2023–2030

Australian Cyber
Security Strategy

ACTION PLAN
© Commonwealth of Australia 2023

With the exception of the Commonwealth Coat of Arms, all material presented in this
publication is provided under a Creative Commons Attribution 4.0 International
license at https://creativecommons.org/licenses/by/4.0/legalcode.

This means this license only applies to material as set out in this document.

The details of the relevant license conditions are available on the Creative Commons
website at https://creativecommons.org/ as is the full legal code for the CC BY 4.0 license
at https://creativecommons.org/licenses/by/4.0/legalcode.

Use of the Coat of Arms

The terms under which the Coat of Arms can be used are
detailed at the Department of the Prime Minister and Cabinet website—
https://www.pmc.gov.au/government/commonwealth-coat-arms.

Contact us
Enquiries regarding the licence and any use of this document are welcome at:
Department of Home Affairs
PO Box 25
BELCONNEN ACT 2616

P - 23-02503-b
 2023–2030
Australian Cyber
Security Strategy

ACTION PLAN
Contents
Executive summary 4
Action plan 5
Shield 1: Strong businesses and citizens 6
1. Support small and medium businesses to strengthen their cyber security 6
2. Help Australians defend themselves from cyber threats 6
3. Disrupt and deter cyber threat actors from attacking Australia 7
4. Work with industry to break the ransomware business model 7
5. Provide clear cyber guidance for businesses 8
6. Make it easier for Australian businesses to access advice and support
after a cyber incident 9
7. Secure our identities and provide better support to victims of identity theft 10
Shield 2: Safe technology  11
8. Ensure Australians can trust their digital products and software 11
9. Protect our most valuable datasets 12
10. Promote the safe use of emerging technology 13
Shield 3: World-class threat sharing and blocking 14
11. Create a whole-of-economy threat intelligence network 14
12. Scale threat blocking capabilities to stop cyber attacks 15
Shield 4: Protected critical infrastructure 16
13. Clarify the scope of critical infrastructure regulation 16
14. Strengthen cyber security obligations and compliance for critical infrastructure 17
15. Uplift cyber security of the Commonwealth Government 18
16. Pressure-test our critical infrastructure to identify vulnerabilities  19
Shield 5: Sovereign capabilities 20
17. Grow and professionalise our national cyber workforce 20
18. Accelerate our local cyber industry, research and innovation 20
Shield 6: Resilient region and global leadership 21
19. Support a cyber-resilient region as the partner of choice 21
20. Shape, uphold and defend international cyber rules, norms and standards 22

Appendix A: Lead and contributing agency abbreviations 23

2023–2030 Australian Cyber Security Strategy Action Plan 3

Executive summary

The Australian Government is committed to its vision of positioning Australia as a world leader in
cyber security by 2030. The strength of the 2023–2030 Australian Cyber Security Strategy (the
Strategy) can only be measured by the success of its actions. To achieve success, the Australian
Government has developed this Horizon 1 Action Plan, which supplements the Strategy and
details the key initiatives that will commence over the next two years to put us on a path to
achieving our vision.
In order to become a world leader in cyber security by 2030, the Australian Government will foster
genuine partnerships to generate enduring solutions through ongoing collaboration with industry.
We will deliver our Strategy across three horizons:

Horizon 3
2029–2030
Horizon 2
Lead the frontier
2026–2028
Horizon 1
Expand our reach
2023–2025
Strenghthen our foundations

• In Horizon 1: we will strengthen our foundations. We will address critical gaps in our cyber shields,
build better protections for our most vulnerable citizens and businesses, and support initial cyber
maturity uplift across our region.
• In Horizon 2: we will scale cyber maturity across the whole economy. We will make further
investments in the broader cyber ecosystem, continuing to scale up our cyber industry and grow
a diverse cyber workforce.
• In Horizon 3: we will advance the global frontier of cyber security. We will lead the
development of emerging cyber technologies adapt to new risks and opportunities
across the cyber landscape.

