By: Kieran Doyle, Nicole Gabryk and Nick Martin

The Australian Government released the 2023-2030 Australian Cyber Security Strategy (the Strategy) on 22 November 2023. According to the Department of Home Affairs:

The Strategy is the roadmap that will help realise the Australian Government’s vision of becoming a world leader in cyber security by 2030. To achieve this vision, we need to protect Australians. Through the Strategy we seek to improve our cyber security, manage cyber risks and better support citizens and Australian businesses to manage the cyber environment around them. We will do this with six cyber shields.

The six shields set out in the Strategy are:

  1. Strong businesses and citizens
  2. Safe technology
  3. World-class threat sharing and blocking
  4. Protected critical infrastructure
  5. Sovereign capabilities
  6. Resilient region and global leadership

Further to our recent analysis of shields 1, 2, 3 and 4 of the Australian Government’s 2023-2030 Australian Cyber Security Strategy released on 22 November 2023, shield 5 of the Strategy focuses on ‘Sovereign capabilities’ and the Government’s commitment to creating a cyber resilient security environment through building and developing Australians’ cyber skills, and creating more talent within the cyber industry.

 

 

Shield 5 – Sovereign capabilities

It is well known that the cyber security workforce is a competitive field, largely due to the lack of cyber-skilled individuals, making both obtaining and retaining talent highly challenging. The Australian workforce lacks cyber security professionals across all levels and specialisms despite the fact that there is an ever-increasing demand for such skills.

Given this, shield 5 focuses on:

  1. growing and professionalising Australia’s cyber security community through the workforce, and
  2. developing Australia’s cyber industry and cyber research and innovation.

The Government aims to address the gaps it identified in the cyber security workforce through:

  • establishing specific cyber security education and training, in particular through designated forums within the Jobs and Skills Australia program and the Jobs and Skills Councils
  • incorporating cyber security education into the Australian education curriculum for primary and secondary school children
  • establishing a ‘cyber diversity guidance’ program, targeted at attracting women, underrepresented groups and diverse communities into the cyber workforce
  • recognising the need for continuous formal training and ‘on the job training’ of young cyber security graduates, to address a concern that university and college training does not provide the practical skills often required ’at the coalface’, with many graduates requiring extra training upon entering the workforce
  • investing in domestic cyber security training and growth, with the development of a ‘Cyber Security Challenge program’ designed to provide funding for cyber security training to encourage ‘cyber start ups’ to collaborate with the government and address commonly faced cyber security challenges, and
  • growing and maintaining Australian cyber security research capabilities, to create both innovative and forthcoming cyber security tools and technologies.

The Government’s proposed initiatives to upskill and grow a sovereign cyber capability and ensure homegrown cyber professionals organically enter the workforce are welcome in the face of domestic skills shortages.

The Government’s plans, to ensure that shield 5 is ‘joined up’ with the other shields of the strategy via programs which support other key priorities in the Strategy (such as developing new technologies for threat sharing and blocking and the adoption of new technologies such as AI), would also greatly assist with challenges identified by Government in Shield 1 around incident response vendors.