections that keep pace with the current cyber landscape,without imposing unduly burdensome requirements on industry.This includes streamlined data rete

173、ntion requirements that are appropriate and proportionate.We must also prepare for new and emerging technologies.The Government will continue to proactively support the development of emerging and critical technologies that have security at their core and safety in their design.By 2030,Australians s

174、hould be able to safely embrace the opportunities presented by critical and emerging technologies including quantum,AI,and advanced communications systems such as 6G.Safe technologyShield 220232030 Australian Cyber Security Strategy28 How well get thereTo achieve our 2030 vision,the Australian Gover

175、nment will:ensure Australians can trust their digital products and software;protect our most valuable datasets;and promote the safe use of emerging technology.8 Ensure Australians can trust their digital products and softwareThe problem we faceProducts and services without built-in security can pres

176、ent vulnerabilities that malicious actors can easily exploit,potentially undermining public trust in technology.Many digital products do not have security standards built in by design,or turned on by default.As a result,consumers and businesses can be offered less secure products and services,with i

177、nsufficient expertise to manage the risk.These market failures are particularly prevalent in the global Internet of Things(IoT)or smart devices market,with the average Australian home set to have 33 connected devices by 2025.8 As the smart device market expands to include products like autonomous ve

178、hicles and distributed energy devices,these vulnerabilities could create systemic risks for society and the economy and potentially facilitate cyber-enabled foreign interference.8.Hughes,C,Average number of internet-connected devices per household in Australia in 2020 and 2021 with a forecast for 20

179、25,Statista,Hamburg,2023,accessed 14 November 2023.20232030 Australian Cyber Security Strategy29 How the Government will take actionThe Australian Government will pursue a balance of voluntary and mandatory actions to enhance the security of our technology.These actions will provide end-users with c

180、onfidence that their digital products are safe to use,without hindering industry innovation.Under this initiative,the Government will:1.Adopt international security standards for digital technologiesThe Government will work with industry to encourage the adoption of international standards for secur

181、e-by-design in digital technologies such as IoT devices.In the short term,we will collaborate with industry experts to co-design options to legislate a mandatory cyber security standard for IoT devices.The standard could be aligned to international standards to ensure consistency between jurisdictio

182、ns and minimise the regulatory burden on Australian businesses,while meeting our national security objectives.To help consumers make informed choices about the security of devices on the market,the Government will also develop a voluntary labelling scheme for consumer-grade smart devices.These refor

183、ms will align Australia with international markets,including the United States,Singapore and the United Kingdom.2.Embed cyber security into software development practicesThe Government will work with industry and international partners to shape the development and adoption of international software

184、security standards,including secure-by-design and secure-by-default practices.As a first step,we will work with industry and our international partners to co-design a voluntary code of practice for app stores and app developers.This code will clearly communicate expectations of cyber security in sof

185、tware development.App stores are one of the best channels for intervention,as they are the single biggest marketplace to access consumer software.App stores also play a critical role in influencing software development practices by setting standards to screen products sold on their stores.The Govern

186、ment will work with industry to develop clear guidance on actions that app stores and developers can take to protect consumers and businesses from cyber attacks.On the international stage,we will work with Quad partners to harmonise software standards for government procurement.Together with India,J

187、apan and the United States,we are mapping our shared software standards and identifying opportunities to shift to common security standards.Aligning our standards will streamline procurement processes for industry,and our collective purchasing power will help set strong IT security standards across

188、global markets.3.Manage the national security risks of digital technologyThe Government will develop a framework for assessing the national security risks presented by vendor products and services operating within and entering the Australian economy.Using this framework,the Government will help indu

189、stry manage supply chain risks and make informed procurement decisions about the security of products and services.We will also consult industry on further options to limit the availability of non-secure products in the domestic market.20232030 Australian Cyber Security Strategy30 9 Protect our most

190、 valuable datasetsThe problem we faceData is an important source of growth for the Australian economy,helping organisations conduct transactions,make better decisions and improve their products and services.Businesses and global markets rely on the secure and free flow of data.Effective use of data

191、helps Australian citizens get access to goods and services that are tailored to their needs.In the wrong hands,data can allow malicious actors to do us harm.It can be held for ransom and used as a tool for coercion.Mishandling of sensitive and critical datasets can cause grave damage to Australias n

192、ational interests.Technological advancements have enabled malicious actors to develop vast data profiles on businesses,individuals and officials for intelligence-gathering and commercial purposes.The Privacy Act 1988(the Privacy Act)covers the security of personal information held by entities with a

193、n annual turnover of more than$3 million.Recent reforms to the SOCI Act and the introduction of the Hosting Certification Framework for the Australian Government were vital steps in securing Australias sensitive government and business data holdings.However,there is limited guidance for commercial,s

