SCP - Chapter 4 - Building a competitive Australian cyber security sector

Key points in this chapter

  • Much has been achieved since the Sector Competitiveness Plan was first published in 2017
  • But more action is needed to grow vibrant and competitive cyber security sector, that generates increased investment and jobs for the Australian economy
  • Urgently need to address skills and workforce shortage
  • Greater awareness to attract best and brightest to sector
  • More pathways for workers to transition from broader IT sector and other industries
  • Better collaboration in R&D
  • Concentrate R&D on areas of strength and sector segments of software, security operations, and underlying processes
  • Support local companies to grow, mature and export solutions
Much has already been achieved...but more needs to be done to fully seize the tremendous opportunity in cyber security

This Sector Competitiveness Plan shows great potential for Australia to become a leading global exporter of cyber security software and services where it already has a competitive advantage (see focus segments in Chapter 2).

However, Australia cannot expect to build on its existing strengths and develop a vibrant cyber security sector without properly addressing existing challenges, such as:

  • creating a sharper focus in the funding of cyber security research;
  • removing growth hurdles for small local cyber startups; and
  • increasing the pool of job-ready cyber security workers in the short- and long-term.

Given the urgency of this opportunity and the eagerness of many other countries to also seize the moment in cyber security, action needs to happen fast.

Much has been achieved already since the initial Sector Competitiveness Plan was first published in 2017. Recognising the strategic growth potential of cyber security, the Australian Government has established a new Cyber Security CRC, which will provide more targeted funding for the country’s most promising research projects. The Government also launched AustCyber’s GovPitch, a new initiative to help cyber security startups in Australia win public sector contracts more easily.

The education system has also responded well to the challenge with half of the universities in the country now offering a specific cyber security degree or IT degree with a major in cyber security.

AustCyber has committed to a regulatory reform plan that focuses on regulation and standardisation of cyber security (see Appendix C).

Much has already been achieved… but more needs to be done to fully seize the tremendous opportunity in cyber security

Still more needs to be done to enable Australia to fully seize the tremendous opportunity in cyber security. To develop a highly capable and globally competitive cyber security sector, Australia should pursue three goals, as illustrated in Figure 51:

  • develop a competitive cyber security ecosystem;
  • strengthen the exportability of local cyber security companies; and
  • capitalise on Australia’s quality education system to become a leader in cyber education.

Figure 51 – An overview of the key elements of the Sector Competitiveness Plan

Figure 51

4.1 Growing an Australian cyber security ecosystem

To become a global market leader in cyber security and serve a substantial share of additional security demand over the next decade, Australia is building a stronger, more coherent cyber security ecosystem. Australia’s cyber security sector lacks the strong domestic ecosystem to compete effectively on a global scale. The local network of specialist companies, researchers, government bodies and training institutions that make up Australia’s cyber security sector remains fragmented and underdeveloped, especially in software. This makes it difficult for Australia to fully harness the tremendous economic opportunity arising from the expected surge in demand for cyber security.

To become a global market leader in cyber security and serve a substantial share of additional security demand over the next decade, Australia is building a stronger, more coherent cyber security ecosystem.

To achieve this, Australia needs to create more innovative cyber security startups and help them grow into mature, market-ready and internationally competitive businesses that can cater for the domestic market as well as global value chains. Strengthening the cyber security ecosystem also means inspiring greater collaboration between companies, researchers, government, investors, education providers, and other stakeholders involved.

Help cyber startups find their first customers

Anchor customers, typically large industry players or government departments, add value to any startup. But for cyber security startups, which rely heavily on trust to gain access to high-risk business areas, anchor customers are one of the most critical ingredients for success as they help establish market legitimacy.

Assisting cyber security startups in their search for customers can help strengthen the competitiveness of the local industry. This is because anchor customers often challenge an emerging company to sharpen its profile and refine its offering to be better aligned with global market needs, which increases business prospects.

Actions to help startups

ExploreExplore

ActionAction

Action Lead actor Status
Improve access to first customers for Australian startups by:
  • Analysing the barriers and risks for government agencies and established businesses working with startups
  • Promoting strategies to mitigate these, for example, piloting, investment partnerships
  • Providing access to business coaching for startups
  • Showcasing Australian cyber security products and services to potential customers.
AustCyber Action
Recommendation that the Australian Government encourage industry investors in the CSIRO Innovation Fund to also become first customers for Australian cyber security startups the Fund supports. Government/Industry Explore
Startups and small organisations mature business operations and systems to work effectively with first customers. Industry Action

Improve research focus and collaboration to assist commercialisation

Australia is home to several world-class universities and research institutions on the leading-edge of cyber security innovation. However, a diffuse funding system and weak links between academics and business limit the effectiveness of Australia’s research capabilities.

