The Australian government is displaying great interest and urgency in addressing the deficiencies in security and regulation that have led to one massive-scale leak after another over the past two years. Just this week, Pizza Hut Australia notified nearly 200,000 customers of a widespread data leak, and the government is keen to take the steps it needs to slow the rate of these breaches.
Central to this strategy is the “six cyber shields” approach the government announced. This forms a core part of the upcoming 2023-2030 Cyber Security strategy, and it aims to build six cyber shields in service of citizens, businesses and government at all levels. This is an overarching strategy about setting in place best practices and a framework that the nation urgently needs a cohesive vision of.
Jump to:
The government believes this approach will be effective as each of the six shields contributes to a cohesive, planned national response that builds a more protected Australia, with clear global standards for digital safety in products and real-time threat intelligence exchange.
The first three shields focus on improving the knowledge of cyber security across the nation. This means education, safe technology and threat-sharing:
Meanwhile, the last three shields dig deeper into the technology. These will focus on protecting critical infrastructure, sovereign capabilities and fostering global coordination.
Without a doubt, this is a noble initiative by a government that is keen to be seen as proactive on cyber security. However, as well-meaning as this initiative is, there are many implications about the impact the six cyber shields approach will have on Australian businesses.
Most significantly, there is the concern that, in increasing investment in cyber security so much, the government will “hoover” up the limited talent in IT security, exasperating an already massive cyber skills shortage.
SEE: Reports further illustrate Australia’s IT skills shortage.
At its most straightforward, the implementation of the six cyber shields will require the government to recruit a significant number of cyber security professionals for itself. These professionals will need to have a deep understanding of both the technical and strategic aspects of cyber security, as well as the ability to implement and manage complex systems.
In other words, the Australian government will be looking for the same calibre of cyber security professionals that private enterprise is already struggling to find. Australia may well struggle to fill these roles to an extent beyond our current reckoning, especially if our education system can’t rapidly scale the number of IT experts it is producing.
The Australian government’s approach to cyber security is likely going to increase the regulatory burden placed on enterprises. The redoubled focus on cyber security could potentially lead to a diversion of resources away from other areas of IT.
For example, resources may be redirected from software development, data analysis and other IT sectors to align the enterprise with the objectives of the cyber shields. In turn, this could create an imbalance in the IT skills market, with an oversupply of training and demand for cyber security professionals and a shortage in other areas. In the long term, this could affect Australia’s digital competitiveness.
The complexity and scale of the cyber shields initiative could actually cause the staff churn challenges many organisations face to accelerate. Australia’s cyber security industry already struggles terribly with stress and mental health, with 91% of professionals experiencing mental health challenges. Of those, one-third end up quitting, with one in 10 leaving the industry entirely.
Any additional burden the cyber shields approach puts on private enterprises will mean greater workloads, greater levels of stress and greater levels of burnout, unless the organisation is able to recruit a larger team of security professionals.
The implementation of the cyber shields approach could result in a new national cyber security calibration that IT professionals will need to train towards. With the government committing to a proactive approach moving forward, it is likely that the need for ongoing training will increase.
For already overworked cyber specialists, this will be challenging to accommodate. It will also make it more difficult for the organisation to have the total suite of skills it needs to fully meet the ambitions of the government’s new cyber security strategy.
Australian organisations don’t need to simply worry about the domestic competition for cyber security resources. It’s likely that other governments will build deeper cyber security strategies that align with the set of objectives the Australian government has set out.
SEE: Australia’s limited onshore IT talent is slowing down tech innovation.
As that happens, an increasing global demand will make it more difficult for Australian organisations to find talent. Australia is a relatively positive place to work, but with massive multinational corporations and the resources they have to fill their cyber security teams, it might be a challenge that few local companies can afford.
While the cyber shields initiative is a positive step towards enhancing Australia’s cyber security infrastructure, it’s important to consider its long-term sustainability. The ongoing maintenance and updating of these cyber shields will require a steady supply of skilled IT professionals.
If Australia continues to struggle with an IT skills shortage, it may become difficult for even the Australian government to deliver on its own ambition, resulting in inevitable declines in both vision and execution.
The Australian government’s initiative to build its six cyber shields is commendable. However, it means nothing if there isn’t a concentrated effort to address the skills shortage at the same time.
Now might be the best time for anyone involved in IT to add to their security capabilities, as their résumé is about to become more valued across all levels of government and private enterprise than ever.