목차
Title page
Contents
Acknowledgements 2
Preface 5
Executive summary 6
Methodology 8
Research limitations 10
Definitions and topics of focus 10
Cybersecurity 10
Critical technology 11
Research findings: cybersecurity summary 11
Identified challenges 11
Knowledge gaps 11
Online threats and cyber resilience 11
Case study 1: Prioritising cyber resilience investment 16
Data management, ownership and storage 18
Data storage 21
Data ownership 22
Cybersecurity policies and infrastructure 23
Ransomware and response 24
Public engagement on cybersecurity 26
The need for a national response: cybersecurity governance 27
Research findings: critical technology summary 29
Identified challenges 29
Knowledge gaps 29
Critical technology standards and sovereignty 30
International standards 30
'Values' in critical technologies 31
Case study 2: Critical technologies: investment priorities 33
Investment in critical technologies 33
Foreign investment 35
Sovereign capacity 38
Policy recommendations 41
Appendix 1: Participant profile 43
Appendix 2: List of key findings 48
Appendix 3: List of study questions 49
Appendix 4: List of figures 59
Notes 61
Acronyms and abbreviations 61
Figure 1. On a scale of 1-3, please rank the top three threats you personally are most concerned about for Australia 12
Figure 2. On a scale of 1-10, how 'cyber resilient' do you consider the following to be (1 being not at all cyber resilient and 10 being very cyber resilient) 13
Figure 3. Percentage of parliamentarians who answered 'not sure' for each sector in q. 14: On a scale of 1-10, how 'cyber resilient' do you consider the following... 15
Figure 4. From the previous list, which three sectors should receive prioritised investment in the next 12 months to assist with improving their cyber resilience? 16
Figure 5. Of the three sectors you selected above, please indicate on the scale below where you believe this investment should come from 17
Figure 6. Do you personally feel safe online against scams / cyber threats? 18
Figure 7. Should the federal government have a data management strategy for the private sector (i.e. critical infrastructure operators)? 20
Figure 8. What types of [federal government / state/territory government / local council] data should it be mandatory to store on Australian servers? 22
Figure 9. In Estonia, citizens own their personal data and approve the information that can be used by government agencies. It is a criminal ofence for government... 23
Figure 10. In your opinion, when it comes to legacy ICT systems that support critical national infrastructure, what is the best way to manage these from a cybersecurity... 24
Figure 11. Should it be legal or illegal in Australia to pay ransomware demands? 24
Figure 12. Which one of the below comes closest to describing how ofen you are engaged by constituents and industry on issues relating to cybersecurity? 26
Figure 13. From your perspective, is there a federal government department/agency that has the lead responsibility for cybersecurity issues? 27
Figure 14. If you answered 'yes' to 'Is there a federal government department/agency that has the lead responsibility for cybersecurity issues?', please state... 28
Figure 15. From your perspective, which federal government department should have the lead responsibility for cybersecurity issues? 28
Figure 16. Do you personally believe Australia is doing enough to shape international standards on critical technologies? 30
Figure 17. Do you personally agree or disagree that technology reflects the values of the countries it is designed and produced in? 32
Figure 18. Do you personally believe it is OK or not OK to deploy technologies designed and produced in authoritarian states in Australia? 32
Figure 19. Please rank the top three critical technologies where you personally believe Australian investment should be prioritised to advance Australia's national... 33
Figure 20. Please rank the top three critical technologies where you personally believe Australian investment should be prioritised to advance Australia's economic... 34
Figure 21. Of the three critical technologies you selected above as technologies where you personally believe Australian investment should be prioritised to advance... 35
Figure 22. Should there be limitations on foreign investment in Australian businesses that develop or manufacture critical technologies based on [national security... 36
Figure 23. If you answered 'some limitations on foreign investment', should there be some limitations on foreign investment from... 37
Figure 24. If you answered 'some limitations on foreign investment', should there be some limitations on foreign investment for... 37
Figure 25. Please circle the degree to which you agree or disagree with the following statement in respect to each area of technology listed below: 'It is important... 39
Figure 26. If it's not important for Australia to have a sovereign capacity in these areas, is it important to have access to a reliable, secure supply from other... 40
Figure 27. Gender representation in ASPI sample 43
Figure 28. Gender representation in the 46th parliament 44
Figure 29. Chamber representation in ASPI sample 44
Figure 30. Chamber representation in 46th parliament 45
Figure 31. Status representation in ASPI sample 45
Figure 32. Status representation in 46th parliament 46
Figure 33. Electorate representation in ASPI sample (House of Representatives only) 47
Figure 34. Electorate representation in 46th parliament (House of Representatives only) 47