The challenge
Addressing problems that otherwise pose significant risks to Australia
Global connectivity poses a major challenge to the protection of privacy and trust, with costly disruptive potential, with US$170 billion1 spent globally to minimise cybersecurity risks.
At its most severe, cybersecurity incidents cost are estimated to cost the Australian economy up to $1 billion per year.2 Australian sectors most reliant on cyber connectivity generate annual gross revenue of more than $500 trillion, and account for nearly 670 000 Australian jobs. For these sectors, the loss in GDP from one week of cyber downtime due to cyber invasion is estimated at $5.6 trillion, with a loss of 32 000 jobs.
Levels of risk and cost need to be addressed, as businesses and governments rely on accurate and thorough data to protect their information and digital assets. This is complex, with cyber risk assessment challenged by fast-evolving threats and data limitations, which are difficult to address when organisations are unwilling to share relevant information, and/or are unaware of their vulnerabilities to data loss and privacy-invasive actions.
Our response
Solution: build resilience, shared awareness, and human capacity
Since 2016, CSIRO’s Data61 has been undertaking a range of initiatives to boost research, commercialisation and connectivity outcomes across Australia’s cyber industry, and drive the development of new cybersecurity architectures. The cybersecurity program now includes over 47 activities across focused cyber themes, including:
- boosting cyber security research and collaboration
- cyber ecosystem activities
- commercialisation of cyber solutions
- improving Cyber Security Skills, and
- deepening connections with international partners.
Over 60 cybersecurity researchers and engineers have been funded to support projects to improve cyber research and technology commercialisation over the past three years. Between FY2018 and FY2020, $33.8 million in funding has been invested by CSIRO in its three major cyber security groups within the Software and computational Systems (SCS) research program. These groups have delivered new platform technologies and associated products that are actively being trialled and adopted by researchers, industry, and all levels of government, in Australia and internationally.
Key outputs of the team include:
- novel science and technological solutions
- new partnerships and collaborations
- risk assessments for government to improve preparedness and response to cyber attack
- leadership and guidance forums and materials for cyber initiatives
- new training and development opportunities, and
- elevated CSIRO and Australia’s international reputation.
The results
Increased cybersecurity capacity and demand from government and industry
Data61 Cybersecurity has enhanced CSIROs contribution to Australia’s cybersecurity innovation and protection, leveraged additional government and industry investment, and brought stakeholders together to achieve more through collaboration and dispersion of cybersecurity capacity building than would have been achieved otherwise.
This includes leveraging substantial investment into Australia’s cybersecurity preparedness, with numerous contracts with clients to provide commissioned work to address industrial and agency needs. Over 2018-2020, contracted revenue for the three cyber groups has amounted to 27.9 million in nominal terms. With additional cybersecurity-related funding for Data61 from the National Innovation and Science Agenda (NISA) of $19.8 million over three years allocated to the three cyber groups, this results in all cyber groups covering their labour and overhead costs, and generating additional research capacity for CSIRO. Across the three cyber groups, a cost recovery rate of 178 per cent is achieved, ranging from 115 per cent for Trustworthy Systems to 235 per cent for Distributed Systems Security.
The public dissemination of publications from the research team have been embraced globally, generating an estimated $844 000 annually as works are cited by the cybersecurity research community.