Australian policy

Cybersecurity attacks have become a growing focus for many businesses and governments. A challenge in responding is to determine the level and allocation of cyber-security budgets.

This 2023 paper reflects on a proposed system for benchmarking and evaluating cybersecurity strategies, assessing both the strategy's design and its implementation. In doing so, it critiques existing approaches as Australia emerges from what the government has described as a period of “cyber slumber.”

Australia's existing public and private capacity, despite the increased emphasis on the cyber domain, is likely insufficient to counter the full range of threats it faces in cyberspace.

Since 2022, Australia has significantly expanded its cyber and intelligence capabilities through major new investments. The scale of this expansion has prompted discussion of its geopolitical drivers and the implications for public and parliamentary oversight.

Australia’s 2025 cyber response plan introduces a “nationally catastrophic” incident category, but preparedness for such a crisis remains unclear. This paper argues that cyber civil preparedness and resilience must become central to national security policy.

In this 2016 paper, Greg Austin argues that Australia will need to develop complex responsive systems of decisionmaking for medium intensity war that address multi-vector, multi-front and multitheatre attacks in cyber space.

There should be a single overarching evaluation of the entire strategy (to ensure coherence between policy pillars) every four years as well as separate evaluations of each policy pillar, every two years.

This study undertakes a comprehensive analysis of the fiscal consequences of extreme cybersecurity incidents affecting publicly traded corporations in the 21st century.

Australia should harness the capability provided by civilians and develop volunteer cyber forces as part of a whole-of-society approach to national defence and cyber resilience. In addition to cybersecurity functions, volunteer cyber forces may be eYectively utilised in relation to Open Source Intelligence (OSINT), information and cognitive conflict, as well as espionage and proactive cyber activities.