Turnbull orders rewrite of draft Australian cyber strategy

The government department driving Australia's new cyber security strategy has been forced to rewrite the document following intervention by new Prime Minister Malcolm Turnbull, pushing back the strategy's release for a second time. 

Malcolm Turnbull

The Abbott government launched a review of the ageing national policy last year in response to calls to make the document relevant in a vastly different technological landscape from its 2008 origins.

The government intially said the new strategy would be delivered in mid-2015, but it failed to materialise by the middle of the year.

In September - just prior to the elevation of Malcolm Turnbull to the prime ministership - the Department of Prime Minister and Cabinet said the new strategy would arrive soon after the winners of the public-private sector Cyber Security Challenge were named on October 26.

But once again, Australia's business leaders and infosec community were left waiting.

iTnews can reveal the Prime Minister's department has been told to go back to the drawing board after Turnbull voiced his disapproval of the first draft.

Sources told iTnews the PM had directed a rewrite after finding the first version of the strategy lacked teeth or funding.

The department is now avoiding a definitive deadline for the release of the new version.

A spokesperson for PM&C said Turnbull had taken a keen interest in the review and had provided feedback which had been incorporated into the process.

They said a new cyber security strategy would soon enter development after the outcomes of the now year-long review were reconsidered.

"A new public cyber security strategy will outline practical initiatives to promote security and growth for Australia online," the spokesperson said.

"A date for the release of the strategy has not yet been set. This will occur following the government’s consideration of the review."

The department attributed part of the delay in the strategy's arrival to a cyber security summit and follow-up roundtable held over the past six months.

The initiatives were aimed at 'testing ideas for practical initiatives' that would be delivered through a public-private security cyber security strategy, the department said.

"This will ensure the government’s approach is practical, effective and fit for purpose. Cyber security is not a problem the government can tackle alone," the PM&C spokesperson said.

"This has extended the time required for the review, but it will enable the government to provide a comprehensive and forward looking response to the review’s findings."

The review itself is a classified document and won't be released to the public.

The spokesperson said the review needed to remain secret to "protect the sensitive information shared with [the department] during consultations and the information it contains on matters of national security".

Review team leader Tobian Feakin told iTnews in July the policy would centre on voluntary standards, skills and public-private sector collaboration, with trust relationships amongst members of the private sector to be a key feature.

His comments were later echoed by first assistant secretary of cyber policy and intelligence at PM&C, Lynwen Connick, a key author of the strategy.

"[The review will also cover] bridging the gap in the skills divide, both in current workforces, but also in university course structures, to build a workforce that you want in five or ten years time," Feakin said at the time.

"[It will also look] at voluntary sets of standards. You have a government here that will always be adverse to legislating and regulating, certainly in this area," he added.