Optus is creating a new senior leadership role to integrate its cyber security and national security functions and then lead the telco’s response to the government’s critical infrastructure reforms.
The telco revealed its intention to hire a ‘head of national & cyber security’ - which it described as a “newly created senior leadership opportunity … to lead a team of up to 30 people across our national and cyber security functions” - at the end of last month.
While the senior role appears to reflect industry trends towards running physical and cyber security under a single executive, as seen at the likes of NAB and NBN Co, iTnews can reveal that Optus’ move is an anticipatory response to forthcoming changes to critical infrastructure laws.
The laws are a central plank of the government’s 2020 cyber security strategy, and aim to uplift the security and resilience of systems and ensure networks across a range of verticals can be defended.
They are anticipated to be in place by mid-2021.
With telco among ten sectors subject to the new critical infrastructure regime, iTnews understands that Optus is already making preparations on its end.
The government and KPMG are currently running town halls and workshops with various industry sectors to “co-design” the specific obligations that various industry sectors will be subjected to.
Telcos are anticipating extra attention in that they will be classed as “systems of national significance” within the legislative changes.
With standards currently under development, it is understood that Optus is looking to combine its internal security functions under a new leader who will also act as an interface with senior government security officials and advisory panels as the rules are drawn up.
The new ‘head of national & cyber security’ is expected to integrate and manage Optus’ existing national security and cyber security functions, design both policy and operational responses to comply with the new regulated regime, and integrate these into Optus and Group policies, procedures and practices.
"Optus has demonstrated a strong track record of meeting national security regulatory obligations,” Optus vice president of regulatory and public affairs Andrew Sheridan said in a statement to iTnews.
“As the government enhances national security profile for critical infrastructure, Optus is taking the opportunity to uplift capabilities to meet and exceed expectations.”
The new ‘head of national & cyber security’ will report to vice president of IT in Australia, Yoke Kong Seow.
While Optus already has a CISO, Dr. Siva Sivasubramanian, it is understood that he has a different reporting line directly to Singtel, however all security functions at Optus sit in the same physical area and collaborate.
It is not yet clear how other telcos plan to address the critical infrastructure reforms.
More broadly, Seow’s IT group is understood to be recruiting dozens of new roles as part of a company-wide ‘digital everywhere’ strategy outlined by CEO Kelly Bayer Rosmarin last year.
This push is understood to encompass a range of initiatives from the digitisation of customer service channels to app enhancements and technology skills training.
“As a technology company, we’re looking for the best software and data engineers to join us and deliver innovative products that create lasting customer relationships,” Seow told iTnews.