Australia needs to replace this scattered approach to public R&D funding for cyber security with a more targeted funding strategy that focuses on cultivating a select number of national hubs for research excellence. A limited and specific set of research areas would also help focus the efforts of Australia cyber security researchers and institutions, and guide the allocation of funding to research by government agencies.

AustCyber has developed Knowledge Priorities for cyber security in consultation with industry and researchers (see Appendix A). The knowledge priorities will guide industry research needs and commercialisation opportunities for Australia’s cyber security sector, as well as to inform AustCyber’s activities as it works with stakeholders across the economy to improve the sector’s research focus, collaboration and commercialisation outcomes. These knowledge priorities will be refined over time through further engagement and an evaluation of areas of existing research capability in Australia.

Further, Australia should work to improve opportunities for research collaborations between industry and universities. A stronger innovation partnership is needed to fully harness the commercial possibilities of cutting-edge research.

Actions to improve research and commercialisation

ExploreExplore

ActionAction

Action Lead actor Status
Identify areas of research strength that support the initial focus segments, based on Australia’s existing research capabilities. AustCyber Action
Work with government/s to better support short and longer-term cyber security research that will ensure both commercialised outcomes and development of scaled national research capability. AustCyber, with government agencies Explore
Work with Data61 to develop research translation and product management models that can be implemented in cyber security research institutions. Research institutions Action
Establish a directory of Australian academics created to help businesses connect with research expertise, including cyber security. Data61 Explore
Invest in the development of stronger collaboration capabilities, including offering work placements for postgraduate students. Industry Action
AustCyber to work closely with the Cyber Security CRC to assist in developing industry-university collaborative proposals and promoting resulting commercialised products AustCyber/CRC Collaboration Action

Make access to seed and early-stage venture capital easier

Australian cyber security companies face larger obstacles than some of their global peers when trying to access early-stage venture and seed capital.

It is crucial for Australia to remove these funding hurdles and help startups commercialise novel products and innovative services that will differentiate them from foreign rivals. A more favourable funding environment, including the system of incubators and accelerators, will enable Australian cyber security startups to become global market leaders.

Australian cyber security companies face larger obstacles than some global peers when trying to access early-stage venture and seed capital

Actions to improve access to early-stage capital

ExploreExplore

ActionAction

Action Lead actor Status
Increase the availability of and access to early stage funding for startups by:
  • ensuring startups have adequate information about the range of potential funding sources
  • identifying and attracting additional funding sources, for example international venture capital funds entering Australian market, better access to investments made by Australian superannuation and wealth funds.
AustCyber Action
Form an informal panel of CIOs and CISOs that can rapidly vet startups’ products for venture capital investment. AustCyber Explore
Develop the scale and maturity of incubators and accelerators that have a cyber expertise. AustCyber Action

Simplify government and private sector procurement processes

Many large companies and government agencies - both state and national level - are bound by strict procurement guidelines, designed to ensure reliable performance of contractors and protect the integrity of their networks. But the complexity and cost of these requirements pose a barrier for smaller and newly established companies, which are often defeated by larger rivals with more experience, reputation and resources.

The complexity and cost of procurement requirements pose a barrier for smaller and newly established companies

While strict compliance and procurement rules are necessary to protect high-risk business areas, more can be done to ensure a greater participation of startups and other small companies in providing cyber security products and services to government and big corporates.

Actions to simplify procurement

ExploreExplore

ActionAction

Action Lead actor Status
Support greater access to government and larger business procurement opportunities by:
  • analysing the contract size and structure of existing cyber security contracts and recommend actions, for example introducing maximum contract sizes
  • Working with state and Australian government agencies to identify opportunities for piloting of technologies offered by Australian companies.
AustCyber Explore
Recommendation that the Australian Government partially subsidise the costs of Australian Government product certification (for example, Evaluated Products List (EPL)) and service accreditation (for example, Information Security Registered Assessors Program (IRAP)) for Australian small to medium enterprises. Government Explore
Innovate around procurement processes to identify requirements that can be relaxed for startups and SMEs. Industry Action
Work in partnerships with key stakeholders - governments, regulators, industry - to explore opportunities for harmonising local standards and regulations with international standards. AustCyber Action
Advocate on behalf of industry in discussions on the particular issues that may attract regulatory responses, exploring the impact of such actions. AustCyber Action
Work with Australian Government agencies supporting regular industry consultation to facilitate innovation and export opportunities within the regulatory framework. AustCyber Action
Work with industry associations and other peak bodies to ensure industry interests are represented in boosting the availability of skilled cyber workers including temporary visas. AustCyber Action