194、ensitive or critical datasets that fall outside the scope of these existing regulations.There is also no common methodology by which the private sector can assess and communicate the value of data in a standardised way.Many businesses have voiced concerns that they are required to store substantial

195、data records for excessive periods of time,which can often be high-value targets for malicious cyber actors.Some organisations take proactive steps to protect their data holdings,but this is often done in isolation,leading to inconsistent application of security controls and creating practical barri

196、ers to data sharing.How the Government will take actionWhile the Australian Government has frameworks in place to protect personal information,we must continue to ensure that our data settings are fit for purpose as data increasingly becomes a resource to be collected,transferred and traded.Under th

197、is initiative,the Government will:1.ProtectourdatasetsofnationalsignificanceThe Government will identify Australias most sensitive and critical datasets across the economy particularly those that are not appropriately protected under existing regulations,yet are crucial to our national interests.Thi

198、s will allow us to assess whether existing data protections,including storage and governance settings,are proportionate and effective.Where gaps are identified that render these datasets vulnerable,the Government will explore options to better safeguard sensitive data across the economy.20232030 Aus

199、tralian Cyber Security Strategy31 2.Support data governance and security uplift across the economyThe Government will review Commonwealth legislative data retention requirements,with a focus on non-personal data,to determine whether existing provisions are appropriately balanced.Complementing our re

200、sponse to the Privacy Act Review,which will examine laws that require retention of personal information,the review will consider any unnecessary burden and vulnerabilities that arise from entities holding significant volumes of data for longer than necessary.Following the outcomes of this review,the

201、 Government will explore options to minimise and simplify data retention requirements.The Government will review the data brokerage ecosystem to assess whether further action is required to address risks associated with the transfer of data to malicious actors via data markets.This review will compl

202、ement the proposed reforms to the Privacy Act.The Government will also developavoluntarydataclassificationmodel,offering guidance to help industry identify,assess and communicate the relative value of their data holdings in a consistent and unified way.This will enable businesses to segment informat

203、ion and implement proportionate operational controls,reducing enterprise risk.10 Promote the safe use of emerging technologyThe problem we faceEmerging technologies are delivering significant benefits across the economy and our society.As technological change accelerates,innovations are near impossi

204、ble to predict,especially in the long term.Extraordinarily rapid growth in the functionality and scale of digital tools including expansion in the capabilities of large language models like ChatGPT and text-to-image models like Stable Diffusion make it difficult to plan for the future.Next-generatio

205、n connectivity,such as autonomous vehicles or smart cities,will establish a new era of digital infrastructure.Advanced robotics systems will increase the pace of automation,boosting productivity in multiple sectors including healthcare,manufacturing and agriculture.Building our capabilities in these

206、 technologies is important to ensure we can keep pace with change and leverage new opportunities as they emerge.With increased reliance on critical and emerging technology comes the potential for an increased attack surface,expanding scope for malicious actors to attack our digital systems.We are al

207、ready seeing significant cyber threats posed by these technologies,such as phishing attacks created by generative AI.As these develop,it will become increasingly difficult for the average person to distinguish legitimate communication from malicious attacks and fraud.These technologies are also subj

208、ect to immense strategic competition,and while presenting a range of benefits,could pose significant risks to our national interest.They will transform economic competitiveness,national and international security,as well as democratic governance and social cohesion.Australia must be ready,and ensure

209、 that our digital ecosystem is prepared for rapid transformation.Through continuous horizon scanning,and ongoing analysis of emerging technologies,we need to manage the risks and opportunities posed by these technologies.20232030 Australian Cyber Security Strategy32 How the Government will take acti

210、onThe Australian Government is committed to supporting responsible innovation and advancements in emerging technologies throughout their full lifecycle,while retaining our strong stance on cyber security.The Strategy will support Governments efforts to address cyber and broader national security ris

211、ks posed by critical and emerging technologies,including through enhanced industry,international and community engagement to ensure that these technologies are designed and developed in line with our interests.Under this initiative,the Government will:1.Support safe and responsible use of AIAustrali

212、as world leading AI ethics principles were an important first step in developing and adopting trusted,secure and responsible AI.Following Australias commitment to the Bletchley Declaration at the AI Safety Summit in November 2023,we will continue to work with other governments,civil society and the

213、tech sector to ensure that AI is designed,developed,deployed,and used in a manner that is safe,secure,trustworthy and responsible.Our goal is to help ensure AI systems can be relied upon by Australians,while supporting innovation.This includes ensuring the right guardrails are in place,and supportin

