To the editor:
In his article ‘Combating US cyber adversaries calls for whole-of-government approach’, which appeared in C4ISRNET on 17 May 2023, U.S. Rep. Mark E. Green highlights that cyber criminals take advantage of gaps in our visibility over domestic infrastructure and the need for a strong, cross-sector, and whole-of-government approach.
He also points out that interagency cooperation can be improved through the State Department’s new Bureau of Cyberspace and Digital Policy, and that efforts are needed to improve collective cybersecurity.
His observation that over 80% of critical infrastructure is privately owned and operated indicates that a whole-of-nation effort is needed, not simply a whole-of-government effort. Furthermore, close partnerships within the private sector are needed, as is the ability to share timely, actionable, and contextualized information to stop cyber-attacks in their tracks.
These important aspects canvassed by Rep. Mark Green apply equally to Australia, where several government initiatives and legislation that address cyber assurance, reporting, and security have been introduced. However, with Australia’s critical infrastructure entities increasingly being targeted by sophisticated cyber-attacks, we must ask the question – is that enough?
Defensive strategies cannot be formulated in isolation by individual critical infrastructure entities; a collective security posture is needed. In addition, a community-based approach is needed to support government efforts in materially uplifting cyber resilience across the critical infrastructure ecosystem.
The challenges for directors and boards of critical infrastructure operators have increased and additional obligations have now been placed on them and their entities. The onus is on them to act to mitigate risks, which involves
Read more