Provide robust measurement of the sector’s development and impact on the Australian economy

A healthy, mature cyber security sector has strong growth prospects, long lines of interested investors, innovative sector development policies and a deep talent pool. Fundamental to accomplishing this vision is a robust common fact base of the sector and its impacts. Such a fact base requires measurements of the sector to improve. Developing high-quality measurement projects will require close collaboration between industry and government in order to draw together funding, expertise and credible data.

Studying the impacts of cyber security further fills an important knowledge gap. Developing more robust measures of risk, protection and benefits is not simply of scholarly interest but such knowledge has commercial and national security implications. Whilst concepts of risk and protection are well understood in cyber security, the current state of knowledge can be improved with more committed investment on behalf of government to produce a broader suite of measures. The benefits of cyber security are very poorly understood and significant progress can be achieved by implementing relatively straightforward and practical actions.

Actions to improve measurement of cyber security

ExploreExplore

ActionAction

Action Lead actor Status
Develop and implement a robust and repeatable interim sector measurement AustCyber, with government agencies across levels and industry Action

Recommendation that the Australian Government institute a regular and comprehensive measurement of the sector.

Government Explore
Recommendation that the Australian Government gather better quality information on the levels of risk faced by different organisations, and the current state of protection from cyber threats. Government Action
Undertake analysis of the overall economic value of capital investments in cyber security companies; and organisational investment in cyber capabilities. AustCyber Action
Improve understanding of the pathways through which cyber generates economic value. AustCyber and industry Action

4.2 Exporting Australia’s cyber security to the world

Mounting cyber threats will drive future demand for effective security solutions across Australia and unlock new business opportunities for security providers. Yet the limited size of the local market demands that cyber security companies develop and maintain a strong export focus. For Australia to become a leading cyber security provider in the Indo-Pacific region, local companies will need to improve export capabilities. Australia should also investigate ways to become a more attractive base for cyber security exports of multinational corporations.

Many local cyber security companies still lack the scale to effectively compete in markets outside Australia but this is changing

This is particularly evident for cyber security services companies, which appear to face greater difficulties than hardware and software providers to venture abroad and establish an international market presence. In light of existing country-specific strengths (trade data indicates Australia is already ‘punching above its weight’ and earns a relatively higher revenue with services than its peers), boosting the export capabilities of local cyber security services companies would deliver particularly strong economic gains.

Support Australian companies to develop more scalable business models

The key obstacle for many Australian cyber security companies, especially in services, is a lack of scalability in their business models. This means they cannot easily grow in order to capture opportunities, and export relies on expanding their workforce offshore in ways that are often too difficult. Working with Australian cyber security companies to improve the scalability of their businesses will be critical to export growth.

Actions to increase exports

ExploreExplore

ActionAction

Action Lead actor Status
Work with government/s to deepen the understanding of export opportunities for Australian cyber security through a detailed market analysis AustCyber, with government agencies Explore
Analyse the amenability of Australia’s existing services strengths to remote delivery models (particularly in the protection stack). AustCyber Action
Work with government/s to map possible target markets for Australian-managed services in the protection stack and the specific barriers to export to those countries. AustCyber, with government agencies Explore
Identify ways to increase scale through partnerships and invest in the development of scalable, managed service models. Industry Explore

Develop cyber security as an educational export

In recent years, education has become one of Australia’s largest export earners, rivalling the country’s top resources exports.1 This trade success is a testament to Australia’s strong reputation and infrastructure in international education and training, and signals a powerful opportunity for cyber security service providers.

Australia has the potential to become the leading regional, if not global, provider of cyber security education and training. However, realising this potential requires a new focus on growing our cyber security education and training institutions into dynamic, enterprising and export-oriented players.

Actions to develop cyber security education exports

ExploreExplore

ActionAction

Action Lead actor Status
Establish marketing presence in cyber security in key target markets and develop partnerships with local industry that have training needs Education and training institutions Explore
Recommendation that the Australian Government, working with AustCyber, support training institutions to export cyber security by:
  • Identifying target markets for cyber security education exports
  • Promoting cyber security as a national strength within existing Australian education exports campaigns (for example, Future Unlimited)
Government, with AustCyber Explore

Attract multinational corporations to use Australia as an export base for the region

Large multinational corporations currently meet most of Australia’s cyber security needs. They play an important role, not just as security providers, but also as employers. However, interviews indicate that foreign cyber security providers use their Australian operations almost exclusively to service the local market.

