SCP - Chapter 4 - Building a competitive Australian cyber security sector

Key points in this chapter

  • Much has been achieved since the Sector Competitiveness Plan was first published in 2017
  • But more action is needed to grow vibrant and competitive cyber security sector, that generates increased investment and jobs for the Australian economy
  • Urgently need to address skills and workforce shortage
  • Greater awareness to attract best and brightest to sector
  • More pathways for workers to transition from broader IT sector and other industries
  • Better collaboration in R&D
  • Concentrate R&D on areas of strength and sector segments of software, security operations, and underlying processes
  • Support local companies to grow, mature and export solutions
Much has already been achieved...but more needs to be done to fully seize the tremendous opportunity in cyber security

This Sector Competitiveness Plan shows great potential for Australia to become a leading global exporter of cyber security software and services where it already has a competitive advantage (see focus segments in Chapter 2).

However, Australia cannot expect to build on its existing strengths and develop a vibrant cyber security sector without properly addressing existing challenges, such as:

  • creating a sharper focus in the funding of cyber security research
  • removing growth hurdles for small local cyber startups
  • increasing the pool of job-ready cyber security workers in the short- and long-term.

Given the urgency of this opportunity and the eagerness of many other countries to also seize the moment in cyber security, action needs to happen fast.

Much has been achieved already since the initial Sector Competitiveness Plan was first published in 2017. Recognising the strategic growth potential of cyber security, the Australian Government has established a new Cyber Security CRC, which will provide more targeted funding for the country’s most promising research projects. The Government also launched AustCyber’s GovPitch, a new initiative to help cyber security startups in Australia win public sector contracts more easily.

The education system has also responded well to the challenge with half of the universities in the country now offering a specific cyber security degree or IT degree with a major in cyber security.

AustCyber has committed to a regulatory reform plan that focuses on regulation and standardisation of cyber security (see Appendix C).

Much has already been achieved...but more needs to be done to fully seize the tremendous opportunity in cyber security

Still more needs to be done to enable Australia to fully seize the tremendous opportunity in cyber security. To develop a highly capable and globally competitive cyber security sector, Australia should pursue three goals, as illustrated in Figure 44:

  • develop a competitive cyber security ecosystem
  • strengthen the exportability of local cyber security companies
  • urgently need to capitalise on Australia’s quality education system to improve its reach.

Figure 44 – An overview of the key elements of the Sector Competitiveness Plan

Figure 44

4.1 Growing an Australian cyber security ecosystem

To become a global market leader in cyber security and serve a substantial share of additional security demand over the next decade, Australia is building a stronger, more coherent cyber security ecosystem. Australia’s cyber security sector lacks the strong domestic ecosystem to compete effectively on a global scale. The local network of specialist companies, researchers, government bodies and training institutions that make up Australia’s cyber security sector remains fragmented and underdeveloped, especially in software. This makes it difficult for Australia to fully harness the tremendous economic opportunity arising from the expected surge in demand for cyber security.

To become a global market leader in cyber security and serve a substantial share of additional security demand over the next decade, Australia is building a stronger, more coherent cyber security ecosystem.

To achieve this, Australia needs to create more innovative cyber security startups and help them grow into mature, market-ready and internationally competitive businesses that can cater for the domestic market as well as global value chains. Strengthening the cyber security ecosystem also means inspiring greater collaboration between companies, researchers, government, investors, education providers, and other stakeholders involved.

Help cyber startups find their first customers

Anchor customers, typically large industry players or government departments, add value to any startup. But for cyber security startups, which rely heavily on trust to gain access to high-risk business areas, anchor customers are one of the most critical ingredients for success as they help establish market legitimacy.

Assisting cyber security startups in their search for customers can help strengthen the competitiveness of the local industry. This is because anchor customers often challenge an emerging company to sharpen its profile and refine its offering to be better aligned with global market needs, which increases business prospects.

