The federal government should leverage its multibillion-dollar IT spend to drive improvements to the nation's cyber security, a defence think tank says in a new report.
Subscribe now for unlimited access.
$0/
(min cost $0)
or signup to continue reading
An Australian Strategic Policy Institute report, released on Tuesday, said the nation's Commonwealth and state governments could use their spending power to improve the economy's resilience to cyber attack.
It said the governments had taken a fragmented approach in requiring cyber security standards of the suppliers they purchased IT services from.
"The standards need to be more than just a tick-the-box exercise to set a minimum standard - they should provide multiple levels through which suppliers can seek to progress by continuous improvement," the institute's report said.
Governments should also provide commercial incentives for suppliers to improve their security in purchasing their services and products, it said.
The report said the federal government's annual IT spend had grown from $5.9 billion in 2012-13 to almost $10 billion.
MORE PUBLIC SERVICE NEWS:
"Its position as a major buyer potentially provides significant market power that could be used to address some of these challenges," it said.
"In an environment in which resources for cyber security are very limited, this could have the advantage of leveraging other existing budgets for ICT procurement.
"Setting security standards expected from its suppliers may help to lift standards across the board.
"Companies will be incentivised to lift their standards in order to qualify to do business with the government, and it will often be easier for them to apply those standards across their whole enterprises rather than just for their government contracts."
Barriers to security in IT supply chains included a lack of coordination, unclear standards, a fragmented approach to accreditation, uneven access to the market for suppliers and the need to comply with value for money requirements, the report said.
The federal government's new cyber security strategy, released earlier this month, flagged major spending on cyber security, and detailed long-term efforts to bolster defences. It said the first priority would be centralising the management and operations of the IT networks run by federal agencies.
"Centralisation could reduce the number of targets available to hostile actors such as nation states or state-sponsored adversaries, and allow the Australian government to focus its cyber security investment on a smaller number of more secure networks," the strategy said.
It said agencies would adopt safety measures recommended by the Australian Signals Directorate.