Australian Cyber Security Industry Roadmap – Executive Summary

Cyber security – vital for future industry growth

Cyber security has never been more important, both as an enabler for Australian industry and as a source of economic growth itself.

Vision for Australia’s Cyber Security Sector

A globally competitive Australian cyber security sector that enables Australian organisations to pursue digitally driven growth, and supports greater trust and confidence to participate in the international economy.

As an enabler for industry, cyber security’s importance is being driven by the global business environment becoming increasingly interconnected and reliant on data and digital technologies. As a result, organisations need to think of cyber security not just in terms of compliance and risk mitigation, but as an essential business function that is fully embedded in processes and systems.

And as a source of economic growth itself, Australia’s burgeoning cyber security industry has a unique opportunity to deliver services and solutions in a globally-competitive, export-facing industry.

This Roadmap primarily focuses on the first aspect: the role cyber security (as a horizontal sector) can play in enabling growth opportunities in other sectors. In particular, the report concentrates on the priority Australian sectors aligned with Australian Government’s Industry Growth Centres initiative.

Cyber Security can play an important role in enabling growth opportunities in other sectors

 

At present, Australia’s cyber security sector is small; however, it is forecast to triple its revenue over the coming decade due to increased demand for cyber security products and services.

The majority of Australian organisations currently lack the capacity to employ large internal cyber security teams which, in turn, creates demand for external, often international cyber services.

AustCyber’s Cyber Security Sector Competitiveness Plan – a companion to this Roadmap – provides details about the cyber security industry and skills requirements that will allow the Australian sector to capture value from this increased demand.

The cyber security workforce is set to grow.

Digital trends transforming industry

Digital transformation is providing numerous Australian industries with unparalleled opportunities for value creation.

These trends illustrate that digital technologies, connectivity and automation are having a profound impact on the way organisations operate. These trends are not discrete, and exert an influence on an evolving cyber security threat landscape, with diverse and unanticipated cyber security risks now affecting businesses, governments, and people.

Each trend creates cyber security implications for Australia’s industries, and will create opportunities for Australia’s cyber security sector.
Increased data exchange

Increased data exchange

The volume of data generated and exchanged between equipment, people and businesses is leading to meaningful insights that support disruptive business models and technologies.

Enhanced experiences

Enhanced experiences

Digital technologies are allowing people to have increasingly personalised and enhanced experiences, which is leading to changes in human expectations and behaviours.

Globally connected

Globally connected

Global connection through the digital world is enabling trade, empowering people with access to information and novel products and services; and allowing seamless communication for improved social connections.

Transformed supply chains

Transformed supply chains

Digital technologies are transforming supply chains, creating greater transparency, increasing efficiencies and blurring traditional boundaries.

Delivering a cyber secure future

Australia’s small but well-developed market provides an exemplary testing ground for pilot programs to then be rolled out in larger economies.

Three themes have been developed via diverse industry consultation to understand how cyber security solutions can lead to more effective organisation and business operations, and improve Australia’s overall cyber security posture to take advantage of digital transformation. Industry can engage immediately, in the short and medium terms in these themes, which are: (1) trusted ecosystem, (2) secure by design, and (3) robust and resilient. The themes cut across sectors, and discuss how Australia can embed cyber secure behaviour by building trust, improving design processes and raising overall cyber-resilience.

These themes build on the goals established by AustCyber to: (1) grow an Australian cyber security ecosystem, (2) export Australia’s cyber security to the world and (3) make Australia the leading centre for cyber education.

As cyber security solutions move from being a post-development consideration to a design-phase consideration that is tightly integrated with the industry vertical, time to market will improve, as will the reputation of the products and services being developed in Australia.
Trusted ecosystem

Trusted ecosystem

Creating digital ecosystems that are highly trustworthy, allowing for rapid exchange of information and providing a stronger environment for trade.

Trusted partners

User-friendly and trusted sharing of information within supply chains, with third parties and with customers.

Threat intelligence sharing

Information about credible cyber security threats is shared within industry efficiently, allowing credible threats and risks to be quickly understood.

Collaborative demonstration projects

Demonstration projects illustrate how a trusted ecosystem may be established to create commercial value within Australia’s priority growth sectors.