214、g security by design,to ensure our citizens can trust the AI tools they use.Building on our multimillion-dollar investment in Australias AI capability,the Australian Government will continue to explore practical steps it can take to support the safe development and diffusion of AI technologies acros

215、s the Australian economy,recognising the significant benefits they are already delivering and the significant future potential that they offer.2.Prepare for a post-quantum worldThe Government is already preparing for the possible disruptive impact of quantum computing.Advances in quantum computing c

216、ould leave contemporary cryptography insecure,meaning that the technology weve become reliant on to protect our data will no longer keep our information safe.To prepare for these risks,we must anticipate future requirements of encrypted systems as we transition to post-quantum cryptography.We will c

217、ontinue to monitor developments in quantum computing and set standards for post-quantum cryptography.This will include updating guidance in the Information Security Manual ASDs publicly available cyber security framework that offers guidance for organisations on protecting their systems and data fro

218、m cyber threats.Organisations will also be encouraged to prepare for the post-quantum future by conducting a review of their data holdings,and developing a plan to prioritise and protect sensitive and critical data.By keeping up to date with modern cryptographic algorithms,Australia will be best pla

219、ced to ensure we can keep our information safe and secure.20232030 Australian Cyber Security Strategy33 World-class threat sharing and blockingAustralia has access to real-time threat data,and we can block threats at scale.What success looks likeAustralians should feel confident that the Government

220、and industry are working together to identify and block cyber threats before they cause significant harm.Cyber threat intelligence sharing plays a crucial role in enhancing threat visibility across the economy,with collaboration between Government and industry helping to build a holistic threat pict

221、ure.The Government draws on its access to expertise and information from classified sources to help businesses anticipate and respond to sophisticated cyber threats.Meanwhile,industry provides real-time data on emerging threats and vulnerabilities,helping the Government to enhance preparedness and r

222、esponse options.New technologies and practices will inevitably shape the threat landscape and improve our capacity to share threat information at scale.By 2030,we will have a thriving whole-of-economy threat sharing and blocking network that will build on ASDs existing intelligence threat sharing pl

223、atforms to enhance our ability to share cyber threat intelligence at machine speed across the nation.This network will include enhanced industry-to-industry information sharing,providing a multi-directional hub and spoke model feeding data back into government threat intelligence systems and enablin

224、g information to be effectively distributed to industry.Real-time threat sharing will facilitate automated threat-blocking capabilities,enabling industry and the Government to block cyber threats before they reach end users.How well get thereTo achieve our 2030 vision,the Australian Government will:

225、create a whole-of-economy threat intelligence network;and scale threat-blocking capabilities to stop cyber attacks.Shield 320232030 Australian Cyber Security Strategy34 Public-private partnerships in actionAs recently announced by the Prime Minister and Microsoft on 24 October 2023,Microsoft will be

226、 investing$5 billion into the Australian technology and cyber security industry.A key element of this investment will be the co-led Microsoft-ASD Cyber Shield(MACS)which will further enhance existing efforts to increase national threat intelligence capabilities with a focus on detecting,analysing an

227、d defending Australia from sophisticated nation-state cyber threats.Other key elements of this investment include investing in digital infrastructure to support the growing demand for cloud computing services,investment to seize the opportunity AI offers,partnering with TAFE NSW to deliver a Microso

228、ft Datacentre Academy to support this digital infrastructure and AI investment.These initiatives demonstrate how industry and government can work together to deliver a beneficial outcome for all Australians.11 Create a whole-of-economy threat intelligence networkThe problem we faceAs cyber threats g

229、row in scale and sophistication,a whole-of-economy threat picture is critical to build preparedness and mitigate risk.Existing initiatives,such as ASDs intelligence threat sharing platforms and the Cyber and Infrastructure Security Centres Trusted Information Sharing Network,enable multi-directional

230、 governmentindustry and industryindustry threat intelligence sharing.However,industry has highlighted the need to improve national mechanisms to share strategic and tactical threat intelligence.Industry-led threat intelligence sharing platforms continue to develop,including Intelligence Sharing and

231、Analysis Centres(ISACs).However,more action is needed to promote cross-sectoral threat-intelligence sharing across industry.Some sectors have mature arrangements in place,such as the financial sector.Others,like the health sector,have less capability to share,receive or act on cyber threat informati

232、on,leaving large parts of the economy lacking a comprehensive threat picture.20232030 Australian Cyber Security Strategy35 A holistic solution to cyber threat sharing requires enhanced governmentindustry and industryindustry engagement.But there is a risk of fragmentation if domestic ISACs and threa

233、t sharing platforms are not integrated with government threat sharing initiatives.We need to enable better collaboration between government and industry to improve the quantity,quality and speed of threat sharing.How the Government will take actionThe Australian Government will create a whole-of-eco