This approach has been crafted with careful consideration to minimise regulatory burden,
promote innovation and maximise participation. The Government recognises the importance of
periodic reviews of the Action Plan to ensure that it remains current.
The Government’s new Executive Cyber Council will play an important role in facilitating genuine
and transparent co-leadership on key cyber security issues. The Council will support the delivery
of national cyber security priorities, including initiatives under this Action Plan.
A flexible approach to achieving the Strategy’s vision will enable us to remain adaptive to
emerging technological, economic and geopolitical trends. Some actions will commence
immediately with the release of the Strategy, while some will be implemented over a longer period.
To remain current and relevant through to 2030, the Action Plan will be reviewed every two years,
with actions being updated, added and removed as required.

4 2023–2030 Australian Cyber Security Strategy Action Plan

 Action
plan

2023–2030 Australian Cyber Security Strategy Action Plan 5

 Shield Strong businesses
1
and citizens
Accountable
Action
agency

1. Support small and medium businesses to strengthen

their cyber security
Offer advice Create cyber ‘health checks’ for small and medium Lead agency:
and guidance businesses to access free cyber maturity assessments, • Home Affairs
to support supported by tailored guidance on how to improve their
cyber security. Contributing
small and
agencies:
medium
businesses • ASD
• Treasury

Build cyber Establish a Small Business Cyber Security Resilience Lead agency:
resilience and Service to provide free tailored advice and victim • Treasury
provide support, accessible through cyber.gov.au.
Contributing
support when
agencies:
an incident
occurs • ASD
• AGD
• Home Affairs

2. Help Australians defend themselves from cyber threats

Extend the Expand the national cyber security awareness Lead agency:
reach and campaign to uplift cyber security outreach and literacy • Home Affairs
accessibility of among the Australian community.
cyber
awareness
programs

Empower Fund grants to community organisations to deliver Lead agency:

diverse tailored cyber awareness programs to support diverse • Home Affairs
communities to cohorts – such as remote and regional communities,
culturally and linguistically diverse groups, First Nations Contributing
grow their
communities, young people, seniors, people with agency:
cyber
awareness disability and neuro-diverse people. • DSS
(Grants Hub)

6 2023–2030 Australian Cyber Security Strategy Action Plan

 Accountable
Action
agency

3. Disrupt and deter cyber threat actors from attacking Australia

Build our law Amplify current cybercrime disruption activities under Lead agency:
enforcement Operation Aquila to target the highest priority • AFP
and offensive cybercrime threats impacting Australia, both nationally
and internationally. Contributing
capabilities
agencies:
• AGD
• ASD
• Home Affairs

Shape Drive global cooperation to effectively prevent, deter Lead agencies:

international and respond to cybercrime by working with partners to • AGD
legal combat cybercrime. • DFAT
frameworks Actions include supporting global legal frameworks,
and Contributing
making public attributions and imposing sanctions when agencies:
cooperation on we have sufficient evidence and it is appropriate to do so.
cybercrime • ASD
• AFP
• Home Affairs

Build regional capabilities to fight cybercrime in the Lead agencies:

Pacific and Southeast Asia, including through forums • AGD
such as the Pacific Islands Law Officers’ Network and • DFAT
ASEAN Senior Officials Meeting on Transnational Crime.
Contributing
Government will continue to support our region to agencies:
shape the development of international legal
• DITRDCA
frameworks on cybercrime.
• eSafety

4. Work with industry to break the ransomware business model

Enhance our Work with industry to co-design options for a Lead agency:
visibility of the mandatory no fault, no liability ransomware reporting • Home Affairs
ransomware obligation for businesses to report ransomware incidents
and payments. Contributing
threat
agencies:
• AFP
• AGD
• ASD

Provide clear Create a ransomware playbook to provide further Lead agency:

guidance on guidance to businesses on how to prepare for, • Home Affairs
how to respond deal with and bounce back from a ransomware or
cyber extortion attack. Contributing
to ransomware
agencies:
• AFP
• AGD
• ASD
• DFAT
• Treasury