Resources and guidelines

Best-practice guidelines and tailored cyber security assessment resources are available, customised to Australia’s various industries and adaptable to the unique circumstances of businesses.

Onshore capability

The judicious procurement of locally developed cyber security solutions is encouraged where available, helping to maintain a critical mass of onshore cyber capabilities.

Secure by design

Secure by design

Ensuring new products, services, platforms and processes are designed with cyber security as a key consideration.

Assurance of secure products

Guidelines establish a baseline for built-in cyber security in products and services that harmonises with international standards, allowing for improved exportability.

Secure by design skills in workplaces

Cyber security workplace skills are strong. Companies involved in the development and commercialisation of new technologies embed strong cyber security early in the design process.

Security embedded in ICT training

The gap between cyber security and ICT education is bridged by embedding more cyber security aspects into all tertiary information technology courses.

Research and industry collaboration

Australia’s cyber security sector and the research community collaborate to help Australian industry underpin innovation with strong cyber security.

Secure trade and supply chains

Contractual negotiations and trade agreements clearly integrate cyber security measures in the development phase, leading to much greater security across supply chains.

Robust and resilient

Robust and resilient

Building greater cyber maturity and resilience in Australian industry and communities by developing a robust security culture.

Awareness in the community

Community awareness about the importance of cyber security is strong, supported by a targeted, high-profile education campaign.

Workforce skills

Awareness of cyber security basics in the context of workplaces is strong throughout all levels of staff, with companies adopting appropriate risk based practices.

Frameworks for cyber security

New frameworks and improved governance enables more innovation, while ensuring cyber resilience is prioritised.

Strong leadership

Executive and Board level cyber security literacy and education initiatives are supported and well attended, leading to improved cyber security awareness within company leadership structures.

Australia’s reputation

Australia’s cyber security sector in collaboration with the priority sectors have built a national reputation for cyber security excellence across key cyber security pillars, leveraging strengths of the research community.

Universal cyber care

Technology solutions focused on helping to raise the general cyber security hygiene of the Australian public and businesses have been investigated and developed.

Actions for cyber secure growth

Realising the themes requires change via collaborative action, with the Australian cyber community working closely with businesses, research institutes, governments, industry associations and the Industry Growth Centres. Presented over immediate to medium-term timeframes, each action is aligned to one or more of the themes. Many of the immediate actions are already in process in cyber literate sectors such as finance and defence; however, further consideration is required in order for them to be implemented across broader Australian industry.

Trusted ecosystemTrusted economy

Secure by designSecure by design

Robust and resilientRobust and resilient

 

Immediate

Short Term (1-3 years)

Medium Term (3 – 5 years)

Guidelines and frameworks

Guidelines and frameworks

Trusted ecosystemImprove guidelines for best practice cyber security hygiene

Trusted ecosystemDevelop data sharing frameworks

Secure by designImprove baseline device and platform security

Robust and resilientDevelop agile frameworks for technology adoption

Trusted ecosystemImprove frameworks for international trade

Threat intelligence sharing

Threat intelligence sharing

Trusted ecosystemSecure by designRobust and resilientImprove shared threat intelligence

 

Trusted ecosystemImprove global threat intelligence sharing

Skills and training

Skills and training

Trusted ecosystemImprove basic cyber security practices

Improve cyber literacy in Robust and resilientcompany leadership

Secure by designBuild ‘secure by design’ workforce skills

Secure by designEmbed cyber skills into ICT workforce

Robust and resilientEmbed cyber skills into general workforce development

Robust and resilientCreate active education experiences

Cyber security awareness

Cyber security awareness

Secure by designRobust and resilientDevelop business awareness
and cyber resources

Robust and resilientBuild community

Trusted ecosystemCelebrate home awareness grown cyber solutions

Secure by designImprove communication of secure by design features

Ongoing

Collaboration with Australia's growth industries

Collaboration with Australia's growth industries

Trusted ecosystemEstablish demonstration projects

Trusted ecosystemBuild solutions for Australia’s growth industries

Secure by designTransform business models

Secure by designBuild Australian exports and global reputation

Secure by designEnsure cyber security is considered in trade negotiations

Improved cyber-physical systems

Improved cyber-physical systems

Robust and resilientDevelop solutions for areas of poor connectivity

Robust and resilientMitigate legacy systems risk

Secure by designImprove data collection

Trusted ecosystemEstablish trusted inter-site networks

For detailed information on actions, please see chapter 3 of the PDF.

