The federal government’s review of its cyber security strategy is long overdue and reviews need to be conducted more regularly, according to KPMG Australia forensic technology director Stan Gallo.
Concerns about online threats against Australia led the federal government to launch a review of its cyber security strategy for the first time since 2008.
The review will look at how government and industry can work together to improve the security of online systems.
“As far as the review goes, it is overdue, because six years is far too long. Realistically, the reviews should be ongoing, in line with [changing] technology,” Gallo told CIO Australia.
However, he said the review would go a long way to allay consumer concerns about the security of the information they provide to government, the information that is held about them in various government departments and how departments secure that data.
“With the <i>Privacy Act</i> amendments in March 2014, there is an increased focus on confidential information and how is it stored and accessed,” said Gallo.
“Hopefully it [the review] will make people think about how they store information in mobile applications and what they store on their portable devices.”
Commenting on the Australian Cyber Security Centre (ACSC) opening in Canberra, Gallo said it was beneficial to have government agencies working more closely together.
The ACSC brings together the Australian Crime Commission (ACC), the Australian Federal Police (AFP), Australian Security Intelligence Organisation (ASIO), the Australian Signals Directorate and the Attorney-General’s Department Computer Emergency Response Team (CERT) Australia.
“Hackers have been sharing information for a long time and they do it quite openly. If the institute they have set up can be a broader collaboration between government and private sector organisations, that would be fantastic. It would bring a whole different range of capability rather than having agencies working separately towards a common goal,” he said.
Australian Information Security Association (AISA) advocacy group chair James Turner said the association is very happy that the review is taking place.
“It’s very important that the government and private sector are working together on cyber security issues.”
He added that the cyber security review that came out in 2008 is “clearly out of date” and regular scheduling of a review is needed to keep up with cyber security and ICT changes.
Follow Hamish Barwick on Twitter: @HamishBarwick