2023–2030 Australian Cyber Security Strategy Action Plan 7

 Accountable
Action
agency
Drive global Leverage Australia’s role in the Counter Ransomware Lead agency:
counter- Initiative to strengthen global resilience to ransomware • Home Affairs
ransomware and enable effective member action in countering
ransomware, including through the International Counter Contributing
operations
Ransomware Task Force (ICRTF). agency:
• DFAT

5. Provide clear cyber guidance for businesses

Clarify Provide industry with additional information on cyber Lead agencies:
expectations governance obligations under current regulation. • Home Affairs
of corporate Government will assist businesses to navigate important • Treasury
cyber obligations and requirements that should be considered
governance Contributing
when developing cyber security frameworks. agencies:
• AGD
• ASIC
• Other
departments
and regulators

Share lessons Co-design with industry options to establish a Cyber Lead agency:
learned from Incident Review Board to conduct no-fault incident • Home Affairs
cyber incidents reviews to improve our cyber security. Lessons learned
from these reviews will be shared with the public to Contributing
strengthen our national cyber resilience and help prevent agencies:
similar incidents from occurring. • AFP
• AGD
• ASD
• Defence
• PM&C
• Other agencies
as appropriate

8 2023–2030 Australian Cyber Security Strategy Action Plan

 Accountable
Action
agency

6. Make it easier for Australian businesses to access advice

and support after a cyber incident
Simplify Consider options to develop a single reporting portal Lead agency:
incident for cyber incidents to make it easier for entities affected • Home Affairs
reporting by a cyber incident to meet their regulatory reporting
obligations. Contributing
agencies:
• ACCC
• ACMA
• AFP
• AGD
• APRA
• ASD
• ASIC
• Defence
• DITRDCA
• DTA
• OAIC
• ONDC
• Treasury
• Other agencies
as required

Promote Consult industry on options to establish a legislated Lead agency:

access to limited use obligation for ASD and the National Cyber • ASD
trusted Security Coordinator to encourage industry engagement • Home Affairs
support after with Government following a cyber incident by providing
an incident clarity and assurance of how information reported to ASD Contributing
and the National Cyber Security Coordinator is used. agencies:
• AFP
• AGD
• APRA
• ASIC
• OAIC
• ONDC
• PM&C
• Other
departments
and regulators

2023–2030 Australian Cyber Security Strategy Action Plan 9

 Accountable
Action
agency
Promote Co-design a code of practice for cyber incident Lead agency:
access to response providers to clearly communicate the service • ASD
trusted quality and professional standards expected, and ensure • Home Affairs
support after they are delivering fit-for-purpose services consistently
an incident across the industry. Contributing
agencies:
continued
• AFP
• AGD
• Defence
• ONDC
• PM&C
• Other agencies
as required

7. Secure our identities and provide better support to

victims of identity theft
Expand the Expand the Digital ID program to reduce the need for Lead agency:
Digital ID people to share sensitive personal information with • Finance
program to government and businesses to access services online.
Contributing
help keep
agencies:
Australians’
identities safe • AGD
• ATO
• Services
Australia
• ACCC

Expand Continue support for victims of identity crime. Lead agency:

support This support will identify and guide individuals on • AGD
services for recovering identity, how to mitigate damage,
victims of review and where necessary advise on how to replace
identity theft identity credentials.
The support will also educate on identifying danger
signs that the compromised identity is continuing to
be misused.