234、nomy threat sharing network through publicprivate partnerships that facilitate the rapid exchange of threat intelligence.Under this initiative,the Government will:1.Share strategic threat intelligence with industryIndustry has critical responsibilities to manage and mitigate cyber risk across the ec

235、onomy.To help industry respond to cyber threats,the Government will work with business leaders to facilitate genuine co-leadership on cyber security issues,enabled by improving industrys access to strategic threat intelligence.We will establish a coalition of government and industry leaders under th

236、e Executive Cyber Council.The Council will act as a key forum to build cross-sectoral trust and share strategic threat intelligence,in addition to driving public-private collaboration on other priority initiatives under the Strategy.2.Expand tactical and operational threat intelligence sharingThe Go

237、vernment will invest in automated solutions to ensure we maintain visibility of threat activity across the economy.We will continue to enhance ASDs existing threat sharing platforms,co-designed with industry,to ensure that they can absorb expected future growth in the scale of cyber threat intellige

238、nce.This will amplify our ability to generate and share threat intelligence across the public and private sectors at machine speed,enabling organisations to move quickly to protect their networks when threats are identified.The Government will also support industry-industry threat sharing by investi

239、ng in a Threat Sharing Acceleration Fund to support the development of sector-specific ISAC in Australia.This fund will help build industry capabilities for intelligence collection and dissemination.This will be compatible with ASDs existing Cyber Threat Information Sharing platform and run knowledg

240、e-sharing programs to exchange best practice between industry members.The Threat Sharing Acceleration Fund will start with an initial pilot for the health sector.Australians are rightly concerned about the cyber security of our health system our hospitals and general practitioners hold some of the m

241、ost sensitive data about Australians and their families.However,the health sector also has one of the lowest cyber maturities across industry.Through the Threat Sharing Acceleration Fund,the Government will seek to support the cyber security of Australias health sector by helping health providers id

242、entify cyber threats and share best practice.This pilot will focus on building the capability of Australias health system to identify threats and share intelligence between medical service providers.By facilitating threat sharing between health providers,a Health ISAC will help industry address crit

243、ical gaps in the cyber security of our health system.To ensure we develop a unified national threat picture,this ISAC will be integrated with existing government threat sharing platforms.To promote uptake of threat sharing,the Government will encourage and incentivise industry to participate in thre

244、at sharing with a particular focus on organisations most capable of collecting and sharing threat information at scale,such as critical infrastructure.20232030 Australian Cyber Security Strategy36 12 Scale threat blocking capabilities to stop cyber attacksThe problem we faceThreat intelligence shari

245、ng is essential to building a stronger threat picture,but it is only the first step.In order to effectively block threats at scale before they reach end users,threat intelligence must be put into action.Australias current approach to threat blocking is multifaceted,incorporating a mixture of technic

246、al capabilities,regulatory functions,and baseline mitigation strategies implemented by both government bodies and industry.Telecommunications and internet service providers(ISPs)have adopted a wide range of approaches to threat blocking.These entities need better access to high-confidence threat inf

247、ormation to help them adopt comprehensive measures to block malicious cyber activity.As threat actors become more sophisticated,it is essential for industry and government to share actionable,timely and contextualised threat intelligence to facilitate effective threat blocking capabilities.How the G

248、overnment will take actionThe Australian Government is already building our national capability to block scams and harmful content through the launch of the National Anti-Scam Centre,as well as defining industry codes that specify responsibilities of the private sector in relation to scam activity.W

249、e have also made regulatory amendments to help telecommunications providers take proactive action to block threats.To further enhance our national threat blocking capabilities,the Australian Government will support and promote threat blocking across industry.Under this initiative,the Government will

250、:1.Develop next-generation threat blocking capabilitiesBuilding on existing work led by the National Anti-Scam Centre,the Government will support telecommunications and ISPs to block threats at scale.We have established a National Cyber Intel Partnership to develop cutting-edge threat blocking capab

251、ilities.Comprised of industry leaders and cyber experts from academia and civil society,the Steering Group is piloting the development of an automated,near-real-time threat blocking capability.These capabilities will build on,and integrate with,existing government and industry platforms.The Steering

252、 Group will inform the deployment of further threat blocking capabilities that can prevent identified threats from reaching end users.As we build our threat intelligence sharing capabilities,we will develop more effective threat blocking technologies that work at machine speed and leverage machine l

253、earning algorithms to actively respond to the changing threat environment.2.Expand the reach of threat blocking capabilitiesDrawing on the work of the Steering Group,the Government will also seek to encourage and incentivise threat blocking across the economy by those most capable of doing so includ

