The Australian government is preparing a new cyber security strategy to cover the period 2023 to 2030. As part of the deliberations, it called for submissions on key issues, including an evaluation framework for the new strategy. This paper responds to that call. It offers reflections on a system of benchmarking and assessment by which the strategy and its implementation can be judged. In doing so, the paper offers a critique of existing approaches as the country wakes from what the government has called a ‘cyber slumber’. Three factors will be central to the success of the new commitments—a sense of urgency, a commitment to coherence between policy pillars, and investment of political capital for deep reform in individual pillars. All three factors (which we can also take as indicators of performance) depend on shared leadership by governments, industry, and community actors (especially educators).
This paper analyses the issue of reputation damage for transport cyber-attacks. Cyber-security attack has become an increasing focus for much business and government planning. Transport infrastructure networks are of special concern. A challenge in responding is to determine the level and allocation of cyber-security budgets. Extensive public sector involvement means that market measures of net benefit may be insufficient for government decision-makers. For example, government reputation effects will also be regarded as important, and so this paper uses focus group methods to demonstrate how project evaluation can incorporate public reputation damage measures. So called "contingent valuation" methodology is applied for this purpose in the paper, generating illustrative "willingness to pay" estimates for public reputation.