Australia could capitalise further on the presence of multinational corporations by encouraging them to make better use of the proximity to Asia and Australia’s potential to serve as a regional export base. Many foreign companies are already attracted to Australia because of the stable political environment, favourable business climate, and diverse and well-educated workforce.

A range of incentives could encourage multinational cyber security companies to broaden their local operations and ship a larger share of exports from Australia. Multinationals could significantly boost Australia’s export capabilities in cyber security, particularly in services, where local companies are generally most challenged to rapidly improve their export-readiness. Multinational companies, in contrast, already have the necessary scalability that allows them to more easily expand into global markets.

Australia could capitalise further on the presence of multinational corporations

Actions to attract multinationals to use Australia as export base

ExploreExplore

ActionAction

Action Lead actor Status

Conduct detailed analysis of the existing export benefits of Australian operations of multinational corporations, and identify areas of comparative advantage for Australia as a cyber security export base for multinational corporations.

AustCyber Action

4.3 Making Australia the leading centre for cyber security education

Cyber security companies worldwide are struggling to expand their businesses, as they cannot find enough skilled workers to satisfy the burgeoning demand for security products and services. There are signs, however, that the talent drought affecting cyber security companies in Australia is among the most acute globally. The number of job-ready candidates that Australia’s education system produces is inadequate to meet current industry demand. While universities and TAFEs have begun to launch new study courses, they will not generate the graduate volume needed in the short to medium-term to keep pace with the sector’s rapid expansion.

This skills shortage needs to be addressed quickly. It is already hindering the growth of the Australian cyber security sector. This problem will only magnify in the future as more cyber security providers edge into the market, drawn by the prospect of servicing the growing global security demand. Without a strong education and training system that provides cyber security companies with a robust pipeline of employable graduates, Australia will struggle to grow its cyber security ecosystem and become a leading exporter of cyber security. This makes resolving the skills challenge an economic imperative – it lays the groundwork for any other strategy to advance the competitiveness of Australia’s cyber security sector.

Resolving the skills shortage is an economic imperative

The responsibility doesn’t lie solely with universities and other higher-education providers, but also with vocational training organisations and industry itself. Australian companies need to offer more, and better, opportunities for ‘on-the-job’ training of cyber security graduates. Meanwhile, more programs are needed to help equip professionals from various backgrounds with cyber security relevant skills, so they can transition into the industry.

The establishment of the TAFE cyber Reference Group early in 2018, and plans to setup a similar university cyber training reference group – both coordinated by AustCyber – will be important to ensure the effective ownership for many of the actions identified below.

Attract the best and brightest to cyber security

Because cyber security is a nascent industry, many education providers have only recently begun to include relevant courses in their curricula. While universities and vocational training organisations increasingly promote cyber security as an attractive career path, many students are not yet fully aware of the strong job opportunities for cyber security professionals.

In addition to promoting science, technology, engineering and mathematics (STEM), high schools could play a bigger role in nurturing an early interest in cyber security and preparing students for a career in this dynamic, fast-growing industry. There is also an opportunity for employers to sponsor scholarships with work-integrated learning to attract high-quality students and improve the job-readiness of graduates.

Actions to attract more students

ExploreExplore

ActionAction

Action Lead actor Status
Recommendation that the AustCyber and other relevant stakeholders work with government/s to expand awareness of cyber security careers in high schools by: 
  • improving the available information on career paths and role definitions in cyber security
  • scaling existing efforts to promote cyber security as a career for women
  • expanding cyber challenges programs in schools to increase the awareness and attractiveness of cyber career paths.
AustCyber, government/s and other relevant stakeholders Action
Increase the number of employer-sponsored scholarships that incorporate work-integrated learning opportunities for high-school students and consider ‘return of service’ obligations to encourage students to remain in Australia. Employers and training institutions Action
Introduce a voluntary ‘Digital Nation’ program, where post-secondary students gain work experience in digital professions including cyber security. AustCyber with Employers Explore

Note: actions that have been added or updated since the release of the first Sector Competitiveness Plan in 2017 are in italics.

Ramp up cyber security education and training

Cyber security education and training is ramping up among universities and TAFEs. Two TAFE cyber security non-degree courses are being rolled out at a number of TAFEs around the country, and nearly half of all universities now offer either a specific degree in cyber security or an IT or computer science degree with cyber security as a major.