Actions to help startups

ExploreExplore

ActionAction

Action Lead actor Status
Improve access to first customers for Australian startups by:
  • Analysing the barriers and risks for government agencies and established businesses working with startups
  • Promoting strategies to mitigate these, for example, piloting, investment partnerships
  • Providing access to business coaching for startups
  • Showcasing Australian cyber security products and services to potential customers.
AustCyber Action
Recommendation that the Australian Government encourage industry investors in the CSIRO Innovation Fund to also become first customers for Australian cyber security startups the Fund supports. Government/Industry Explore
Startups and small organisations mature business operations and systems to work effectively with first customers. Industry Action

Improve research focus and collaboration to assist commercialisation

Australia is home to several world-class universities and research institutions on the leading-edge of cyber security innovation. However, a diffuse funding system and weak links between academics and business limit the effectiveness of Australia’s research capabilities.

A diffuse funding system and weak links between academics and business limit the effectiveness of Australia’s research capabilities

Australia needs to replace this scattered approach to public R&D funding for cyber security with a more targeted funding strategy that focuses on cultivating a select number of national hubs for research excellence. A limited and specific set of research areas would also help focus the efforts of Australia cyber security researchers and institutions, and guide the allocation of funding to research by government agencies.

AustCyber has developed Knowledge Priorities for cyber security in consultation with industry and researchers (see Appendix A). The knowledge priorities will guide industry research needs and commercialisation opportunities for Australia’s cyber security sector, as well as to inform AustCyber’s activities as it works with stakeholders across the economy to improve the sector’s research focus, collaboration and commercialisation outcomes. These knowledge priorities will be refined over time through further engagement and an evaluation of areas of existing research capability in Australia.

Further, Australia should work to improve opportunities for research collaborations between industry and universities. A stronger innovation partnership is needed to fully harness the commercial possibilities of cutting-edge research.

Actions to improve research and commercialisation

ExploreExplore

ActionAction

Action Lead actor Status
Identify areas of research strength that support the initial focus segments, based on Australia’s existing research capabilities. AustCyber Action
Work with government/s to better support short and longer-term cyber security research that will ensure both commercialised outcomes and development of scaled national research capability. AustCyber, with government agencies Explore
Work with Data61 to develop research translation and product management models that can be implemented in cyber security research institutions. Research institutions Action
Establish a directory of Australian academics created to help businesses connect with research expertise, including cyber security. Data61 Explore
Invest in the development of stronger collaboration capabilities, including offering work placements for postgraduate students. Industry Action
AustCyber to work closely with the Cyber Security CRC to assist in developing industry-university collaborative proposals and promoting resulting commercialised products AustCyber/CRC Collaboration Action

Make access to seed and early-stage venture capital easier

Australian cyber security companies face larger obstacles than some of their global peers when trying to access early-stage venture and seed capital.

It is crucial for Australia to remove these funding hurdles and help startups commercialise novel products and innovative services that will differentiate them from foreign rivals. A more favourable funding environment, including the system of incubators and accelerators, will enable Australian cyber security startups to become global market leaders.

Australian cyber security companies face larger obstacles than some global peers when trying to access early-stage venture and seed capital

Actions to improve access to early-stage capital

ExploreExplore

ActionAction

Action Lead actor Status
Increase the availability of and access to early stage funding for startups by:
  • ensuring startups have adequate information about the range of potential funding sources
  • identifying and attracting additional funding sources, for example international venture capital funds entering Australian market, better access to investments made by Australian superannuation and wealth funds.
AustCyber Action
Form an informal panel of CIOs and CISOs that can rapidly vet startups’ products for venture capital investment. AustCyber Explore
Develop the scale and maturity of incubators and accelerators that have a cyber expertise. AustCyber Action

Simplify government and private sector procurement processes

Many large companies and government agencies - both state and national level - are bound by strict procurement guidelines, designed to ensure reliable performance of contractors and protect the integrity of their networks. But the complexity and cost of these requirements pose a barrier for smaller and newly established companies, which are often defeated by larger rivals with more experience, reputation and resources.

The complexity and cost of procurement requirements pose a barrier for smaller and newly established companies

While strict compliance and procurement rules are necessary to protect high-risk business areas, more can be done to ensure a greater participation of startups and other small companies in providing cyber security products and services to government and big corporates.

