Telstra CEO to lead industry panel for government’s cyber strategy

NBN Co, Tesla, Vocus and Northrop Grumman also represented on panel to help guide new national cyber security strategy

Andrew Penn Telstra

Telstra’s chief executive, Andy Penn, will chair a new industry panel chosen to advise the government on the development of a refreshed cyber security strategy.

Penn will be joined on the industry advisory panel by Vocus Group chair Robert Mansfield; Tesla chair and former Telstra COO Robyn Denholm; Chris Deeble, chief executive of Northrop Grumman Australia; and the chief security officer at NBN Co, Darren Kane.

“The panel has a depth of practical experience protecting families, businesses and governments from constantly evolving cyber threats and will ensure I am provided high calibre advice on the 2020 Cyber Security Strategy,” said Home Affairs minister Peter Dutton.

“Telstra has a long history of working alongside the Australian government on both operational security and cyber policy issues,” Penn said in a statement.

“Given our place in Australia's telecommunications past, present and future, we recognise that our role does not stop at our own networks; we know we have an important role to play in supporting our nation to be cyber resilient.”

In a tweet, AustCyber CEO Michelle Price said her organisation looked forward to working with the industry advisory panel though lamented the “missed opportunity” to include representatives from some of the nation’s “fastest growing, most innovative” cyber security businesses.

The panel has already had its first meeting, the government said, assessing the outcomes of the initial consultation on the new strategy. More than 200 submissions were lodged in response to a discussion paper released by Canberra in September.

Telstra is among the organisations that have participated in the process, with the telco’s submission (PDF) published on the Home Affairs website.

Among the company’s recommendations are that the private sector and government work together to address network-level threats through initiatives such as Mutually Agreed Norms for Routing Security (MANRS), as well as by forming “joint threat intelligence cells” that co-locate security practitioners in within the Joint Cyber Security Centres or the Australian Cyber Security Centre.

Elsewhere in its submission the telco noted that the discussion paper released by the Department of Home Affairs raised the possibility of the government taking direct action to respond to cyber threats against Australian enterprises.

“Under existing legislative frameworks, government can only take direct action to prevent or respond to cyber security incidents with the permission of network owners (including other government agencies),” the paper noted.

“This takes time and gives malicious actors an advantage. In national emergency situations, it may be appropriate for government agencies to take swifter action.”

“We value and appreciate the deep technical expertise of government and understand that there are scenarios where it may be appropriate, and beneficial to industry, for government agencies to take swifter action,” Telstra said.

“In the context of the potential for a significant national cyber crisis response situation, government and industry should look to establish agreement between technical and leadership teams as to at what point an incident would reach a national security threshold, and the subsequent actions that could be taken, using existing legislative frameworks and Memoranda of Understanding. These models should be robust and regularly tested.”


Copyright © 2019 IDG Communications, Inc.

How to supercharge Slack with ‘action’ apps
Shop Tech Products at Amazon