However, it is critical that the student demand for course places also grows and that cyber education remains financially sustainable. It is also important to maintain high quality education provision during a period of rapid expansion, to ensure that graduates are job-ready.

Employers and training institutions should continue to look for ways to work together to tackle the skills shortage and provide more opportunities for targeted cyber security training. Several high-profile partnerships between industry and training institutions, for example between Optus and Macquarie University or between Commonwealth Bank of Australia and the University of New South Wales, have emerged in recent years. They can serve as a blueprint for further collaborations to increase Australia’s pool of cyber security workers with industry-relevant skills.

Actions to increase cyber education and training

ExploreExplore

ActionAction

Action Lead actor Status
Increase the supply of cyber education teaching by:
  • developing practical ways to attract and retain teachers, including by offering financial incentives and more flexible position structures (for example, teaching-only roles in universities, part-time roles in TAFEs)
  • developing a national approach for expanding the pool of guest lecturers, including leveraging guest lecturers through other channels.
AustCyber and training institutions Explore
Employers and training constitutions ​​Action
Recommendation that governments mitigate upfront costs of setting up courses by:
  • including cyber courses on all states and territories skills’ lists and lifting government courses subsidies for cyber vocational education and training courses to better fund upfront infrastructure development costs
  • increasing direct financial support to universities and TAFEs to set up world-class cyber security infrastructure to support skills development.
Government Explore
Adopt a national skills framework based on the NICE Cybersecurity Workforce Framework to help build a common understanding between industry and education about skills needs and curriculum relevance, and map course curricula to this framework. AustCyber, employers and training institutions Action
Recommendation that the Australian Government extend and expand the Academic Centres of Cyber Security Excellence program, including a practical, challenge-based assessment framework, and develop a companion Training Centres program. Government Explore
Release comprehensive cyber security-specific performance metrics, for example graduate numbers, performance in cyber security challenges, employment outcomes and teaching quality metrics. Training institutions Action
Increase the attractiveness and relevance of cyber security programs at Australia’s universities and vocational training institutions by working closely with employers in:
  • seeking opportunities to build work-integrated learning into curricula
  • regularly revising curricula and course structure to maintain relevance.
Training institutions Action
Ensure senior executives, board directors and policymakers have access to high-quality cyber security training programs.. AustCyber Action

Note: actions that have been added or updated since the release of the first Sector Competitiveness Plan in 2017 are in italics.

Create vibrant, industry-led professional development pathways

The talent shortage in cyber security is exacerbated by employers’ concern that graduates from university programs are not job-ready. Opportunities to transition workers from other adjacent parts of the IT sector and the broader workforce are also being missed.

Offering visible and attractive pathways for the professional development of cyber security workers would be an important step towards addressing both these issues. This means creating clearer training options for general IT workers who are interested in transition to cyber security roles, and improving opportunities for on-the-job training, including graduate programs, which are currently limited to larger Australian companies.

Actions to create professional development pathways

ExploreExplore

ActionAction

Action Lead actor Status
Undertake market research to understand the specific barriers to transition that potential cyber workers report. AustCyber Action
Expand the range of training/re-training and transition models available by:
  • increasing the number of training places in lower cost course, such as vocational education and training short courses, micro-credentials and graduate certifications
  • establishing an apprenticeship model for cyber security that will enable more hiring of graduates, with potential funding through the Skilling Australians Fund.
Training institutions and employers Action
Recommendation that the Australian Government consider increasing the relative affordability of training through subsidised training places for workers from disadvantaged backgrounds and fee waivers for specific cohorts of students. Government Explore
Improve the on-the-job training opportunities and clarity of career progression options to increase retention and link this to common messaging on the importance of cyber security to Australia’s national interests. Industry Explore
Develop and propagate a rapid transition model for large- and mid-sized employers that helps them identify target workers and match them to appropriate training opportunities. AustCyber  

Action

Note: actions that have been added or updated since the release of the first Sector Competitiveness Plan in 2017 are in italics.

Summary of progress against actions

The scorecard below summarises progress against actions identified in the release of the first Sector Competitiveness Plan in 2017. Progress descriptions are not exhaustive, but rather capture the range of activity occurring across government, industry, training institutions and the research community, as well as within AustCyber itself. These activities are all aimed towards the improvement of the competitiveness of Australia’s cyber security sector.