254、ing telecommunication providers and ISPs.20232030 Australian Cyber Security Strategy37 Our critical infrastructure and essential government systems can withstand and bounce back from cyber attacks.What success looks likeIn 2030,every Australian should have peace of mind,knowing that essential servic

255、es such as our electricity grid,water supply and banking systems are able to withstand and bounce back from hazards that might disrupt their functions.The array of critical infrastructure we rely on every day must be able to better prevent,respond,and be resilient to cyber attacks.Owners and operato

256、rs of critical infrastructure and designated Systems of National Significance need to have clear visibility of the risks they face including cyber threats,personnel risks,physical hazards and natural disasters.Under the SOCI Act,they must put appropriate risk mitigation plans in place to protect aga

257、inst these threats.Through regulation and proactive collaboration,the Government will work with industry to provide a high level of assurance that owners and operators are complying with their security obligations.The Australian Government will also lead by example.Government needs to hold itself to

258、 the same standard as it imposes on industry.As we increasingly adopt new and enhanced technology to support a range of government services,we will strive for a high level of cyber maturity,fostering public trust that we meet world-class cyber security standards.In doing so,we will work with state,t

259、erritory and local governments to build a nationally consistent and robust culture of cyber resilience.Protected critical infrastructureShield 420232030 Australian Cyber Security Strategy38 Figure 2:Australias 11 designated critical infrastructure sectorsCyber and Infrastructure Security Centre Indu

260、stry partners and expert advisors Australian Government partners and regulators State and territory government partnersData storage or processingDefence industryTransportHealth care and medicalFinancial services and marketsHigher education and researchWater and sewerageFood and grocerySpace technolo

261、gyEnergyCommunications20232030 Australian Cyber Security Strategy39 How well get thereTo achieve our 2030 vision,the Australian Government will:clarify the scope of critical infrastructure regulation;strengthen cyber security obligations and compliance for critical infrastructure;uplift cyber securi

262、ty of the Commonwealth Government;and pressure-test our critical infrastructure to identify vulnerabilities.13 Clarify the scope of critical infrastructure regulationThe problem we faceAustralians must have confidence in the security and resilience of critical infrastructure sectors to deliver essen

263、tial goods and services.Telecommunications and financial services should be resilient to major disruptions and external hazards.Energy,water and healthcare services,as well as food and grocery providers,should be available when we need them.Australians should not have to worry about suffering from t

264、he consequences of a cyber attack on unsecured critical infrastructure providers or their supply chains.The SOCI Act provides a robust framework for defining and regulating the cyber security obligations for critical infrastructure.However,recent incidents have identified gaps in our cyber security

265、regulation where it does not sufficiently cover specific sectors,entities or assets.In some cases,there are multiple regulatory frameworks that cover the same type of entity,creating unnecessary duplication and complexity.In other cases,obligations are unclear or some entities are not held to consis

266、tent cyber security standards.How the Government will take actionThe Australian Government will continue consultation with industry to ensure that our world leading critical infrastructure laws remain fit for purpose.Under this initiative,the Government will:1.Ensure we are protecting the right enti

267、tiesThe Government will work with industry to move the security regulation of the telecommunications sector from the Telecommunications Sector Security Reforms(TSSR)in the Telecommunications Act 1997 to the SOCI Act.This will better align obligations for critical infrastructure entities that span mu

268、ltiple sectors,reduce regulatory duplication and complexity,and provide scalable obligations for the telecommunications sector.The Government will also seek to clarify cyber security obligations for managed service providers,aligning closely with data protection initiatives established under Shield

269、2.Together,these initiatives will complement the protections and obligations for personal information established by the Privacy Act and action taken by the Government to strengthen individuals trust in the management and storage of personal data.20232030 Australian Cyber Security Strategy40 The Gov

270、ernment will explore options to incorporate cyber security regulation into all hazards requirements for the aviation and maritime sectors.The Government will develop a reform agenda to strengthen Australias aviation,maritime and offshore facility security settings,including positive obligations to p

271、roactively manage cyber-related risks under existing legislation.This will include stronger cyber security obligations on aviation,maritime and offshore facility regulated entities,including other critical infrastructure that enables international transport and shipping routes.2.Ensure we are protec

272、ting the right assetsGovernment will also consult with industry to clarify the application of the SOCI Act to ensure critical infrastructure entities are adequately protecting their data storage systems.This consultation will focus on business-critical data storage systems where vulnerabilities coul

273、d impact the availability,integrity,reliability or confidentiality of critical infrastructure assets.14 Strengthen cyber security obligations and compliance for critical infrastructureThe problem we faceOur critical infrastructure must be resilient to cyber threats in the face of heightened geopolit