Actions to simplify procurement

ExploreExplore

ActionAction

Action Lead actor Status
Support greater access to government and larger business procurement opportunities by:
  • analysing the contract size and structure of existing cyber security contracts and recommend actions, for example introducing maximum contract sizes
  • Working with state and Australian government agencies to identify opportunities for piloting of technologies offered by Australian companies.
AustCyber Explore
Recommendation that the Australian Government partially subsidise the costs of Australian Government product certification (for example, Evaluated Products List (EPL)) and service accreditation (for example, Information Security Registered Assessors Program (IRAP)) for Australian small to medium enterprises. Government Explore
Innovate around procurement processes to identify requirements that can be relaxed for startups and SMEs. Industry Action
Work in partnerships with key stakeholders - governments, regulators, industry - to explore opportunities for harmonising local standards and regulations with international standards. AustCyber Action
Advocate on behalf of industry in discussions on the particular issues that may attract regulatory responses, exploring the impact of such actions. AustCyber Action
Work with Australian Government agencies supporting regular industry consultation to facilitate innovation and export opportunities within the regulatory framework. AustCyber Action
Work with industry associations and other peak bodies to ensure industry interests are represented in boosting the availability of skilled cyber workers including temporary visas. AustCyber Action

4.2 Exporting Australia’s cyber security to the world

Mounting cyber threats will drive future demand for effective security solutions across Australia and unlock new business opportunities for security providers. Yet the limited size of the local market demands that cyber security companies develop and maintain a strong export focus. For Australia to become a leading cyber security provider in the Indo-Pacific region, local companies will need to improve export capabilities. Australia should also investigate ways to become a more attractive base for cyber security exports of multinational corporations.

Many local cyber security companies still lack the scale to effectively compete in markets outside Australia

Many local cyber security companies still lack the scale to effectively compete in markets outside Australia and contribute to global value chains. This is particularly evident for cyber security services companies, which appear to face greater difficulties than hardware and software providers to venture abroad and establish an international market presence. In light of existing country-specific strengths (trade data indicates Australia is already ‘punching above its weight’ and earns a relatively higher revenue with services than its peers), boosting the export capabilities of local cyber security services companies would deliver particularly strong economic gains.

Support Australian companies to develop more scalable business models

The key obstacle for many Australian cyber security companies, especially in services, is a lack of scalability in their business models. This means they cannot easily grow in order to capture opportunities, and export relies on expanding their workforce offshore in ways that are often too difficult. Working with Australian cyber security companies to improve the scalability of their businesses will be critical to export growth.

Actions to increase exports

ExploreExplore

ActionAction

Action Lead actor Status
Work with government/s to deepen the understanding of export opportunities for Australian cyber security through a detailed market analysis. AustCyber, with government agencies Explore
Analyse the amenability of Australia’s existing services strengths to remote delivery models (particularly in the protection stack). AustCyber Action
Work with government/s to map possible target markets for Australian-managed services in the protection stack and the specific barriers to export to those countries. AustCyber, with government agencies Explore
Identify ways to increase scale through partnerships and invest in the development of scalable, managed service models. Industry Explore

Develop cyber security as an educational export

In recent years, education has become one of Australia’s largest export earners, rivalling the country’s top resources exports.1 This trade success is a testament to Australia’s strong reputation and infrastructure in international education and training, and signals a powerful opportunity for cyber security service providers.

Australia has the potential to become the leading regional, if not global, provider of cyber security education and training. However, realising this potential requires a new focus on growing our cyber security education and training institutions into dynamic, enterprising and export-oriented players.

Actions to develop cyber security education exports

ExploreExplore

ActionAction

Action Lead actor Status
Establish marketing presence in cyber security in key target markets and develop partnerships with local industry that have training needs. Education and training institutions Explore
Recommendation that the Australian Government, working with AustCyber, support training institutions to export cyber security by:
  • identifying target markets for cyber security education exports
  • Promoting cyber security as a national strength within existing Australian education exports campaigns (for example, Future Unlimited).
Government, with AustCyber Explore

Attract multinational corporations to use Australia as an export base for the region

Large multinational corporations currently meet most of Australia’s cyber security needs . They play an important role, not just as security providers, but also as employers. However, interviews indicate that foreign cyber security providers use their Australian operations almost exclusively to service the local market.

