국가전략정보포털

Title page

Contents

Acknowledgements 2

Preface 5

Executive summary 6

Methodology 8

Research limitations 10

Definitions and topics of focus 10

Cybersecurity 10

Critical technology 11

Research findings: cybersecurity summary 11

Identified challenges 11

Knowledge gaps 11

Online threats and cyber resilience 11

Case study 1: Prioritising cyber resilience investment 16

Data management, ownership and storage 18

Data storage 21

Data ownership 22

Cybersecurity policies and infrastructure 23

Ransomware and response 24

Public engagement on cybersecurity 26

The need for a national response: cybersecurity governance 27

Research findings: critical technology summary 29

Identified challenges 29

Knowledge gaps 29

Critical technology standards and sovereignty 30

International standards 30

'Values' in critical technologies 31

Case study 2: Critical technologies: investment priorities 33

Investment in critical technologies 33

Foreign investment 35

Sovereign capacity 38

Policy recommendations 41

Appendix 1: Participant profile 43

Appendix 2: List of key findings 48

Appendix 3: List of study questions 49

Appendix 4: List of figures 59

Notes 61

Acronyms and abbreviations 61

Figure 1. On a scale of 1-3, please rank the top three threats you personally are most concerned about for Australia 12

Figure 2. On a scale of 1-10, how 'cyber resilient' do you consider the following to be (1 being not at all cyber resilient and 10 being very cyber resilient) 13

Figure 3. Percentage of parliamentarians who answered 'not sure' for each sector in q. 14: On a scale of 1-10, how 'cyber resilient' do you consider the following... 15

Figure 4. From the previous list, which three sectors should receive prioritised investment in the next 12 months to assist with improving their cyber resilience? 16

Figure 5. Of the three sectors you selected above, please indicate on the scale below where you believe this investment should come from 17

Figure 6. Do you personally feel safe online against scams / cyber threats? 18

Figure 7. Should the federal government have a data management strategy for the private sector (i.e. critical infrastructure operators)? 20

Figure 8. What types of [federal government / state/territory government / local council] data should it be mandatory to store on Australian servers? 22

Figure 9. In Estonia, citizens own their personal data and approve the information that can be used by government agencies. It is a criminal ofence for government... 23

Figure 10. In your opinion, when it comes to legacy ICT systems that support critical national infrastructure, what is the best way to manage these from a cybersecurity... 24

Figure 11. Should it be legal or illegal in Australia to pay ransomware demands? 24

Figure 12. Which one of the below comes closest to describing how ofen you are engaged by constituents and industry on issues relating to cybersecurity? 26

Figure 13. From your perspective, is there a federal government department/agency that has the lead responsibility for cybersecurity issues? 27

Figure 14. If you answered 'yes' to 'Is there a federal government department/agency that has the lead responsibility for cybersecurity issues?', please state... 28

Figure 15. From your perspective, which federal government department should have the lead responsibility for cybersecurity issues? 28

Figure 16. Do you personally believe Australia is doing enough to shape international standards on critical technologies? 30

Figure 17. Do you personally agree or disagree that technology reflects the values of the countries it is designed and produced in? 32

Figure 18. Do you personally believe it is OK or not OK to deploy technologies designed and produced in authoritarian states in Australia? 32

Figure 19. Please rank the top three critical technologies where you personally believe Australian investment should be prioritised to advance Australia's national... 33

Figure 20. Please rank the top three critical technologies where you personally believe Australian investment should be prioritised to advance Australia's economic... 34

Figure 21. Of the three critical technologies you selected above as technologies where you personally believe Australian investment should be prioritised to advance... 35

Figure 22. Should there be limitations on foreign investment in Australian businesses that develop or manufacture critical technologies based on [national security... 36

Figure 23. If you answered 'some limitations on foreign investment', should there be some limitations on foreign investment from... 37

Figure 24. If you answered 'some limitations on foreign investment', should there be some limitations on foreign investment for... 37

Figure 25. Please circle the degree to which you agree or disagree with the following statement in respect to each area of technology listed below: 'It is important... 39

Figure 26. If it's not important for Australia to have a sovereign capacity in these areas, is it important to have access to a reliable, secure supply from other... 40

Figure 27. Gender representation in ASPI sample 43

Figure 28. Gender representation in the 46th parliament 44

Figure 29. Chamber representation in ASPI sample 44

Figure 30. Chamber representation in 46th parliament 45

Figure 31. Status representation in ASPI sample 45

Figure 32. Status representation in 46th parliament 46

Figure 33. Electorate representation in ASPI sample (House of Representatives only) 47

Figure 34. Electorate representation in 46th parliament (House of Representatives only) 47