10 2023–2030 Australian Cyber Security Strategy Action Plan

 Shield
2 Safe technology
Accountable
Action
agency

8. Ensure Australians can trust their digital products and software

Adopt Adopt international security standards for consumer Lead agency:
international grade smart devices by working with industry to • Home Affairs
security co-design a mandatory cyber security standard.
Contributing
standards for
agencies:
digital
technologies • ACMA
• AGD
• DISR
• DITRDCA
• Health
• Treasury
• Law
enforcement
agencies

Co-design a voluntary labelling scheme to measure Lead agency:

the cyber security of smart devices, developed • Home Affairs
through consultation with industry and aligned to
international exemplars. Contributing
agencies:
• ACMA
• AGD
• DISR
• DITRDCA
• Treasury

Embed cyber Co-design a voluntary cyber security code of practice Lead agency:
security into for app stores and app developers to clearly • Home Affairs
software communicate expectations of cyber security in software
development and incentivise enhanced cyber security Contributing
development
in consumer apps. agencies:
practices
• ACMA
• AGD
• DISR
• DITRDCA
• Health

2023–2030 Australian Cyber Security Strategy Action Plan 11

 Accountable
Action
agency
Embed cyber Work with Quad partners to harmonise software Lead agency:
security into standards for government procurement and leverage • Home Affairs
software our collective buying power to set strong IT security
standards across global markets. Contributing
development
agencies:
practices
• AGD
continued
• DFAT
• DTA
• PM&C

Manage the Develop a framework for assessing the national security Lead agency:
national risks presented by vendor products and services entering • Home Affairs
security risks of ad operating within the Australian economy.
Contributing
digital
agencies:
technology
• ASD
• ASIO
• Defence
• DFAT
• DISR
• DITRDCA
• Treasury

9. Protect our most valuable datasets

Protect our Conduct a review to identify and develop options to Lead agency
datasets of protect Australia’s most sensitive and critical data sets, • Home Affairs
national with a focus on datasets that are crucial to national
interests yet are not appropriately protected under Contributing
significance
existing regulations. agencies:
• AGD
• ASIO
• Defence
• DISR
• Finance
• Health
• Treasury

Support data Review Commonwealth legislative data retention Lead agency:

governance requirements, including through implementation of the • AGD
and security Government’s response to the Privacy Act Review, reforms • Home Affairs
uplift across to enable use of Digital ID, and the National Strategy for
the economy Identity Resilience. Contributing
agencies:
• Finance
• OAIC
• Treasury

12 2023–2030 Australian Cyber Security Strategy Action Plan

 Accountable
Action
agency
Support data Review the data brokerage ecosystem and explore Lead agency:
governance options to restrict unwanted transfer of data to malicious • Home Affairs
and security actors via data markets, complementing proposed
Privacy Act reforms. Contributing
uplift across
agencies:
the economy
• AGD
continued
• ASIO
• Defence
• DISR
• Treasury

Work with industry to design a voluntary data Lead agency:

classification model to help industry assess and • Home Affairs
communicate the relative value of their data holdings
in a consistent way. Contributing
agencies:
• AGD
• DISR
• Finance
• Treasury

10. Promote the safe use of emerging technology

Support safe Embed cyber security into our work on responsible AI Lead agency:
and to help ensure that AI is developed and used safely • Home Affairs
responsible and responsibly in Australia, our region and across (through the
use of AI global markets. National
Security Node)
• DISR
Contributing
agency:
• ASD

Prepare for a Set standards for post-quantum cryptography by Lead agency:

post-quantum updating guidance within the Information Security • ASD
world Manual. Organisations will also be encouraged to
prepare for the post-quantum future by conducting a Contributing
review of their data holdings, and developing a plan to agencies:
prioritise and protect sensitive and critical data. • CSIRO
• DISR

2023–2030 Australian Cyber Security Strategy Action Plan 13

 Shield World-class threat
3
sharing and blocking
Accountable
Action
agency

11. Create a whole-of-economy threat intelligence network

Share strategic Establish the Executive Cyber Council as a coalition of Lead agency:
threat government and industry leaders to improve sharing of • Home Affairs
intelligence threat information across the whole economy, and drive
public-private collaboration on other priority initiatives Contributing
with industry
under the Strategy. agency:
• ASD

