Breaking Down The Cyber Security Strategy 2023-2030: Phase Two (2026-2028)

The first phase, or “horizon” for the Australian Government’s Cyber Security Strategy 2023-2030 is focused on building foundations and preparedness. For the second phase (2026-2028), the government has flagged that the intent will be one of scale and maturity.

Phase two will take the foundations laid in phase one and begin to accelerate them, with a broader reach that is going to impact on both society and the way resilience is built into organisations. This is not a pure technology investment but is equally focused on the people, processes and partnerships that will drive the technology to those outcomes. Critically, it means complex partnerships are going to be integral, across departments, the public and private sectors, and across the business environment.

The Australian government understands that tackling national resilience requires co-ordination rather than individualism. This kind of transformation in how we look at resilience is a process, but that’s what phase one is designed to facilitate. By 2026, we’re going to see the full implications of this strategy take flight.

Simultaneously, scaling up the cyber industry is another key aspect of phase two. This involves fostering innovation and growth within the cybersecurity sector. Businesses and government agencies need to be ready to support this growth, whether it’s through investing in new technologies, partnering with specialist firms for their expertise, or implementing advanced cybersecurity measures.

Growing a diverse and skilled cyber workforce is also a priority in phase two. This is going to be a challenge, given how deeply Australia is in deficit currently, but the objectives of phase one, including laying the foundation for strong security professional pipelines too. This involves not only training and hiring more cybersecurity professionals but also ensuring diversity within the workforce – the calls for this sector to become much better at hiring women are extensive, for example.

On the technology side, phase two means creating a resilient cyber ecosystem. This means building an environment where businesses and government agencies can withstand and quickly recover from cyber attacks. Preparation for this involves implementing the robust incident response plans that are a cornerstone of the phase one preparation, and investing in technologies and practices that enhance resilience.

Look to phase two and 2026 now

The three key things that organisations across the private and public sectors can do to look toward this phase now include:

1. Investing in Cyber Security: Organisations should start investing in cyber security measures now. This includes investing in secure technology and infrastructure, as well as in training and development for their staff. They should also consider partnering with cyber security firms to enhance their security measures.
   
   
2. Fostering a Diverse Cyber Workforce: Organisations should focus on growing a diverse and skilled cyber workforce. This involves developing inclusive hiring practices and providing ongoing training and development opportunities for their staff. A diverse workforce can bring a variety of perspectives and ideas, which can enhance problem-solving and innovation in cybersecurity.
   
   
3. Building Partnerships: Organisations should start building strong relationships with their partners and stakeholders. This includes fostering collaboration and information sharing between different sectors and levels of government. By building these partnerships now, organisations can be better prepared to respond to cyber threats and challenges in the future.
   
   

It might seem that phase two of the Australian Government’s national cybersecurity strategy is many years away, but organisations should be preparing for it now, because this is an ambitious and far-reaching strategy, and the acceleration and energy behind it is going to be rapid.

Future technology investments and areas for consideration

Phase two will involve embracing technologies and innovations that are currently in development or their early stages now. Partnering with an organisation like Excite Cyber will ensure that, as developments in these technologies progress, the organisation will be well positioned to be strategic with them:

1. AI and Machine Learning-Driven Security Solutions: Leveraging AI and machine learning technologies to predict, detect, and respond to threats more efficiently. This includes anomaly detection systems that identify unusual patterns indicative of a cyber-attack. 
   
   
2. Blockchain for Security: Utilising blockchain technology to enhance data integrity and security in various applications, such as secure transactions, identity verification, and supply chain security.
   
   
3. Quantum Computing Security: With the advent of quantum computing, preparing for quantum-resistant cryptography, and ensuring that encryption systems remain secure against future quantum computing threats.
   
   
4. 5G Network Security Services: As 5G technology becomes more widespread, finding specialised security solutions for 5G networks, and addressing this technology’s unique challenges and vulnerabilities.
   
   
5. IoT and Smart Device Security Solutions: Developing advanced security measures for the growing number of IoT devices and intelligent technologies, which often need more built-in security features.
   
   
6. Security Orchestration, Automation, and Response (SOAR): Implementing SOAR solutions to automate security tasks, orchestrate security workflows, and respond rapidly to incidents.
   
   
7. Extended Detection and Response (XDR): Offering XDR services that integrate various security products into a cohesive security operation, providing more effective threat detection and response across different infrastructure layers.
   
   
8. Augmented Reality (AR) and Virtual Reality (VR) Security: Building security solutions for AR and VR environments, addressing unique challenges such as data privacy, user authentication, and application security in these immersive technologies. This is especially important with the emergence of the VISION PRO next year.
   
   
9. Edge Computing Security: Building solutions to secure edge computing environments, ensuring data security and privacy in distributed computing architectures.
   
   
10. Privacy-Enhancing Technologies (PETs): Implementing solutions that enhance user privacy, such as homomorphic encryption, secure multi-party computation, and zero-knowledge proofs.
    
    
11. Autonomous Systems Security: Developing security frameworks for autonomous systems like drones, self-driving vehicles, and robotics, addressing potential vulnerabilities and ensuring secure communications.
    
    
12. Digital Twins for Cybersecurity: Utilising digital twins to simulate cybersecurity scenarios, enabling better prediction of potential threats and testing defence strategies in a virtual environment.