全球智库信息集成服务系统

Government Solutions to Improve Cyber Security and Protect Consumers Must Consider Interconnected Factors

• Participants saw a need for improved reporting processes that protect businesses from financial consequences while also protecting consumers whose data have been compromised.
• Participants questioned how the Australian government could hold device manufacturers accountable for cyber security breaches without stifling innovation. Many of the technologies sold in Australia are manufactured abroad, highlighting a need for international partnerships to strengthen cyber security.
• Participants questioned whether the standard required to assign attribution for cyber attacks in an Australian court of law should be the same as that used to assign attribution for state-sponsored attacks.

Security Is Not Designed into Products, Indicating a Role for Government to Develop Cyber Security Standards

• Consumers are insufficiently informed about security, and manufacturers, importers, and retailers are not incentivised to build and sell secure devices. A security logo visible on product packaging could inform users' purchasing decisions, leading to financial incentives for sellers.
• Participants felt that users should be able to opt out of digital connectedness and data sharing, though many devices today do not offer these options. Further, this connectedness sometimes provides no obvious value to the user.

Today's cyber environment presents unlimited opportunities for innovation, interaction, commerce, and creativity, but these benefits also bring serious security challenges. Satisfactory solutions will require building partnerships among public and private organizations, establishing mechanisms and incentives to foster routine information sharing and collective defense, and educating users about their role in thwarting increasingly sophisticated attacks. RAND developed and conducted a cyber security exercise in Canberra, Australia, that aimed to capture the widest possible range of stakeholder perspectives. Participants represented government, the private sector, think tanks and academic institutions, industry associations, and the media. The goal was to explore the challenges Australia faces in securing cyberspace by placing pressure on government authorities, industry capabilities, users' tolerance for malicious cyber activity, and the ability to develop interdisciplinary solutions to pressing cyber security challenges. The exercise was structured around two plausible cyber security scenarios set in the near future, and this was the third in a series of cyber security exercises developed by RAND. The two prior exercises were conducted in the United States — in Washington, D.C., and at the University of California, Berkeley, near Silicon Valley. Like these prior events, the Australian exercise provided a rich set of observations and options to strengthen cyber security and enforcement while protecting the benefits afforded by a free and open Internet.

• Skip to page content

Objective Analysis. Effective Solutions.