274、ical risk,capable nation-state actors,and sophisticated cybercriminals.Cyber incidents affecting critical infrastructure entities may cause cascading impacts across the Australian economy due to our heavy reliance on their services.Systems of National Significance are systems that would cause dispro

275、portionate damage to Australias economy or national security if they were subjected to a cyber attack.To reduce the risk of major disruptions to our communities and businesses,these systems need to be able to withstand large-scale cyber attacks.When cyber attacks are launched against our critical in

276、frastructure and government systems,we must bounce back by responding and recovering quickly.However,responding to a cyber incident is not just about the technical event.Government and industry also need to work together to appropriately manage the ongoing consequences of a cyber attack.Following re

277、cent cyber incidents,critical infrastructure entities have called for better government support to help manage the ongoing impacts of an incident.20232030 Australian Cyber Security Strategy41 How the Government will take actionThe Australian Government will continue to work closely with industry to

278、defend our critical infrastructure and Systems of National Significance.We will protect these systems with multilayered defences to shield against the most sophisticated cyber attacks.Under this initiative,the Government will:1.EnhancecybersecurityobligationsforSystemsofNationalSignificanceTo protec

279、t our Systems of National Significance,the Government will expedite implementation of the SystemsofNationalSignificanceframework.The framework will include Enhanced Cyber Security Obligations for these most vital systems,requiring them to have enhanced measures in place to ensure they bounce back qu

280、ickly from a cyber attack.The Government will also scale up ASDs Critical Infrastructure Uplift program,under which ASDs cyber experts partner with critical infrastructure providers to harden their networks.2.Ensure critical infrastructure is compliant with cyber security obligationsThe Government w

281、ill ensure regulated entities are appropriately informed of their obligations under the SOCI Act including the obligation to develop,maintain and comply with a critical infrastructure risk management program by finalising a compliance monitoring and evaluation framework.As part of this framework,the

282、 Government will consult with industry on developing enhanced review and remedy powers,including the power to direct entities to uplift risk management plans if they are seriously deficient.3.Help critical infrastructure manage the consequences of cyber incidentsThe Government will consult with indu

283、stry on how it can help entities better manage the consequences of cyber incidents.This includes the proposal to introduce a last resort all-hazards consequence management power to help industry deal with secondary consequences stemming from significant incidents,where no other Commonwealth,state or

284、 territory legislative levers are available to provide an effective response.Under this proposed power,Government would be able to authorise specific actions to manage consequences of a nationally significant incident,including cyber attacks or other hazards.Such powers reflect calls from critical i

285、nfrastructure for enhanced government support when managing the ongoing impacts of an incident.15 Uplift cyber security of the Commonwealth GovernmentThe problem we faceThe Australian Government needs to hold itself to the same standard it imposes on industry.Government is an owner and operator of c

286、ritical infrastructure,and it also holds some of the most sensitive data about our people,economy and national security.As part of their core functions,Commonwealth,state,territory and local governments all provide essential services to our society.They form a critical part of our nations digital in

287、frastructure.20232030 Australian Cyber Security Strategy42 Government information and services can be high-value targets for malicious and state-sponsored threat actors.Cyber incidents can threaten the information held by the Government,public trust in our institutions,and the various digital functi

288、ons that governments provide.For this reason,the Government has a vital role in setting best practice cyber security standards a role recognised by nearly all stakeholders during consultation.Industry has clearly voiced an expectation that Government improves its own cyber security,in addition to im

289、posing higher standards on other organisations.Australia urgently needs a new approach to government cyber security.Enduring and low levels of cyber maturity across many Australian Government entities have revealed major gaps in our security posture.We have significant cyber skills shortages in the

290、APS,and many government systems do not yet meet the ASDs Essential Eight strategies for mitigating cyber security incidents.To uplift our collective cyber security,the Government must itself adopt cyber best practices including driving accountability for cyber security across its own departments and

291、 agencies.How the Government will take actionDeliver a plan to uplift Commonwealth cyber security to position the Australian Government as a world-class trusted digital government.Under this initiative,the Government will:1.Strengthen the cyber maturity of government departments and agencies The Cyb

292、er Coordinator will be enabled to lead whole-of-government cyber security uplift.As part of their role,the Coordinator will oversee the implementation and reporting of cyber maturity across Commonwealth departments and agencies.The Coordinator will also work collaboratively with state,territory and

293、local governments to promote investment that will drive a meaningful shift in government cyber maturity.To protect the Australian Governments data and digital estate,we will build on the best practice principles established within ASDs Essential Eight.We will also draw on internationally-recognised

