Exploring Cyber Security Policy Options in Australia

Cyber game report front cover
Author name: 
Igor Mikolic-Torreira, Don Snyder, Michelle Price, David Shlapak, Sina Beaghley, Megan Bishop, Sarah Harting, Jenny Oberholtzer, Stacie Pettyjohn, Cortney Weinbaum, and Emma Westerman
RAND Corporaton and ANU National Security College

Key findings

  • An interdisciplinary exercise generated three overarching policy recommendations to improve cyber security in Australia: Create and enforce technology security standards, craft international agreements to address cyber security challenges, and improve risk awareness to keep users safe online.

  • There was broad consensus that the policy domain will continue to struggle to keep pace with technological change. Therefore, ideas and solutions deemed most desirable allowed innovation to flourish while setting standards for security and creating mechanisms for responding to attacks.

  • Debate among exercise participants indicated an underlying tension between risk-based approaches and compliance-based interventions to improve cyber security.

  • The solutions identified are not immediately executable. Future exercises could consider their secondary and tertiary effects, and this type of analysis is essential before solutions can be implemented.

  • Future exercises could consider how policy development, including the Australian Government’s next Cyber Security Strategy, should challenge assumptions about government roles, responsibilities, and authorities and incentivise a broader range of government and non-governmental stakeholders to participate in building and implementing cyber security solutions.

Australian Government logo
‘The National Security College is a joint initiative of the Commonwealth Government and The Australian National University’

Updated:  21 June 2017/Responsible Officer:  Head of College, National Security College/Page Contact:  Web administrator