The federal government should leverage its multibillion-dollar IT spend to drive improvements to the nation's cyber security, a defence think tank says in a new report.
An Australian Strategic Policy Institute report, released on Tuesday, said the nation's Commonwealth and state governments could use their spending power to improve the economy's resilience to cyber attack.
It said the governments had taken a fragmented approach in requiring cyber security standards of the suppliers they purchased IT services from.
Advertisement
"The standards need to be more than just a tick-the-box exercise to set a minimum standard - they should provide multiple levels through which suppliers can seek to progress by continuous improvement," the institute's report said.
Governments should also provide commercial incentives for suppliers to improve their security in purchasing their services and products, it said.
The report said the federal government's annual IT spend had grown from $5.9 billion in 2012-13 to almost $10 billion.
MORE PUBLIC SERVICE NEWS:
"Its position as a major buyer potentially provides significant market power that could be used to address some of these challenges," it said.
"In an environment in which resources for cyber security are very limited, this could have the advantage of leveraging other existing budgets for ICT procurement.
"Setting security standards expected from its suppliers may help to lift standards across the board.
"Companies will be incentivised to lift their standards in order to qualify to do business with the government, and it will often be easier for them to apply those standards across their whole enterprises rather than just for their government contracts."
Barriers to security in IT supply chains included a lack of coordination, unclear standards, a fragmented approach to accreditation, uneven access to the market for suppliers and the need to comply with value for money requirements, the report said.
The federal government's new cyber security strategy, released earlier this month, flagged major spending on cyber security, and detailed long-term efforts to bolster defences. It said the first priority would be centralising the management and operations of the IT networks run by federal agencies.
"Centralisation could reduce the number of targets available to hostile actors such as nation states or state-sponsored adversaries, and allow the Australian government to focus its cyber security investment on a smaller number of more secure networks," the strategy said.
It said agencies would adopt safety measures recommended by the Australian Signals Directorate.
Doug Dingwall
Doug Dingwall is The Canberra Times' Public Service Editor. He writes about government and federal politics, and edits The Public Sector Informant. He has an interest in integrity and industrial relations. Previously he worked at The Examiner in Launceston, where he won a Tasmanian Human Rights Award in 2016 for his reporting. Contact him on doug.dingwall@canberratimes.com.au
Doug Dingwall is The Canberra Times' Public Service Editor. He writes about government and federal politics, and edits The Public Sector Informant. He has an interest in integrity and industrial relations. Previously he worked at The Examiner in Launceston, where he won a Tasmanian Human Rights Award in 2016 for his reporting. Contact him on doug.dingwall@canberratimes.com.au