294、approaches to zero trust,aiming to develop a whole-of-government zero trust culture.We will implement defined controls across our networks that will be consolidated into the Australian Government Information Security Manual,and enabled through the Protective Security Policy Framework.To provide ongo

295、ing accountability,we will develop an internal cyber security program and assurance function.We will scale up support to government entities uplifting their maturity against the Essential Eight.We will also conduct regular reviews of the cyber maturity of Commonwealth entities as part of the Investm

296、ent Oversight Framework led by the Digital Transformation Agency.These reviews will inform further evolution of our security frameworks and help government entities meet changes in the evolving threat landscape.20232030 Australian Cyber Security Strategy43 2.Identify and protect critical systems acr

297、oss government Government investments in cyber security must be focused on the systems that are most critical to our national interests,economic prosperity and social cohesion.To help prioritise our investments,we will designate SystemsofGovernmentSignificance that need to be protected with higher s

298、ecurity standards.We will map the Governments most important digital infrastructure,assessing the level of impact if these systems were disrupted.3.Uplift the cyber skills of the Australian Public Service(APS)The APS play a critical role in driving the cyber security posture across government.The Go

299、vernment will invest in developing the cyber skills of the APS,establishing a federated approach to growing and managing our in-house cyber capabilities.16 Pressure-test our critical infrastructure to identify vulnerabilitiesThe problem we faceWhile this Strategy will better equip Australian citizen

300、s and businesses to protect themselves from cyber attacks,malicious actors will continue to identify and target vulnerabilities.To counter this,we need to stay ahead of the threat we need to pressure-test our critical infrastructure to identify potential vulnerabilities before they are exploited.All

301、 businesses should ensure that they are appropriately prepared to defend,respond to and recover from a cyber incident.However,the importance of critical infrastructure to maintain essential services necessitates a heightened level of readiness.In addition to identifying vulnerabilities in our networ

302、ks,we also need to rehearse our incident response plans so that we are prepared for cyber incidents when they occur.By testing our national coordination mechanisms,it will be easier to get help and resume business continuity after an incident.How will the Government take actionThe Australian Governm

303、ent will build our national cyber readiness by proactively identifying and closing gaps in our cyber defences and incident response plans.Under this initiative,the Government will:1.Conduct national cyber security exercises across the economyThe Cyber Coordinator will lead a National Cyber Exercise

304、Program,exercising the full spectrum of incidence response plans,consequence management and communications channels.Engaging closely across all sectors,the Government will exercise cyber incident scenarios to test established processes to support businesses and the economy in the event of an inciden

305、t.These exercises will ensure that cyber crisis arrangements are understood,integrated and rehearsed.20232030 Australian Cyber Security Strategy44 This program will complement and build on the Enhanced Cyber Security Obligation to conduct exercises,applicable to Systems of National Significance unde

306、r the SOCI Act.2.Build playbooks for incident responseRunning national exercises also presents a valuable opportunity to share cyber best practice across sectors.Operators and stakeholders will share strategies to identify opportunities for enhancement and further alignment across the nation in the

307、event of an incident.Following these exercises,the Cyber Coordinator will develop playbooks for incident response.These playbooks will augment guidance to business leaders and lessons learned from the Cyber Incident Review Board under Shield 1.20232030 Australian Cyber Security Strategy45 Australia

308、has a flourishing cyber industry,enabled by a diverse and professional cyber workforce.What success looks likeBy 2030,Australia will foster a thriving cyber security ecosystem that attracts,grows and retains talent,houses strong cyber security companies and capabilities,and nurtures innovative new t

309、echnologies.Our nation will be recognised for pioneering work in cyber technology and applied sciences,with a large,skilled and diverse cyber workforce.High-quality education and training opportunities will support defined pathways into the cyber security profession.Our cyber workforce will be profe

310、ssionalised,with clear standards to validate cyber skills and experience.By leveraging our existing commitments to landmark reforms across the immigration,education and training systems,we will assemble a world-class cyber workforce that welcomes people from a wide range of backgrounds.Our cyber wor

311、kforce will be inclusive,with strong career opportunities for diverse cohorts especially women,who are significantly underrepresented in the sector.Australia will have a thriving and robust cyber security industry that supports national prosperity,generates high-wage jobs,and creates innovative solu

312、tions to current and future cyber security requirements.Cyber security firms will be supported by a robust market,with better opportunities to obtain government contracts and investment to stimulate growth.Australias strong academic and research institutions will continue to drive world leading cybe

313、r research and innovation.Through closer,focused collaboration between industry and government,we can tackle some of the toughest cyber security problems and invest in the secure development of emerging technologies like AI and quantum computing.Sovereign capabilitiesShield 520232030 Australian Cybe