Expand Continue to enhance ASD’s existing threat sharing Lead agency:

tactical and platforms to enable machine-to-machine exchange of • ASD
operational cyber threat intelligence at increased volumes and
speeds. These platforms will enable a framework within Contributing
threat
which industry-to-industry and government-to-industry agencies:
intelligence
sharing cyber threat intelligence can be exchanged. • ACMA
• AGD
• DITRDCA

Launch a threat sharing acceleration fund to provide Lead agency:

seed funding to establish or scale-up Information Sharing • Home Affairs
and Analysis Centres (ISACs) in low maturity sectors.
This program will start with an initial pilot in the health Contributing
sector to enable the sharing of actionable threat agencies:
intelligence and cyber best-practice. • ACMA
• ADHA
• AGD
• ASD
• DITRDCA
• Health

Encourage and incentivise industry to participate in Lead agency:

threat sharing platforms, with a focus on organisations • Home Affairs
that are most capable of collecting and sharing threat
intelligence at scale across the economy. Contributing
agencies:
• ACMA
• AGD
• ASD
• DITRDCA

14 2023–2030 Australian Cyber Security Strategy Action Plan

 Accountable
Action
agency

12. Scale threat blocking capabilities to stop cyber attacks

Develop Work with industry to pilot next-generation threat Lead agency:
next- blocking capabilities across Australian networks • Home Affairs
generation by establishing a National Cyber Intel Partnership with
industry partners and cyber experts from academia Contributing
threat blocking
and civil society. This partnership will pilot an automated, agencies:
capabilities
near-real-time threat blocking capability, building on • AFP
– and integrated with – existing government and • AGD
industry platforms.

Expand the Encourage and incentivise threat blocking across the Lead agency:
reach of threat economy, focusing on the entities that are most capable • Home Affairs
blocking of blocking threats – including telecommunication
providers, ISPs and financial services. Contributing
capabilities
agencies:
• ACMA
• AGD
• ASD
• DITRDCA

2023–2030 Australian Cyber Security Strategy Action Plan 15

 Shield
4 Protected critical infrastructure
Accountable
Action
agency

13. Clarify the scope of critical infrastructure regulation

Ensure we are Align telecommunication providers to the same Lead agency:
protecting the standards as other critical infrastructure entities, • Home Affairs
right entities commensurate with the criticality and risk profile of the
sector by moving security regulation of the Contributing
telecommunications sector from the Telecommunications agencies:
Sector Security Reforms (TSSR) in the • ACMA
Telecommunications Act 1997 to the SOCI Act. • AGD
• DITRDCA

Clarify the regulation of managed service providers Lead agency:

under the SOCI Act and delegated legislation. • Home Affairs
The proposed clarification of obligations through
industry consultation will contribute to a wider security Contributing
uplift within the data storage and processing sector and agency:
provide certainty to affected entities regarding their • DTA
obligations under the Act.

Explore options to incorporate cyber security regulation Lead agency:

as part of expanded ‘all hazards’ requirements for the • Home Affairs
aviation and maritime sectors. Government will consider
the development of a reform agenda to strengthen Contributing
Australia’s aviation, maritime and offshore facility security agencies:
settings, including positive obligations to proactively • ACIC
manage cyber-related risks under existing legislation. • AFP
• AGD
• AMSA
• ASD
• CASA
• DCCEEW
• Defence
• DEWR
• DFAT
• DITRDCA
• PM&C

Ensure we are Protect the critical data held, used and processed by Lead agency:
protecting the critical infrastructure in ‘business-critical’ data storage • Home Affairs
right assets systems. Government, in consultation with industry, will
consider clarifying the application of the SOCI Act to Contributing
ensure critical infrastructure entities are protecting their agencies:
data storage systems where vulnerabilities to those • AGD
systems could impact the availability, integrity, reliability • OAIC
or confidentiality of critical infrastructure.