Australia could capitalise further on the presence of multinational corporations by encouraging them to make better use of the proximity to Asia and Australia’s potential to serve as a regional export base. Many foreign companies are already attracted to Australia because of the stable political environment, favourable business climate, and diverse and well-educated workforce.

A range of incentives could encourage multinational cyber security companies to broaden their local operations and ship a larger share of exports from Australia. Multinationals could significantly boost Australia’s export capabilities in cyber security, particularly in services, where local companies are generally most challenged to rapidly improve their export-readiness. Multinational companies, in contrast, already have the necessary scalability that allows them to more easily expand into global markets.

Australia could capitalise further on the presence of multinational corporations

Actions to attract multinationals to use Australia as export base

ExploreExplore

ActionAction

Action Lead actor Status

Conduct detailed analysis of the existing export benefits of Australian operations of multinational corporations, and identify areas of comparative advantage for Australia as a cyber security export base for multinational corporations.

AustCyber Action

4.3 Making Australia the leading centre for cyber security education

Cyber security companies worldwide are struggling to expand their businesses, as they cannot find enough skilled workers to satisfy the burgeoning demand for security products and services. There are signs, however, that the talent drought affecting cyber security companies in Australia is among the most acute globally. The number of job-ready candidates that Australia’s education system produces is inadequate to meet current industry demand. While universities and TAFEs have begun to launch new study courses, they will not generate the graduate volume needed in the short to medium-term to keep pace with the sector’s rapid expansion.

This skills shortage needs to be addressed quickly. It is already hindering the growth of the Australian cyber security sector. This problem will only magnify in the future as more cyber security providers edge into the market, drawn by the prospect of servicing the growing global security demand. Without a strong education and training system that provides cyber security companies with a robust pipeline of employable graduates, Australia will struggle to grow its cyber security ecosystem and become a leading exporter of cyber security. This makes resolving the skills challenge an economic imperative - it lays the groundwork for any other strategy to advance the competitiveness of Australia’s cyber security sector.

Resolving the skills shortage is an economic imperative

The responsibility doesn’t lie solely with universities and other higher-education providers, but also with vocational training organisations and industry itself. Australian companies need to offer more, and better, opportunities for ‘on-the-job’ training of cyber security graduates. Meanwhile, more programs are needed to help equip professionals from various backgrounds with cyber security relevant skills, so they can transition into the industry.

The establishment of the TAFE cyber Reference Group early in 2018, and plans to setup a similar university cyber training reference group - both coordinated by AustCyber - will be important to ensure the effective ownership for many of the actions identified below.

Attract the best and brightest to cyber security

Because cyber security is a nascent industry, many education providers have only recently begun to include relevant courses in their curricula. While universities and vocational training organisations increasingly promote cyber security as an attractive career path, many students are not yet fully aware of the strong job opportunities for cyber security professionals.

In addition to promoting science, technology, engineering and mathematics (STEM), high schools could play a bigger role in nurturing an early interest in cyber security and preparing students for a career in this dynamic, fast-growing industry. There is also an opportunity for employers to sponsor scholarships with work-integrated learning to attract high-quality students and improve the job-readiness of graduates.

Actions to attract more students

ExploreExplore

ActionAction

Action Lead actor Status
Recommendation that the AustCyber and other relevant stakeholders work with government/s to expand awareness of cyber security careers in high schools by:
  • improving the available information on career paths and role definitions in cyber security
  • scaling existing efforts to promote cyber security as a career for women
  • expanding cyber challenges programs in schools to increase the awareness and attractiveness of cyber career paths.
AustCyber, government/s and other relevant stakeholders Action
Increase the number of employer-sponsored scholarships that incorporate work-integrated learning opportunities for high-school students and consider ‘return of service’ obligations to encourage students to remain in Australia. Employers and training institutions Action
Introduce a voluntary ‘Digital Nation’ program, where post-secondary students gain work experience in digital professions including cyber security. AustCyber with Employers Explore

Note: actions that have been added or updated since the release of the first Sector Competitiveness Plan in 2017 are in italics.