Cyber security for Australian industry

To be truly effective, Australian industry and the cyber community must tailor the enabling themes and actions to each industry’s specific opportunities for growth, such as the examples given in the diagram below.

By unpacking growth opportunities presented within the themes in this report, Australian industry and the cyber security sector can both work towards the development of competitive offerings for local and international markets.

For Australia to be globally competitive, cyber security must underpin the data-driven transition of every sector in the economy.

Medical Technologies and Pharmaceuticals (MTP)

Medical Technologies and Pharmaceuticals
Opportunity for growth Company value creation Cyber security challenges

Diagnostic products and services

Novel business and service models around the collection, interrogation, interpretation and packaging of medical and population data.

  • New business opportunities
  • Shortened R&D cycles
  • Better patient insights
  • Precision products with higher demand/profit
  • Novel clinical trial models
  • Data sharing
  • Data privacy and ownership
  • Data integrity
  • Insider threats
  • Theft and extortion
Priority actions

Secure by designSecure by design

Trusted ecosystemTrusted ecosystem

  1. Improve healthcare networks and infrastructure
  2. Develop frameworks for improved clinical data sharing

Mining Equipment, Technology and Services (METS)

Mining Equipment, Technology and Services (METS)
Opportunity for growth Company value creation Cyber security challenges

Data driven mining decisions

Using data throughout the mining lifecycle to optimise mining operations, reduce timeframes for making high value decisions and optimise response to market demands.

  • Trusted insider access to data
  • New business model opportunities
  • Trusted engagement with mining companies
  • Operational technology (OT)
  • Connected equipment and sensors
  • Availability of data
  • Anomaly detection
  • Volatility of markets
Priority actions

Secure by designSecure by design

Trusted ecosystemTrusted ecosystem

  1. Improve the security across connected mining environment
  2. Improve the safe integration of legacy technologies and systems

Advanced manufacturing

Advanced manufacturing
Opportunity for growth Company value creation Cyber security challenges

Customised high margin solutions

Develop manufacturing services that integrate suppliers and customers to provide customised products that can generate higher margins.

  • Customer willingness to pay
  • Greater loyalty
  • Novel processes and products
  • Collection of more data
  • Greater potential for range expansion
  • Security confidence
  • Insider threats
  • Supply chain integrity
  • Data integrity
  • Data availability
  • Connected equipment
Priority actions

Secure by designSecure by design

Trusted ecosystemTrusted ecosystem

  1. Improve channels for supply chain data sharing
  2. Ensure secure integration of cyber-physical manufacturing systems

Oil and gas

Oil and gas
Opportunity for growth Company value creation Cyber security challenges

Digital operations and maintenance

Transform operations and maintenance activities across onshore and offshore developments through integration and adoption of digital technologies.

  • Improved workforce safety
  • Improved productivity and cost efficiencies
  • Predictive maintenance eliminates down-time
  • Legacy assets
  • Control and availability of OT
  • Security of networks
  • Physical security
  • Data sharing
  • Intelligence sharing
  • Data integrity
Priority actions

Secure by designSecure by design

Robust and resilientRobust and resilient

  1. Improve national and global intelligence sharing
  2. Implement active education programs

Food and agribusiness

Food and agribusiness
Opportunity for growth Company value creation Cyber security challenges

Premium interactions

Export products that generate a premium price due to their quality and novel attributes, underpinned by the ability to provide accurate reporting on provenance.

  • Preserve premium prices
  • Reduced food fraud
  • Trust based competitive advantage
  • Potential for service and value-add
  • Digital maturity
  • Security of sensors
  • Data sharing
  • Availability and authentication of provenance data
  • Food supply chain security
Priority actions

Secure by designSecure by design

Robust and resilientRobust and resilient

  1. Build awareness of cyber solutions
  2. Improve collaborative data sharing