SCI RESEARCH
Australia’s cyber environment is under constant attack. The threats are multifaceted and growing. Beyond the well-known cybercrime and cybersecurity challenges, we face a barrage of online mis- and dis-information aimed at undermining our social cohesion. Despite increased emphasis on the cyber domain, our existing public and private capacity is likely insufficient to counter the full range of threats we face in cyberspace. Against this background, Australia must adopt a whole-of-society approach to the defence of the cyber environment. This discussion paper seeks to canvass options for an Australian ‘cyber intelligence and information militia’; that is, a ‘crowdsourced’ civilian volunteer cyber reserve capability fit to engage in open-source intelligence (OSINT) and information warfare. Such a resource could play an important role in supplementing existing or developing capabilities.
The Australian government is preparing a new cyber security strategy to cover the period 2023 to 2030. As part of the deliberations, it called for submissions on key issues, including an evaluation framework for the new strategy. This paper responds to that call. It offers reflections on a system of benchmarking and assessment by which the strategy and its implementation can be judged. In doing so, the paper offers a critique of existing approaches as the country wakes from what the government has called a ‘cyber slumber’. Three factors will be central to the success of the new commitments—a sense of urgency, a commitment to coherence between policy pillars, and investment of political capital for deep reform in individual pillars. All three factors (which we can also take as indicators of performance) depend on shared leadership by governments, industry, and community actors (especially educators).
This paper analyses the issue of reputation damage for transport cyber-attacks. Cyber-security attack has become an increasing focus for much business and government planning. Transport infrastructure networks are of special concern. A challenge in responding is to determine the level and allocation of cyber-security budgets. Extensive public sector involvement means that market measures of net benefit may be insufficient for government decision-makers. For example, government reputation effects will also be regarded as important, and so this paper uses focus group methods to demonstrate how project evaluation can incorporate public reputation damage measures. So called "contingent valuation" methodology is applied for this purpose in the paper, generating illustrative "willingness to pay" estimates for public reputation.