Huawei: Automotive and energy industries driving 5G and IoT, not telcos
Australia's Minister Assisting the Prime Minister on Cyber Security Dan Tehan said on Wednesday a centralised approach to cybersecurity was dangerous, and it was preferable for departments to take care of themselves instead.
"My view is we want each individual department and agency to take responsibility themselves, and the best way we can do that is just remind them of the need for them to take this issue incredibly seriously," Tehan said at the launch of the Weakest Links: Cyber governance and the threat to mid-sized enterprises report developed by Australian National University and Macquarie Telecom.
"What we want to develop is a culture with all departments and agencies within government that they have the mechanisms in place to make sure they are as cyber-secure as they possibly can be, and if there is capability shortfalls, that they reach out to see how they can get them addressed by other agencies who can help in this regard."
The minister said departments and agencies needed to understand their requirements, but also their limitations that could be addressed by other parts of government.
According to the 22 government agencies sampled for the report, no agency said it reviews its cyber security risk management monthly or weekly, with only 50 percent of executive teams provided with threat reports monthly or more regularly. The report said 15 percent of agencies had no person responsible for cybersecurity, and 41 percent of agency respondents regarded their executive teams as having poor or limited knowledge of information security risks.
Despite these results, Tehan dismissed the idea of any edict from government to force agencies to up their security game.
"I think if we go over the top ... sort of a centralised approach, I think that presents dangers," he said. "I don't think mandating is the way to go, I think making sure we remind them of their responsibilities."
"As a former public servant, I think reminding public servants or agencies of their responsibilities often does tend to make the gears and the wheels turn pretty quickly."
The federal government alone could not protect Australia's infrastructure from online attacks, Tehan said.
"When it comes to Australia's critical infrastructure, the states have as key a roll to play, if not more of a key role to play," the minister said.
"Making sure we protect our critical infrastructure and making sure we understand states, local government in some instances, and federal government has a role is also crucial."
Tehan said he hoped the experience of the Australian Bureau of Statistics (ABS) during Census night will be the wake up call the government agencies need.
The minister also said there were recommendations concerning the ABS before Cabinet.
Amongst the findings of the report, only 21 percent of the 36 medium-sized business sampled said they would report a breach, even if legally compelled to do so.
"This is probably compounded by the fact that there is a low level of awareness of the government agencies who are available to assist them," Aidan Tudehope, managing director of Macquarie Government said. "The report makes clear that, for a crucial part of the government and business community, cybersecurity is not treated as a core management business."