Ramp up cyber security education and training

Cyber security education and training is ramping up among universities and TAFEs. Two TAFE cyber security non-degree courses are being rolled out at a number of TAFEs around the country, and nearly half of all universities now offer either a specific degree in cyber security or an IT or computer science degree with cyber security as a major.

However, it is critical that the student demand for course places also grows and that cyber education remains financially sustainable. It is also important to maintain high quality education provision during a period of rapid expansion, to ensure that graduates are job-ready.

Employers and training institutions should continue to look for ways to work together to tackle the skills shortage and provide more opportunities for targeted cyber security training. Several high-profile partnerships between industry and training institutions, for example between Optus and Macquarie University or between Commonwealth Bank of Australia and the University of New South Wales, have emerged in recent years (see Box 16). They can serve as a blueprint for further collaborations to increase Australia’s pool of cyber security workers with industry-relevant skills.

Actions to increase cyber education and training

ExploreExplore

ActionAction

Action Lead actor Status
Increase the supply of cyber education teaching by:
  • developing practical ways to attract and retain teachers, including by offering financial incentives and more flexible position structures (for example, teaching-only roles in universities, part-time roles in TAFEs)
  • developing a national approach for expanding the pool of guest lecturers, including leveraging guest lecturers through other channels.
AustCyber/Training institutions Explore
Employers/Training institutions ​​Action
Recommendation that governments mitigate upfront costs of setting up courses by:
  • including cyber courses on all states and territories skills’ lists and lifting government courses subsidies for cyber vocational education and training courses to better fund upfront infrastructure development costs
  • increasing direct financial support to universities and TAFEs to set up world-class cyber security infrastructure to support skills development.
Government/s Explore
Adopt a national skills framework based on the NICE Cybersecurity Workforce Framework to help build a common understanding between industry and education about skills needs and curriculum relevance, and map course curricula to this framework. AustCyber/Employers/Training institutions Action
Recommendation that the Australian Government extend and expand the Academic Centres of Cyber Security Excellence program, including a practical, challenge-based assessment framework, and develop a companion Training Centres program. Government Explore
Release comprehensive cyber security-specific performance metrics, for example graduate numbers, performance in cyber security challenges, employment outcomes and teaching quality metrics. Training institutions Action
Increase the attractiveness and relevance of cyber security programs at Australia’s universities and vocational training institutions by working closely with employers in:
  • seeking opportunities to build work-integrated learning into curricula
  • regularly revising curricula and course structure to maintain relevance.
Training institutions Action
Ensure senior executives, board directors and policymakers have access to high-quality cyber security training programs. AustCyber Action

Note: actions that have been added or updated since the release of the first Sector Competitiveness Plan in 2017 are in italics.

Create vibrant, industry-led professional development pathways

The talent shortage in cyber security is exacerbated by employers’ concern that graduates from university programs are not job-ready. Opportunities to transition workers from other adjacent parts of the IT sector and the broader workforce are also being missed.

Offering visible and attractive pathways for the professional development of cyber security workers would be an important step towards addressing both these issues. This means creating clearer training options for general IT workers who are interested in transition to cyber security roles, and improving opportunities for on-the-job training, including graduate programs, which are currently limited to larger Australian companies.

Actions to create professional development pathways

ExploreExplore

ActionAction

Action Lead actor Status
Undertake market research to understand the specific barriers to transition that potential cyber workers report. AustCyber Action
Expand the range of training/re-training and transition models available by:
  • increasing the number of training places in lower cost course, such as vocational education and training short courses, micro-credentials and graduate certifications
  • establishing an apprenticeship model for cyber security that will enable more hiring of graduates, with potential funding through the Skilling Australians Fund.
Training institutions
Employers
Action
Recommendation that the Australian Government consider increasing the relative affordability of training through subsidised training places for workers from disadvantaged backgrounds and fee waivers for specific cohorts of students. Government Explore
Improve the on-the-job training opportunities and clarity of career progression options to increase retention and link this to common messaging on the importance of cyber security to Australia’s national interests. Industry Explore
Develop and propagate a rapid transition model for large- and mid-sized employers that helps them identify target workers and match them to appropriate training opportunities. AustCyber  

Action

Note: actions that have been added or updated since the release of the first Sector Competitiveness Plan in 2017 are in italics.