314、r Security Strategy46 How well get thereTo achieve our 2030 vision,the Australian Government will:grow and professionalise our national cyber workforce;and accelerate our local cyber industry,research and innovation.17 Grow and professionalise our national cyber workforceThe problem we faceIndustry

315、suffers from ongoing shortages in the cyber security workforce,with a lack of representation of women and other diverse groups.Firms face challenges recruiting and retaining experienced world-class cyber talent exacerbated by complex migration paths for foreign experts,and competition with higher pa

316、y rates abroad.AI and other emerging technologies are likely to transform cyber roles and reshape skill requirements as automated tools assume greater responsibility for core network protection functions.Employers are facing a shortage of cyber professionals and a mismatch between job requirements a

317、nd employee skills.A lack of sufficient job-ready experience is a key challenge for industry,with graduates and workforce entrants often requiring further on-the-job training to become proficient.20232030 Australian Cyber Security Strategy47 Improving the inclusivity and diversity of the cyber secur

318、ity workforce is imperative for the sector to reach its full potential.Beyond attracting more women and underrepresented cohorts into the cyber security sector,employers also have a role in fostering a workplace culture that is genuinely inclusive and embraces diversity.The cyber security sector nee

319、ds to retain diverse talent to take advantage of a much wider spectrum of cyber skillsets,experiences and capabilities.Industry has also identified inconsistencies across the Australian cyber security sector in meeting global cyber workforce standards.The absence of a national standard for cyber ski

320、lls means employers lack assurance that the workforce is appropriately trained and that their qualifications are fit for purpose.To meet future cyber workforce needs,we need to transform our digital skills pipeline.How the Government will take actionThe Australian Government recognises that our cybe

321、r security workforce will constitute the foundation for sustained growth in the domestic cyber ecosystem.We will take immediate steps to foster a stronger,more diverse cyber security workforce while providing businesses with greater confidence in the qualifications of cyber professionals.Under this

322、initiative,the Government will:1.Grow and expand Australias skills pipelineThe Australian Government has already commenced delivery of reforms to support and grow a more effective education and training system that will address Australias digital and cyber security workforce needs.The newly establis

323、hed Jobs and Skills Australia and the Jobs and Skills Councils will work together to identify and meet future workforce needs,while also providing industry with a stronger voice,to deliver the best outcomes for learners and employers.This will include assessing workforce needs for cyber security ski

324、lls.The Government has taken steps to progress interventions at every stage of the skills pipeline.To encourage young people to pursue careers in the cyber workforce,learning cyber skills needs to start in primary and secondary school.The Government will continue to integrate cyber security teaching

325、 within Australian primary and secondary school education,in line with recent changes to the Australian Curriculum.The Government is also making targeted investments at the graduate level by providing additional higher education Commonwealth Supported Places to support priority workforces,including

326、in cyber,information technology and STEM(science,technology,engineering and mathematics)related fields.Migration reforms will complement domestic skills pipeline initiatives to attract talent and make Australia a destination of choice for global cyber experts.The Governments Migration Strategy will

327、establish a clear set of objectives for the migration system,bolstering our commitment to better coordination and integration of migration with the Australian labour market and training and education systems.A new global outreach capability and re-energised local outreach network will allow us to ac

328、cess critical talent pools and put Australia back in competition with other countries for the highly skilled migrants we need.20232030 Australian Cyber Security Strategy48 2.Improve the diversity of the cyber workforceTo create a diverse cyber workforce and tap into the potential of a broader market

329、,the Government will work with industry to promote targeted support and return-to-work programs for women,underrepresented groups and diverse communities.The Government will also issue cyber diversity guidance to help employers attract and retain diverse cohorts into cyber security professions.This

330、guidance will include specific recommendations on how to increase employment of women and First Nations people in cyber roles,acknowledging the major barriers they face to find and maintain jobs in the sector.The Government will continue to consult with industry and work with the Executive Cyber Cou

331、ncil to develop whole-of-economy initiatives to improve the diversity of the cyber workforce.The Governments response to the Pathway to Diversity in STEM Review will provide a further opportunity to consider concerted and systemic action to address this issue in the long term.3.Professionalise the d

332、omestic cyber workforceTo support a thriving ecosystem,we will also work with industry to enhance efforts to professionalise the cyber security workforce.This will create clear pathways into cyber security roles,reduce barriers to entry and build greater consistency across the cyber workforce.A clea

333、r cyber skills framework will provide assurance to employers that the cyber workforce is appropriately skilled,and will give workers confidence that their qualifications and relevant experience are recognised and fit for purpose.The Governments reforms to the vocational education and training(VET)system will provide training relevant to Australias labour market and keep pace with emerging skills n