As this update to the Sector Competitiveness Plan is released, a focus on national level activity for AustCyber and the sector is contributing to the development of Australia’s 2020 Cyber Security Strategy. The new strategy will be the successor to Australia’s Cyber Security Strategy, released in 2016, which led to the establishment of AustCyber and a range of other measures to support the development of the sector. The Australian Government released a discussion paper calling for views on the strategy. AustCyber’s response is available here.

A. Grow an Australian cyber security ecosystem

Target of initiative Actions listed in 2017 Lead Actions to-date (non-exhaustive) Status
Help cyber startups to find their first customers Analyse barriers and risks for government agencies and businesses to working with startups and promote strategies to mitigate these barriers (for example, via piloting and investment partnerships)

 

AustCyber
  • AustCyber has had ongoing discussions with Commonwealth and state/territory agencies and larger businesses on barriers, with particular focus on procurement 
  • AustCyber’s National Network of Cyber Security Innovation Nodes are partnerships with state/territory governments to develop local capabilities and tackle local barriers, especially those relating to procurement and innovation practices
In progress
Provide access to business coaching for startups AustCyber, with relevant government agencies
  • AustCyber has held several rounds of GovPitch, a forum where startups can pitch technical solutions to public sector executives, making it easier for them to apply for government cyber security contracts. The next round of GovPitch will take place in the first quarter of 2020
  • AustCyber and Austrade coach and advise firms on business models, opportunities and strategic planning in order to establish themselves in overseas markets such as ASEAN, the US and the UK
  • Cyber security is now listed as a sector that can access business coaching services through Business.gov.au
Ongoing
Promote Australian cyber security products and services to potential customers AustCyber with Austrade, DFAT and the Australian British Chamber of Commerce
  • Trade and investment delegations have showcased Australia’s cyber security products and services to potential customers in various countries, including the US, UK, Germany, New Zealand, Singapore, India, Israel and Indonesia
Ongoing
Recommend that the Australian Government encourages industry investors in CSIRO Innovation Fund to become first customers of cyber security startups that the fund supports AustCyber (Advocacy)
GovernmentIndustry
  • Delivered as part of Main Sequence’s work, which AustCyber is engaged with
Not continued
Help startups, micro companies and small organisations to mature their business operations and systems Industry
  • AustCyber’s Project Funds initiative assists with commercialisation, scaling and research activities
  • AustCyber refers startups to relevant state and territory small business programs through its National Network of Cyber Security Innovation Nodes
In progress
Improve research focus and collaboration to assist commercialisation Identify areas of research strength that support the initial focus segments based on existing research capabilities AustCyber and the Cyber Security Research Centre (Cyber Security CRC)
  • AustCyber has been successful in ensuring the Australian Government’s CRC Programme, Linkage Grants Programme and the research activities of Data61 have stronger ties to the Knowledge Priorities in this plan
In progress
AustCyber to work with governments to support short- and long-term cyber security research that has the potential to lead to commercialised outcomes and scaling of national research capability AustCyber, with government agencies
  • Cyber Security CRC has been established and is working with more than 20 partners across industry, research and government sectors to support scaling and commercialisation of Australian cyber security research
  • AustCyber’s Projects Fund is investing $15 million over three years to advance national priorities, including research and commercial capabilities
In progress
Work with Data61 to develop research translation and product management models to be implemented in research institutions Research institutions
  • AustCyber participates in Data61’s D61+Live events, which are thought leadership forums aimed at driving collaboration across technology sectors
In progress
Establish a network of researchers and organisational practitioners to better connect researchers with industry future needs and identify challenges and opportunities Data61 (previously assigned to AustCyber)
  • Expert Connect, developed by Data61, was launched in 2017. It is a directory of Australian academics created to help businesses connect with research expertise, including cyber security
Completed
Invest in the development of stronger collaboration capabilities including work placements for postgraduate students Industry
  • AustCyber supports Data61’s online skills matching platform Ribit, which brings together tertiary graduates with STEM and digital skills employers, by partnering to deliver a cyber security specific stream in the platform
Ongoing
Make access to seed and early-stage investment capital Ensure startups have adequate information about available funding AustCyber
  • AustCyber provides companies with informal advice about potential funding sources
  • AustCyber is also deepening engagement with investors to further fuel ecosystem growth
In progress
Identify and attract additional funding sources, such as venture capital AustCyber
  • AustCyber has ongoing engagements with several international capital groups aligned with national interests
  • AustCyber and the Australian Investment Council have partnered to increase knowledge of funding for investors into Australian deep technology and cyber security 
  • AustCyber supports Austrade’s promotion of opportunities to international investors
In progress
Form informal panel of CIOs and CISOs to rapidly vet startup products for venture capital investment AustCyber
  • AustCyber and CISO Lens have collaborated to identify and assess startup products and commercialisation opportunities. CISO Lens also assists AustCyber in evaluating investment opportunities
In progress
Develop the scale and maturity of incubators and accelerators with cyber security focus AustCyber
  • AustCyber is working on improving the effectiveness of existing accelerators and incubators related to cyber security
  • AustCyber works with CyRise, Australia’s only cyber security accelerator to advance their bootcamps. CyRise is funded by the Victorian Government in partnership with Deakin University and NTT
In progress
Simplify government and private sector procurement processes Greater access to procurement by governments and large businesses by analysing contract size, structure and regulations AustCyber
  • (Refer to previous page, plus:)
  • AustCyber assists DFAT to carry out their Cyber Capability Engagement Program (CCEP) which aims to build cyber security capacity across the Indo-Pacific. Three Australian firms have been procured to begin this project
  • AustCyber has recommended to the Federal Government that, as part of its new National Cyber Security Strategy, at least one per cent of government procurement be from the local ecosystem, growing to five per cent in the future
In progress
Work with Australian and state/territory government agencies to identify opportunities for piloting technology AustCyber
  • AustCyber has held several rounds of GovPitch, an initiative which helps Australian cyber security startups pitch technical solutions to government officials, improving their chances of winning a government contract. The next round of GovPitch will be held in the first quarter of 2020
  • AustCyber has assisted states and territories to take a greater interest in drawing on local capabilities
In progress
Consider public subsidies to lower the product certification and service accreditation costs for Australian small to medium enterprises AustCyber
  • AustCyber has recommended that the Federal Government consider additional support for certification and accreditation in the new National Cyber Security Strategy
In progress
Innovate around procurement processes to identify requirements that can be relaxed for startups and SMEs Government
  • No action to date
Still to be explored