Summary of progress against actions

The scorecard below summarises progress against actions identified in the release of the first Sector Competitiveness Plan in 2017. Progress descriptions are not exhaustive, but rather capture the range of activity occurring across government, industry, training institutions and the research community, and within AustCyber itself, to improve the competitiveness of Australia's cyber security sector.

A. Grow an Australian cyber security ecosystem

Target of initiative Actions listed in 2017 Lead Actions to-date (non-exhaustive) Status
Help cyber startups to find their first customers Analyse barriers and risks for government agencies and businesses to working with startups, and promote strategies to mitigate these barriers (for example, via piloting, investment partnerships).

 

AustCyber
  • AustCyber has had initial discussions with Commonwealth and state and territory agencies and larger businesses on barriers have taken place, with particular focus on procurement processes.
In progress
Provide access to business coaching for startups AustCyber
  • AustCyber provides companies with advice on business models, potential customers, growth opportunities and strategic planning.
  • AustCyber's new initiative, GovPitch, provides a forum where startups can pitch technical solutions to public sector executives, making it easier for them to apply for government cyber security contracts.
  • AustCyber's new initiative, Sky's the Limit, provides a forum where startups can pitch technical solutions to private sector executives.
Ongoing
Promote Australian cyber security products and services to potential customers AustCyber
  • Trade and investment delegations, led by AustCyber and Austrade, have showcased Australia's cyber security products and services to potential customers in various countries, including the US, New Zealand, Singapore, India, Israel, and Indonesia.
Ongoing
Recommend that the Australian Government encourages industry investors in CSIRO Innovation Fund to become first customers of cyber security startups that the Fund supports AustCyber (Advocacy)
GovernmentIndustry
  • No action to date
Still to be explored
Help startups, micro companies, small organisations to mature their business operations and systems AustCyber
Governments Industry
  • AustCyber is considering options to provide scaled maturity and commercialisation support for cyber security companies in Australia.
In progress
Improve research focus and collaboration to assist commercialisation Identify areas of research strength that support the initial focus segments based on existing research capabilities AustCyber
  • In 2017, the Australian Government committed $50 million to establish a Cyber Security CRC with the aim of improving Australia's cyber security R&D.
  • In 2018, AustCyber opened the first of several Expressions of Interest rounds to single entities and consortia for its Projects Fund, aligned to the Sector Competitiveness Plan's Knowledge Priorities (see Appendix A).
In progress
AustCyber to work with governments to support short- and long-term cyber security research that has the potential to lead to commercialised outcomes and scaling of national research capability AustCyber, with government agencies
  • Australia's new Cyber Security CRC has been established to support scaling and commercialisation of Australian cyber security research.
In progress
Work with Data61 to develop research translation and product management models to be implemented in research institutions Research institutions
  • The Department of Defence's Next Generation Technologies Fund has invested in an R&D partnership between Data61 & several Australian universities, with a focus on tackling emerging threats to Australia's cyber security.
In progress
Establish a network of researchers and organisational practitioners to better connect researchers with industry future needs and identify challenges and opportunities Data61 (previously assigned to AustCyber)
  • Expert Connect, developed by Data61, was launched in 2017. It is a directory of Australian academics created to help businesses connect with research expertise, including cyber security.
Completed
Invest in development of stronger collaboration capabilities including work placements for postgraduate students Industry
  • AustCyber supports Data61's online skills matching platform Ribit, which brings together tertiary graduates with STEM and digital skills and employers, by partnering to deliver a cyber security specific stream in the platform.
Ongoing
Make access to seed and early stage investment capital Ensure startups have adequate information about available funding AustCyber
  • AustCyber provides companies with informal advice about potential funding sources.
In progress
Identify and attract additional funding sources, such as venture capital AustCyber
  • No action to date, but planned activities for second half of 2018.
Not yet commenced
Form informal panel of CIOs and CISOs to rapidly vet startup products for venture capital investment AustCyber
  • AustCyber's new initiative, Sky's the Limit, provides a forum where startups can pitch technical solutions to private sector executives.
In progress
Develop the scale and maturity of incubators and accelerators with cyber security focus AustCyber
  • AustCyber is working on improving the effectiveness of existing accelerators and incubators related to cyber security.
  • CyRise is a cyber security accelerator funded by the Victorian Government in partnership with Deakin University and Dimension Data.
In progress
Simplify government and private sector procurement processes Greater access to procurement by governments and large businesses by analysing contract size, structure, and regulations. AustCyber
  • AustCyber has recommended in its Regulatory Reform Plan (see Appendix C) to align domestic standards and regulations with local standards and regulations to reduce compliance costs and facilitate local industry competing in global markets.
In progress
Work with Australian and state/territory government agencies to identify opportunities for piloting technology AustCyber
  • AustCyber's initiative, GovPitch, helps Australian cyber security startups pitch technical solutions to government officials, improving their chances of winning a government contract.
In progress
Consider public subsidies to lower the product certification and service accreditation costs for Australian small to medium enterprises AustCyber
  • For further consideration and advocacy where appropriate.
In progress
Innovate around procurement processes to identify requirements that can be relaxed for startups and SMEs Government/s
  • Ongoing exploration of options to facilitate greater SME engagement in government procurement activities.
Still to be explored

