Abbott's national cyber security strategy still months away

The federal government won't release its long-awaited updated national cyber security strategy until the end of October at the earliest, the Department of Prime Minister and Cabinet has confirmed.

Australia's business and infosec industries have been waiting for the document to arrive since the expert panel tasked with undertaking a review of the existing strategy completed its work. It had been asked to hand over the review before the end of May. 

The PM&C confirmed it has received a copy of the review, but is yet to consider its outcomes.

It will do so "soon", a spokesperson said, following which it will release the new national cyber security strategy.

It is planning to debut the new strategy in around two months time - meaning it will arrive almost a year after the project was first announced.

The launch of the strategy has been timed to coincide with the awarding of the winners from the public-private sector Cyber Security Challenge on October 26.

The award ceremony will foreshadow the release of the strategy, PM&C said, which is understood to be tentatively scheduled for arrival in the following week.

An update on the strategy was widely expected to be provided following a meeting of the nation's top business leaders in July, but proved not to be forthcoming.

The meeting included ASX boss Elmer Funke Kupper, Telstra chairwoman Catherine Livingstone, CBA CIO David Whiteing, and Business Council of Australia head Jennifer Westacott.

It focused on the “the importance of leadership” and how cyber security was an "issue for executives and boards, not just an IT issue for technical experts”.

It also discussed ideas for practical improvement to Australia's cyber security through better private-public sector threat sharing and addressing skills shortages.

The cyber security strategy review is being lead by an expert panel involving Westacott, Cisco US chief security officer John Stewart, Telstra CISO Mike Burgess, Australian Strategic Policy Institute international cyber policy director Tobias Feakin, and former head of the UK GCHQ Iain Lobban.

In an exclusive interview, Feakin told iTnews in July the policy would centre on voluntary standards, skills and public-private sector collaboration. 

He revealed trust relationships with the private sector would be a key feature.

"[The review will also cover] bridging the gap in the skills divide, both in current workforces, but also in university course structures, which build a workforce that you want in five or 10 years time," Feaking said at the time.

"[It will also look] at voluntary sets of standards. You have a government here that will always be adverse to legislating and regulating, certainly in this area."

The Abbott government launched the review in response to calls to update the ageing policy and make it relevant in a vastly different technological landscape from when it was first written in 2008.

The initial strategy aimed to increase the country’s awareness of and reaction to cybercrime incidents, and ensure government and local businesses used secure and resilient IT infrastructure.

It resulted in the formation of the local Computer Emergency Response team (CERT Australia) and the Australian Cyber Security Centre.