16 2023–2030 Australian Cyber Security Strategy Action Plan

 Accountable
Action
agency

14. Strengthen cyber security obligations and compliance

for critical infrastructure
Enhance cyber Activate enhanced cyber security obligations for Lead agency:
security Systems of National Significance - including • Home Affairs
obligations for requirements to develop cyber incident response plans,
undertake cyber security exercises, conduct vulnerability Contributing
Systems of
assessments, and provide system information to develop agencies:
National
Significance and maintain a near real-time threat picture. • Commonwealth
agencies and
regulators, and
state and
territory
agencies and
regulators, as
appropriate

Ensure critical Finalise a compliance monitoring and evaluation Lead agency:

infrastructure framework for critical infrastructure entities. • Home Affairs
is compliant This framework will have an initial focus on tracking
obligations designated sectors to develop, maintain and Contributing
with cyber
comply with a critical infrastructure risk management agencies:
security
obligations program. This will include consultation with industry on • Commonwealth,
options for enhanced review and remedy powers to state and
address deficient risk management plans. territory
agencies and
regulators, as
appropriate

Help critical Expand crisis response arrangements to ensure they Lead agency:
infrastructure capture secondary consequences from significant • Home Affairs
manage the incidents. Government will consult with industry on
introducing an all-hazards consequence management Contributing
consequences
power that will allow it to direct an entity to take specific agencies:
of cyber
incidents actions to manage the consequences of a nationally • ASD
significant incident. This is a last-resort power, used where • Commonwealth
no other powers are available and where it does not agencies and
interfere with or impede a law enforcement action or regulators, and
regulatory action. state and
territory
agencies and
regulators, as
appropriate

2023–2030 Australian Cyber Security Strategy Action Plan 17

 Accountable
Action
agency

15. Uplift cyber security of the Commonwealth Government

Strengthen the Enable the National Cyber Security Coordinator to Lead agency:
cyber maturity oversee the implementation and reporting of cyber • Home Affairs
of government security uplift across the whole government. The
Coordinator will oversee implementation of the Contributing
departments
Commonwealth Cyber Security Uplift Plan, assisted by a agencies:
and agencies
central cyber program, policy and assurance function • ASD
within Home Affairs. • DTA

Develop a whole-of-government zero trust culture Lead agency:

to protect government data and digital estate. • Home Affairs
Government will implement defined controls across our
networks that draw from internationally-recognised Contributing
approaches to zero trust. This builds on the best-practice agencies:
principles established within ASD’s Essential Eight • ASD
strategies to mitigate cyber security incidents. • DTA
• Whole of
government

Conduct regular reviews of the cyber maturity of Lead agency:

Commonwealth entities as part of the Investment • Home Affairs
Oversight Framework, administered by the Digital
Transformation Agency. Home Affairs and ASD will provide Contributing
cyber expertise and advice to support the evaluation of agencies:
the cyber maturity of Commonwealth entities. • ASD
• DTA

Identify and Designate ‘Systems of Government Significance’ that Lead agency:

protect critical need to be protected with a higher level of cyber security • Home Affairs
systems across by identifying and mapping the Australian Government’s
most important digital infrastructure. This will include an Contributing
government
evaluation of the centrality of systems to digital agencies:
government functions or services, the scale of their • ASD
interdependencies, and potential for cascading and • Defence
significant consequences to Australia’s national interests, • DTA
economic prosperity and social cohesion if disrupted.

Uplift the cyber Developing the cyber skills of the APS, harnessing the Lead agency:
skills of the Digital Profession and APS Academy to provide a • APSC
Australian whole-of-government approach to addressing cyber
skills shortages in the APS, as well as through the Contributing
Public Service
establishment of the Defence Cyber College. agencies:
(APS)
• ASD
• Defence
• Home Affairs

18 2023–2030 Australian Cyber Security Strategy Action Plan

 Accountable
Action
agency

16. Pressure-test our critical infrastructure to identify vulnerabilities

Conduct Expand our National Cyber Exercise Program to Lead agency:
national cyber proactively evaluate consequence management • Home Affairs
security capabilities, identify gaps in coordination and test the
effectiveness of incident response plans. Led by the Contributing
exercises
Cyber Coordinator, these exercises will include agencies:
across the
economy participation from states and territories, as well as • AGD
industry leaders, and will incorporate simulation of • Defence
systemic cyber incidents. • NEMA