B. Export Australia's cyber security to the world

Target of initiative Actions listed in 2017 Lead Actions to date (non-exhaustive) Status
Support Australian companies to develop more scalable business models AustCyber to work with governments to deepen understanding of export opportunities AustCyber with government agencies
  • AustCyber and Austrade continue to facilitate international cyber security delegations
In progress
Analyse amenability of Australia's existing service strengths to remote delivery of models AustCyber
  • No action to date
Not yet commenced
AustCyber to work with governments to map possible target markets for Australian cyber security services and identify potential barriers to export AustCyber, with government agencies
  • In 2017, AustCyber worked with Austrade to identify target countries for cyber delegations.
  • In 2018, delegations will go to the key markets of the US and the UK, with other Asian markets also being identified.
In progress
Identify ways to increase scale through partnerships and invest in developing scalable managed service models Industry
Education and training institutions
  • No action to date
Not yet commenced
Develop cyber security as an educational export Establish marketing presence in cyber security key target markets and develop partnerships with local businesses that have training needs Education and training institutions
  • No action to date
Still to be explored
AustCyber to work with Australian Government to identify target markets for cyber education exports Government with AustCyber
  • No action to date
Not yet commenced
Promote national security as a national strength within existing Australian education exports, for example Future Unlimited Government with AustCyber
  • No action to date
Still to be explored
Attract MNCs to use Australia as an export base Conduct detailed analysis of the existing export benefits of Australian operations of multinational corporations identifying comparative advantage AustCyber
  • No action to date

Not yet commenced

Work with state/territory governments to develop investment incentives for multinational IT companies with cyber security offerings