B. Export Australia’s cyber security to the world

Target of initiative Actions listed in 2017 Lead Actions to date (non-exhaustive) Status
Support Australian companies to develop more scalable business models AustCyber to work with governments to deepen understanding of export opportunities AustCyber, with government agencies
  • AustCyber and Austrade have visited the US, Singapore, Indonesia and Israel to promote Australian cyber exports
  • AustCyber and the Australian British Chamber of Commerce have visited the UK to promote Australian cyber exports
  • AustCyber is working with several local firms to develop their global growth strategies
In progress
Analyse amenability of Australia’s existing service strengths to remote delivery of models AustCyber
  • The local ecosystem has seen some consolidation in services (e.g. CyberCX) and growth in education exports
Not yet commenced
AustCyber to work with governments to map possible target markets for Australian cyber security services and identify potential barriers to export AustCyber, with government agencies
  • AustCyber and Austrade have sent several overseas delegations and are releasing a series of market intelligence reports on overseas market opportunities, including for ASEAN, the US, the UK, and Germany
In progress
Identify ways to increase scale through partnerships and invest in developing scalable managed service models Industry, with education and training institutions
  • The local ecosystem has made some moves towards scalable models, including strategies that involve overseas partners in the US
Ongoing
Develop cyber security as an educational export Establish marketing presence in cyber security key target markets and develop partnerships with local businesses that have training needs Education and training institutions
  • AustCyber and Austrade are releasing a series of market intelligence reports which include opportunities around training and skills development needs
  • AustCyber assists DFAT to carry out their Cyber Capability Engagement Program (CCEP) which aims to build cyber security capacity across the Indo-Pacific, with a strong focus on training cyber security workers and their capabilities
In progress
AustCyber to work with Australian Government to identify target markets for cyber education exports Government with AustCyber In progress
Promote national security as a national strength within existing Australian education exports, for example Future Unlimited Government with AustCyber In progress
Attract MNCs to use Australia as an export base Conduct detailed analysis of the existing export benefits of Australian operations of multinational corporations identifying comparative advantage AustCyber, with government
  • There is increasing anecdotal evidence that MNCs are using Australia as an export base, which warrants further analysis

Not yet commenced

Work with state/territory governments to develop investment incentives for multinational IT companies with cyber security offerings