Build Develop incident response playbooks to help coordinate Lead agency:

playbooks for national incident response across Commonwealth, state, • Home Affairs
incident territory and industry stakeholders. Developed by the
Cyber Coordinator, these playbooks will be informed by Contributing
response
the insights gathered from national exercises. agencies:
• AGD
• Defence
• NEMA

2023–2030 Australian Cyber Security Strategy Action Plan 19

 Shield
5 Sovereign capabilities
Accountable
Action
agency

17. Grow and professionalise our national cyber workforce

Grow and Attract global cyber talent through reforms to the Lead agency:
expand migration system as part of the government’s Migration • Home Affairs
Australia’s Strategy. Government will enhance both international
cyber skills and domestic outreach efforts to increase Australia’s
pipeline competitiveness and attract highly skilled migrants to
expand the cyber security workforce.

Improve the Provide guidance to employers to target and retain Lead agency:
diversity of the diverse cyber talent, with a focus on barriers and biases • Home Affairs
cyber that dissuade under-represented cohorts – specifically
women and First Nations people – from entering and Contributing
workforce
staying in the workforce. Government, through BETA, agencies:
has conducted an analysis on attracting a diverse cyber • DISR
security workforce. Building on this, Government will • PM&C
publish guidance for recruiters to attract a wider diversity • (building on
of applicants, supporting workforce growth and previous BETA
participation. work)

Professionalise Build a framework for the professionalisation of the cyber Lead agency:
the domestic workforce to provide employers and businesses with the • Home Affairs
cyber assurance that the cyber workforce is appropriately
skilled, and workers that their qualifications and relevant Contributing
workforce
experience are recognised and fit-for-purpose. agencies:
• DEWR
• DISR

18. Accelerate our local cyber industry, research and innovation

Invest in Provide cyber start-ups and small-to-medium Lead agency:
domestic cyber enterprises with funding to develop innovative solutions • Home Affairs
industry to cyber security challenges through the Cyber Security
Industry Challenge program, leveraging DISR’s Business Contributing
growth
Research and Innovation Initiative. The program will allow agency:
agencies to articulate cyber security challenges, to which • DISR
start-ups can propose solutions. Successful entities will
receive grants to develop their solution, providing both
funding and credibility to start-ups while increasing
agencies’ sourcing of new-to-market solutions.

20 2023–2030 Australian Cyber Security Strategy Action Plan

 Shield Resilient region and
6
global leadership
Accountable
Action
agency

19. Support a cyber-resilient region as the partner of choice

Strengthen Refocus Australia’s cyber cooperation efforts under the Lead agency:
collective Cyber and Critical Technology Cooperation Program to • DFAT
cyber support enduring cyber resilience and technology
security and better position regional governments to Contributing
resilience with
prevent cyber incidents. Through the Program’s redesign, agencies:
neighbours in
the Pacific and a new strategy for gender equality, disability and social • AFP
Southeast Asia inclusion will be developed. • AGD
• ASD
• Defence
• DISR
• DITRDCA
• eSafety
• Home Affairs

Build a regional cyber crisis response team, drawing Lead agency:

on specialist industry and government expertise. • DFAT
Government will develop a framework to identify when
and how to deploy our limited resources across the region. Contributing
agencies:
• A range of
agencies,
including ASD

Harness Pilot options to use technology to protect the region at Lead agency:
private sector scale by partnering with our regional neighbours and the • DFAT
innovation and private sector to leverage industry solutions to protect
more people, systems and data from cyber threats. This Contributing
expertise in the
includes proactively identifying vulnerabilities – such as agency:
region
end-of-life hardware and software – and providing • ASD
scalable solutions that are fit-for-purpose, including
security features that mitigate avoidable cyber incidents.