AustCyber

  • No action to date

Discontinued as an action in this Sector Competitiveness Plan

C. Make Australia the leading centre for cyber security education

Target of initiative Actions listed in 2017 Lead Actions to date (non-exhaustive) Status
Attract the best and brightest to cyber security Recommendation that AustCyber and other relevant stakeholders work with government/s to expand awareness of cyber security careers in high schools by:
  • improving the available information on career paths and role definitions in cyber security
  • scaling existing efforts to promote cyber security as a career for women
AustCyber, with governments and other relevant stakeholders
  • AustCyber has begun releasing a suite of interactive dashboards on cyber security careers, training opportunities, roles and career paths.
  • LifeJourney, a new online career mentoring offering in Australia, has launched a Cyber Schools Challenge in various States. The program, seeks to ignite high school students' interest in cyber security careers. It is being run through a partnership with Optus.
  • Significant progress has been made through key partnerships on developing new programs and cyber skills challenges for schools.
Ongoing
Increase the number of 'co-op' style scholarships for high-school students and consider 'return of service' obligations to encourage students to remain in Australia Industry and training institutions
  • No action to date
Not yet commenced
Introduce a voluntary 'Digital Nation' program, where post-secondary students gain work experience in digital professions including cyber security AustCyber
Industry
  • No action to date
Not yet commenced
Provide efficient paths for immigration of skilled cyber security professionals by:
  • recommending that the Australian Government include ICT Security Specialist to the Skilled Occupation List
  • working with training institutions to structure education programs to meet the relevant visas
Government
Training Institutions
  • Advocacy continues from within industry.
  • Conversations with Government progressing.
Still to be explored
Ramp up cyber security education and training Expand the output and relevance of cyber security programs at Australia's universities and vocational training institutions by working closely with industry in:
  • establishing globally compatible core competencies for cyber security degree qualifications that are accepted by both government and the private sector
  • seeking opportunities to build significant industry experience component into the curriculum
  • supplementing teaching staff with industry personnel and exploring opportunities for this participation to be formally recognised in professional standards
  • regularly revising curricula and course structure to maintain relevance
AustCyber
Training institutions
  • Two TAFE cyber security non-degree courses have been developed with industry that students can partly complete on-the-job and are now being offered at TAFEs around the country.
  • Universities are expanding the number and capacity of cyber security education programs.
  • Academic Centres of Cyber Security Excellence (ACCSE) set up at Edith Cowan University in Western Australia and Melbourne University, with $1.91 million in Commonwealth funding.
  • Box Hill Institute in Victoria, a leading provider of TAFE courses and vocational training, has developed two national cyber certificate and diploma-level courses in partnership with relevant businesses including the National Australia Bank, Commonwealth Bank of Australia, ANZ Bank, NBN Co, CiscoREA Group, BAE Systems, Telstra, and Deloitte (100 students enrolled in 2018).
  • Macquarie University, in partnership with Optus, has developed a new cyber security curriculum that includes undergraduate and postgraduate courses, scholarships and work experiences. Its bachelor's program is due to star in 2020.
  • Deakin University offers a new cyber security degree course with graduate placements and 12-week internships offered by businesses who contributed in the design of the curriculum including ANZ Bank, National Australia Bank and Dimension Data (100 students to graduate in 2019).
  • The University of New South Wales has partnered with the Commonwealth Bank of Australia, offering undergraduate cyber security majors as well as a Master's program, and providing staff to teach specific parts of the course.
  • PWC's Skills for Australia is undertaking a project to identify the cyber security skills requirement in vocational education and training courses across multiple sectors. The project is expected to be completed by 2019.
  • Cyber Security Challenge Australia attracted a record 310 participants across 26 educational institutions in 2017.

Ongoing

Ensure that senior executives, directors and policymakers have access to high-quality cyber security training programs AustCyber
Industry
  • Data61 and Australian Institute of Company Directors have jointly developed a program to improve the cyber literacy of company directors and board members in Australia.
In progress
Create vibrant, industry-led professional development pathways Expand the range of training/retraining and transitional models available by:
  • establishing an apprenticeship model for cyber security that will enable more hiring of graduates
  • creating industry-led rapid training/retraining courses to better enable transition to cyber security from other professions
AustCyber
Industry
  • The TAFE curriculum does allow for units to be offered individually as short courses, but these are not yet available.
  • The Australian Government is piloting professional apprenticeship models including an IT apprenticeship.
In progress
Improve on-the-job training opportunities and clarify career progression options to increase retention and link this to common messaging on the important of cyber security to Australia's national interests Industry
  • Industry awareness of the importance of on-the-job training for both skill development and retention has grown, and large organisations are increasing their training offerings.
  • AustCyber has begun releasing a suite of interactive dashboards on cyber security training opportunities, roles and career paths.
Ongoing
  1. Australian Government, Department of Foreign Affairs and Trade (2017), Composition of Trade Australia 2015–16. Available at: http://dfat.gov.au/about-us/publications/Documents/cot-fy-2015-16.pdf.