AustCyber

Discontinued as an action in this Sector Competitiveness Plan

C. Make Australia the leading centre for cyber security education

Target of initiative Actions listed in 2017 Lead Actions to date (non-exhaustive) Status
Attract the best and brightest to cyber security Recommendation that AustCyber and other relevant stakeholders work with government/s to expand awareness of cyber security careers in high schools by:
  • Improving the available information on career paths and role definitions in cyber security
  • Scaling existing efforts to promote cyber security as a career for women
AustCyber, with government and other relevant stakeholders
  • The ACA Schools Cyber Security Challenge and AustCyber’s pilot cyber security competition called CyberTaipan, have been launched to spark interest in cyber careers for young people as well as to enhance teacher professional development. Over 30,000 students and 1000 teachers participated in one of these Challenges in 2019
  • The Australian Women in Security Network and the Australian Careers Service provide outreach to grow the talent pool
Ongoing
Increase the number of cyber security scholarships for high school leavers, especially ones that target women and indigenous students Industry and training institutions
  • A series of scholarships for Honours and postgraduate students are available from CSIRO and Data61 as part of the Cyber Security CRC
Ongoing
Introduce a voluntary ‘Digital Nation’ program, where post-secondary students gain work experience in digital professions including cyber security AustCyber, with industry
  • No action to date
Discontinued as an action in this SCP
Provide efficient paths for immigration of skilled cyber security professionals by:
  • Recommending that the Australian Government include ICT Security Specialist to the Skilled Occupation List
  • Working with training institutions to structure education programs to meet the relevant visas
Government, with training institutions
  • The Department of Home Affairs’ Global Talent Program has a cyber security focus to attract elite talent who have secured employment within the Australian ecosystem
In progress
Expand the output and relevance of cyber security programs at Australia’s universities and vocational training institutions by working closely with industry in:
  • Establishing globally compatible core competencies for cyber security degree qualifications that are accepted by both government and the private sector
  • Seeking opportunities to build significant industry experience component into the curriculum
  • Supplementing teaching staff with industry personnel and exploring opportunities for this participation to be formally recognised in professional standards
  • Regularly revising curriculum and course structure to maintain relevance
AustCyber, with training institutions
  • Two TAFE cyber security non-degree courses have been developed with industry that students can partly complete on-the-job and are now being offered at TAFEs around the country. Over 2000 students are enrolled in these programs
  • PWC’s Skills for Australia completed a cross sector project in cyber security. This will see eight units of competency in fundamental areas of cyber security available to all students pursuing a qualification in Vocational Education and Training in Australia
  • Universities are expanding the number and capacity of cyber security education programs and increasingly mapping their curriculum to the NICE Workforce Framework
  • Academic Centres of Cyber Security Excellence (ACCSE) set up at Edith Cowan University in Western Australia and Melbourne University, with $1.91 million in Commonwealth funding
Ongoing
Ensure that senior executives, directors and policymakers have access to high-quality cyber security training program AustCyber, with industry
  • AustCyber, Data61 and the Australian Institute of Company Directors have launched Cyber for Directors, a program for senior decision makers to improve their knowledge and understanding of cyber. There are several events each year across Australia
  • Industry players (e.g. Cybermerc, Fifth Domain and Cyber Aware) have a growing presence as educators and trainers of executives
  • The Stay Smart Online campaign provides information for business owners to protect their businesses
In progress
Expand the range of training/retraining and transitional models available by:
  • Establishing an apprenticeship model for cyber security that will enable more hiring of graduates
  • Creating industry-led rapid training/retraining courses to better enable transition to cyber security from other professions
AustCyber, with industry
  • Cyber security is part of the Digital Apprenticeship Program run by the Digital Transformation Agency
  • PwC’s Skills for Australia completed a cross sector project in cyber security. This will see eight units of competency in fundamental areas of cyber security available to all students pursuing a qualification in Vocational Education and Training in Australia
  • The Department of Employment, Skills, Small and Family Business is considering the establishment of a new industry-led Skills Organisation dedicated to Digital Technology and Cyber Security
In progress
Improve on-the-job training opportunities and clarify career progression options to increase retention and link this to common messaging on the important of cyber security to Australia’s national interests  Industry
  • Industry awareness of the importance of on-the-job training for both skill development and retention has grown and large organisations are increasing their training offerings
  • Large firms are beginning to adopt the National Initiative for Cybersecurity Education (NICE) Workforce Framework, a US government taxonomy of cyber security jobs
Ongoing
  1. Australian Government, Department of Foreign Affairs and Trade (2017), Composition of Trade Australia 2015–16. Available at: http://dfat.gov.au/about-us/publications/Documents/cot-fy-2015-16.pdf.