2023–2030 Australian Cyber Security Strategy Action Plan 21

 Accountable
Action
agency

20. Shape, uphold and defend international cyber rules,

norms and standards
Support Collaborate with partners in international standards Lead agency:
international development forums to shape and defend the • DISR
standards for development of transparent international standards. The
Government will continue to leverage existing programs, Contributing
transparent
such as DISR’s Tech Standards Knowledge Program, to agencies:
and secure
development bolster the capability of industry technical experts • Whole of
engaged in this work. government
of technology

Advocate for Advocate for digital trade rules that advance our Lead agency:
high-quality economic interests, complement international cyber • DFAT
digital trade security settings, reinforce the rules-based trading
system, reduce the risk of rule fragmentation, and Contributing
rules
address trade restrictive, coercive or distortive agencies:
behaviours. This includes advocating for rules that • Whole of
address personal information protection, encourage government
digital cooperation, and promote cybersecurity as part
of the responsible design, development, deployment,
and use of AI.

Defend an Continue to defend an open, free, secure and Lead agency:

open, free, interoperable internet in international forums by • DITRDCA
secure and working with international partners, industry, academia,
the technical community, civil society and other relevant Contributing
interoperable
stakeholders. Government will advocate for continuing, agencies:
internet in
international consensus-based improvements to existing mechanisms • Whole of
of multi-stakeholder internet governance. government
forums

Uphold Continue to uphold and improve the framework of Lead agencies:

international responsible state behaviour in cyberspace, including • DFAT
law and norms how international law applies and best practice
implementation of norms. Government will support the Contributing
of responsible
establishment of a permanent UN Programme of Action agencies:
state
behaviour in to advance peace and security in cyberspace. • AGD
cyberspace • Defence

Deploy all arms Increase costs for malicious cyber actors by working with Lead agency:
of statecraft to international partners to deter and respond to malicious • DFAT
deter and cyber activity. This includes publicly attributing and • Home Affairs
respond to imposing sanctions on those who carry out or facilitate
malicious significant cyber incidents – when we have sufficient Contributing
actors evidence and it is in our interests to do so. A review of agencies:
our attribution framework will ensure it continues to be • AFP
fit for purpose. • AGD
• ASD

22 2023–2030 Australian Cyber Security Strategy Action Plan

Appendix A:
Lead and contributing
agency abbreviations

ACCC Australian Competition and Consumer Commission

ACIC Australian Criminal Intelligence Commission

ACMA Australian Communications and Media Authority

ADHA Australian Digital Health Agency

AFP Australian Federal Police

AGD Attorney-General’s Department

AMSA Australian Maritime Safety Authority

APRA Australian Prudential Regulation Authority

APSC Australian Public Service Commission

ASD Australian Signals Directorate

ASIO Australian Security Intelligence Organisation

ASIC Australian Securities and Investments Commission

ASX Australian Securities Exchange

BETA Behavioural Economics Team of the Australian Government

(within PM&C)

CASA Civil Aviation Safety Authority

2023–2030 Australian Cyber Security Strategy Action Plan 23

 CSIRO Commonwealth Scientific and Industrial Research Organisation

DCCEEW Department of Climate Change, Energy, the Environment and Water

Defence Department of Defence

DEWR Department of Employment and Workplace Relations

DFAT Department of Foreign Affairs and Trade

DISR Department of Industry, Science and Resources

DITRDCA Department of Infrastructure, Transport, Regional Development,

Communications and the Arts

DSS Department of Social Services

DTA Digital Transformation Agency

eSafety eSafety Commissioner

Finance Department of Finance

Health Department of Health and Aged Care

Home Affairs Department of Home Affairs

NEMA National Emergency Management Agency

OAIC Office of the Australian Information Commissioner

ONDC Office of the National Data Commissioner

PM&C Department of the Prime Minister and Cabinet

Treasury Department of the Treasury

24 2023–2030 Australian Cyber Security Strategy Action Plan