The Security Detail Download: Cyber Threats to the Public Sector in Australia

The Security Detail is a podcast series facilitated and hosted by SURGe, Splunk’s strategic security research team.

Every other week, co-hosts Audra Streetman and Kirsty Paine interview security experts about the cyber threat landscape across various industries.

Episode four features an interview with Dan Tripovich, the Assistant Director-General Standards, Technical Advice and Research (STAR) within the Australian Signals Directorate (ASD)’s Australian Cyber Security Centre (ACSC). The STAR Branch delivers ACSC’s flagship publications, including the Australian Government Information Security Manual, the Essential Eight and protective cybersecurity guidance to the Australian public. Tripovich is also responsible for the delivery of the ACSC’s research, international standards and technical advice capabilities to support the secure operation of critical, emerging and operational technologies.Tripovich’s interview highlights the increasing focus on cybersecurity in the public sector, particularly in Australia. Read for our top takeaways from the interview, or download the full episode.

1. Government investments soften geographical challenges

Tripovich explains that Australia’s geography presents some unique cybersecurity challenges. “Our traditional geographic benefits of being in a country like Australia — one big massive island — are not effective in the cybersecurity domain. Cyber criminals are increasingly and persistently targeting all sectors of the Australian economy due to the attractiveness of our prosperity.”Fortunately the Australian government is making significant investments to bolster cybersecurity capabilities, recruit skilled professionals and develop advanced technologies to defend against cyber threats. The REDSPICE project, for example, aims to invest $9.9 billion in cybersecurity over the next decade. Government programs such as Girls’ Programming Network and the Australian Women and Security Network help drive diversity and overcome the skills gap in Australia’s cybersecurity workforce, even in the public sector. Between July and December 2022, the ASD received 10,000 applications, according to Tripovich. “They want to get amongst it and be a part of what we're working on here."

2. Public sector agencies must identify crown jewels and carve out the noise

The discussion stresses the significance of cyber resilience in protecting critical infrastructure and essential services. Public sector leaders need to identify their crown jewels, prioritize critical services and implement strong cyber hygiene practices to enhance their organization's ability to withstand and recover from cyber incidents."In Australia, we had an event just before [COVID]: the bushfires of that year. We had to send people home because their buildings were full of smoke and services were difficult to deliver. But it gave us a really good dry run of actually understanding what services we really did need to function and maintain mission critical,” Tripovich said. “You've got to carve those numbers down in a time of crisis, really focus on the things that matter and carve out that noise so you can really pay attention, deliver and respond in an appropriate way."

3. Making cybersecurity accessible means speaking the stakeholders’ language — literally

Tripovich underscores the importance of collaboration between the public and private sectors, academic institutions and international partners in addressing cyber threats. Initiatives like sharing threat intelligence, offering cybersecurity education and training programs and promoting diversity in the workforce are crucial in building a robust cybersecurity ecosystem. Moreover, efforts to translate cybersecurity materials into multiple languages aim to make cybersecurity guidance more accessible and effective on a global scale.“We're working to actively translate all our products into 22 different languages,” Tripovich explained. "All well and good to publish something, but you want the cybersecurity needle to shift because you've put some time, effort and soul into getting these things done. So we advise and represent ASD's position, opinions and support not only other government agencies, but also our government bodies and parliamentarians to help aid and adjust their decision making or influence." Listen to the full interview to hear Tripovich’s thoughts on the evolving and persistent cyber threats faced by governments and public sector organizations. To learn more about The Security Detail podcast, visit thesecuritydetail.podbean.com.