Tap to review cyber incidents like plane crashes

The recently created American cyber cyber The security committee wants other countries to use its new way of reviewing incidents and partner with global solutions for the rapidly changing cyber environment.

Following an executive order from US President Joe Biden, the Cyber ​​Safety Review Board (CSRB) was created in February. One of its CSRB members this week backed Australia’s maturity and holistic approach to cyber policy.

The public-private initiative aims to improve cybersecurity in the United States by forensically analyzing significant cyberattacks, starting with the Log4j vulnerability discovered last year and compromising millions of devices.

The concept of the CSRB comes from a US Transportation Safety Board, established in the 1960s to examine transportation incidents, including their cause and ways to mitigate risk.

The transportation commission still exists and has made thousands of safety recommendations based on their investigations, most of them have been adopted. These include things like smart airbags, fire safety and sea rescue devices, and smoke detectors in aircraft lavatories.

Sydney Airport Photo credit: Eigenblau / Shutterstock.com

Christopher Novak, a member of the CSRB and head of cybersecurity at Verizon, said the transportation board is one of the reasons cars, planes and trains have never been safer in the United States, and applying the same approach to cyber incidents will help identify systemic issues and lead to better policies.

“[We are trying to] digging into that, figuring out how we can then influence things like public policy or the development of regulations or even just industry best practices and recommendations. That’s really the job of the cybersecurity review board. I am hopeful that other countries will start to follow this and follow a similar example.

Novak told InnovationAus.com the approach could be taken elsewhere, with Australia a strong contender due to its “holistic” approach to cybersecurity and its existing relationship with the United States.

Cybersecurity is a key part of the Australia-US agreements and groups like AUKUS, the Quad and the Five Eyes alliance, all initiatives, according to Mr Novak, pay dividends by reducing the impact of cyberattacks.

“[The alliances] are probably one of the most valuable things agencies can do. Because there are so many things we see. When we look at things from our spine, we rarely see something only once. It’s almost always done hundreds or thousands of times or more.

“That means if we can learn from one, we can potentially mitigate many of the others, and then obviously share that information with those we have a relationship with.”

Mr Novak also endorsed Australia’s overall cyber maturity level and national policy approach, including the recent $10 billion REDSPICE initiative, despite the federal government’s own struggles with cybersecurity. and what critics say is a lack of accountability and co-design of policies.

The US cybersecurity expert said Australia still had areas for improvement, but was taking a canny approach to cybersecurity by equipping its spy agencies and acting to protect critical infrastructure, and was not stopping at data protection and privacy.

“You have to look at this beyond the data because … now we have all this technology operational: we have energy grids, we have self-driving vehicles, we have all kinds of other things that have impacts beyond of it hurts my wallet,” says Novak.

“So I think that view is something that governments around the world need to mature and look at more holistically than they perhaps have. [in the past]. I think Australia has at least started to take a good look at this.

Do you know more? Contact James Riley by email.