The newly unveiled 2023-2030 Australian Cyber Security Strategy (the Strategy) lays out six cyber shields to achieve the Australian Government’s goal of becoming a world leader in cyber security by 2030. It aims to substantially improve the country’s overall cyber security posture, the ability to manage cyber risks and respond to cyberattacks quickly. To facilitate its implementation, the government has committed $586.9 million to execute the seven-year strategy, in addition to the $2.3 billion already allocated to cyber security.
What are the 2023-2030 Australian Cyber Security Strategy’s Six Cyber Shields?
The Strategy employs a layered security approach with six ‘shields’ to holistically defend Australia against cyber threats. It prioritises Australian citizens and businesses as an essential part of fortifying the country’s overall security posture.
- Strong businesses and citizens
Shield 1 lays out a long-term plan to educate citizens and businesses on cyber threats and how to protect themselves. The strategy also includes provisions to ensure proper support is in place for them to recover extremely quickly from a cyber attack.
- Safe technology
Shield 2 advocates for safer technology by developing clear standards for cybersecurity in digital products and software to ensure that security is baked into software, apps and devices from their inception.
- World-class threat sharing and blocking
Shield 3 aims to improve threat sharing by developing a cyber intelligence network between government and industry, feeding that information into a next-generation threat-blocking capability to thwart attacks.
- Protected critical infrastructure
Shield 4 will strengthen cyber security obligations and compliance of critical infrastructure entities. It will expand the entities covered under the SOCI Act and ensure the protection of the vital data held, used and processed by critical infrastructure entities’ data storage systems.
- Sovereign capabilities
Shield 5 will enhance sovereign capability by upskilling the workforce and encouraging technology innovation in Australia. It aims to develop in-country cyber skills and provide funding for Australian start-ups and SMEs to tackle cybersecurity challenges through innovation.
- Resilient region and global leadership
Shield 6 emphasises uplifting security across the Commonwealth’s Government agencies. A critical component of this shield is implementing internationally recognised approaches to zero trust to protect government data and its digital estate. Universally considered the gold security standard, the U.S. Government similarly issued an Executive Order for Zero Trust in 2021 that must be implemented by the Department of Defense by 2027.
How archTIS Supports Shields 4, 5 & 6 of the Australian Cyber Security Strategy
archTIS has been developing and providing the sovereign capability to solve information security challenges across government, defence and industry for 17 years. The company’s industry-leading data-centric cybersecurity approach aligns with Shields 4, 5 and 6 of the Strategy, setting the highest standards of protection for your organisation’s sensitive data.
Shield 4 – Strengthening critical infrastructure entities’ cyber security obligations and compliance
While essential, the level of compartmentalised access and sharing controls required for protecting sensitive information can be costly and difficult for critical infrastructure entities to achieve. Bespoke solutions can take months or longer to build, and the expense is prohibitive for small to medium enterprises. A hosted platform designed to meet government compliance requirements, including SOCI Act, SLACIP and SoNS, provides a fast-to-deploy option to quickly assist with meeting information security requirements.
The Kojensi SaaS platform by archTIS is a secure cloud-based service accredited by the government for sharing up to PROTECTED information. It is designed to meet the information security requirements of critical infrastructure organisations. By using Kojensi to secure collaboration and file sharing compliantly, organisations can avoid the high costs of implementing new on-premises secured ICT infrastructure.
Shield 5 – Sovereign Capabilities
Supporting a global customer base, archTIS is an Australian sovereign company that develops all of its products in Australia, including Kojensi and NC Protect, helping to establish Australia as an information security technology leader. With headquarters in Canberra and development offices in Melbourne, archTIS provides growing opportunities for employment in skilled cybersecurity software development, technical support, sales, and marketing.
The company has been recognised for its success in achieving gender equality in leadership roles and was featured in the recently published book “From Bias to Equality: How Business Leaders Can Drive Innovation, Success, and Profitability by Embracing True Gender Balance.”
Shield 6 – Implementing a Zero Trust Culture
While establishing a zero trust culture is a new mandate in the Strategy, archTIS information security products are already built on a Zero Trust Data-Centric Security (DCS) methodology. All archTIS products use a Zero Trust methodology enforced with attribute-based access controls (ABAC). This approach enables secure collaboration of sensitive and classified information with dynamic, policy-enforced access and file protection.
With ABAC, attributes of users (organisation, role, nationality, security clearance), their device, location, and network are used in dynamic access policies to apply data access, usage and sharing rights. Information owners set policies on who, how and when the information can be accessed and used. This means permission to access and share information can be dynamically granted based on context and situational risk.
A data-centric zero trust methodology enforced with ABAC solves complex information security challenges, including:
- Sharing classified information between parties at different levels of trust (e.g., Five Eyes, AUKUS, QUAD).
- Demonstrating industry accreditation (DISP), data sovereignty and Export Control compliance (ITAR).
- Securely sharing information across the supply chain and critical infrastructure.
- Protecting access to and sharing of sensitive intellectual property.
archTIS Accelerates Zero Trust Data-centric Security (DCS) Capabilities
Our award-winning software products at archTIS can help accelerate your Zero Trust DCS capabilities, providing you with the technology your organisation needs to be secure and compliant.
Kojensi is an Australian government-accredited Software as a Service (SaaS) platform hosted on a PROTECTED classified Cloud for defence and industry collaboration. An on-premises version is offered for managing data at higher classified levels. The platform provides data-centric ABAC-enabled information access and sharing controls, a complete audit trail, version control, and tracking features to ensure transparency and compliance with auditing requirements. Kojensi enables secure, compartmentalised collaboration out of the box, saving clients costs that can run into the millions to build and support bespoke accredited systems.
NC Protect provides enhanced information protection for accessing, using and sharing sensitive and classified content in Microsoft 365 applications, SharePoint on-premises, Nutanix Files, NetApp ONTAP and Windows file shares. NC Protect enables defence and industry to enhance security with ABAC and unique data protection capabilities while leveraging their investments in Microsoft applications. It allows customers to enjoy the benefits of digital collaboration using these platforms while meeting strict compliance and data security obligations.
Supporting Australia’s Cyber Shields
The Australian Cyber Security Strategy’s Six Shields will be critical in defending Australia against cyber threats. archTIS sovereign capability and technology alignment support Shields 4, 5 and 6 of the Strategy with ready-to-deploy products to help you meet compliance and ensure the highest standards of protection for your organisation’s sensitive data.
Contact us to learn more about how our information security solutions aid in meeting a wide range of government and Defence compliance requirements.