Escalating tensions between the United States and competing countries are reshaping the cyber-security landscape – with severe implications for Australian businesses and government organisations. The United States set down its case in a cyber strategy document released in late 2018 and has escalated its measures from there. According to the document, the United States had adopted a vision of ‘a shared and open cyberspace for the benefit of all,’ but its adversaries had conducted economic espionage and malicious cyber activities that had damaged individuals, commercial and non-commercial interests and governments across the world.
The document listed Russia, China, Iran, and North Korea as challenging the United States in cyberspace, ‘often with a recklessness they would never consider in other domains.’ Since then, the United States Government has issued executive orders to shore up a cybersecurity workforce short of 300,000 practitioners and more importantly, to declare a national emergency and bar United States companies from using foreign telecommunications equipment made by companies it considers a national security risk. The initiative is already causing consternation among local users of smartphones from one supplier – a leading United States-headquartered company is reportedly restricting the supplier’s access to its applications and operating system.
Businesses need to monitor and respond quickly to these measures and the evolving security landscape. Companies exposed to the United States will need to evaluate the risks of doing business with firms targeted by current and future executive orders. Given Australia’s close relationship with the United States, local organisations will also need to remain aware of the ongoing risk of cyberattack or espionage from individuals or groups acting on behalf of ‘cyberspace challenger’ countries.
Some of the steps businesses should take include ensuring cyber-security planning including incident response is up to date and people know their roles and responsibilities; checking that anti-malware products are installed and up-to-date; and that employees are aware of potential cyber-threats and the steps they need to take to minimise risk. If you would like to learn more, please contact firstname.lastname@example.org.