Author: Vanessa May

Quick Overview: Essential Insights

• 🚗 Tesla obtains a 2-year exemption for testing FSD (Supervised) in Norway, enhancing its presence in Europe.
• 🌍 FSD (Supervised) is now operational in six areas: US, Canada, Mexico, Puerto Rico, China, and Norway.
• 🇺🇸 The US unveils a nationwide regulatory framework for Autonomous Vehicles, easing Tesla’s path to launching FSD (Unsupervised).
• 🇦🇺 Australia may fall behind without advancements in autonomous vehicle regulatory standards.
• 📊 UNECE’s delay highlights global inconsistencies in the adoption of self-driving technologies.

FSD (Supervised) Expands in Europe Through Norway Exemption

Norway Gives Tesla Regulatory Approval

Tesla has achieved a significant milestone in Europe by gaining a two-year exemption from Norway’s Road Authority (Statens vegvesen) to utilize Full Self-Driving (FSD) (Supervised) on public roads. This approval came through an exemption under UN Regulation 79 according to Section 17-2 of Norway’s Motor Vehicle Regulation.

The authorization allows Tesla to operate FSD Version 13 in real-world scenarios with trained Tesla employees as operators. Although the regulation does not outline specific training requirements, it emphasizes Tesla’s capacity to pilot advanced autonomous technologies in one of Europe’s leading EV markets.

FSD (Supervised) Global Expansion

With this approval, Norway joins the list as the sixth region globally where Tesla’s FSD (Supervised) is actively evaluated and implemented:

• 🇺🇸 United States (since October 2020)
• 🇨🇦 Canada (since September 2022)
• 🇲🇽 Mexico (anticipated February 2025)
• 🇵🇷 Puerto Rico (anticipated February 2025)
• 🇨🇳 China (anticipated February 2025)
• 🇳🇴 Norway (approved April 2025)

Tesla’s growth in Europe indicates a change in government approaches toward AI-focused transportation systems. Instead of relying on the slower UNECE (United Nations Economic Commission for Europe) process, some nations are taking the initiative to speed up innovation.

Consequences for Australia

This situation presents both a chance and a warning for Australia. The Department of Infrastructure, Transport, Regional Development and Communications, alongside the National Transport Commission (NTC), has been aligning national standards with UNECE protocols since 2022.

However, with no meetings of Infrastructure and Transport Ministers since June 2024 and the NTC’s activities on hold during the federal election caretaker phase, concerns are rising that Australia may fall behind in the global race for autonomous vehicles.

Lacking clear regulatory pathways or exemptions, Tesla might be reluctant to pilot or release a right-hand drive FSD version in Australia—potentially postponing local acceptance by several years.

Nation-wide AV Regulation in the US: A Transformative Move

Federal Framework Streamlines Conflicting Policies

In a related breakthrough, the United States has announced its intention to create a nation-wide regulatory framework for autonomous vehicles, replacing what had been a disjointed, state-by-state approval system.

This federal initiative is crucial for Tesla’s plans to introduce FSD (Unsupervised)—an entirely autonomous, driverless system—starting in Austin, Texas, and subsequently in San Francisco later this year.

Competition Between the US and China

U.S. Transportation Secretary Sean Duffy remarked that this regulation is part of a broader struggle for technological leadership between the U.S. and China. As both countries escalate their efforts in autonomous vehicle development, regulatory flexibility could be a key factor in determining who leads the future of transportation.

Ashok Elluswamy, Tesla’s Head of Autopilot and AI, expressed excitement regarding the announcement, emphasizing how the consolidated framework facilitates deployment and compliance.

Conclusion

Tesla’s recent achievements in Norway and the US signify pivotal moments for the evolution of autonomous vehicles. The approval to operate FSD (Supervised) in Norway not only boosts Tesla’s European operations but also pressures regulators worldwide—including Australia—to adapt swiftly to new technologies.

Simultaneously, the US’s transition to a national regulatory framework for self-driving cars removes a significant obstacle for Tesla’s FSD (Unsupervised) goals. As the global competition in autonomy sharpens, countries that do not keep pace with regulatory advancements may miss out on economic and transport developments.

Q: What distinguishes FSD (Supervised) from FSD (Unsupervised)?

A:

FSD (Supervised) necessitates a trained Tesla employee or driver to stay alert and ready to assume control at any moment. On the other hand, FSD (Unsupervised), which Tesla aims to launch in the US, functions without any human intervention, representing a step toward Level 4 autonomy.

Q: What is the significance of the Norway exemption for Tesla?

A:

It signifies Tesla’s inaugural regulatory approval for FSD (Supervised) in Europe, allowing for real-world validation and testing. This also indicates that certain European regulators are circumventing UNECE delays to promote innovation more rapidly.

Q: What implications does the US nationwide regulation hold for Tesla and other AV developers?

A:

It replaces disparate state-level regulations with a cohesive federal framework, greatly simplifying the deployment of autonomous vehicles across all states. This initiative is projected to hasten investment and implementation.

Q: Is a rapid launch of FSD in Australia possible for Tesla?

A:

Technically, yes, but regulatory ambiguity presents a significant hurdle. Without a clear exemption or synchronized national standards, Tesla might face delays in rolling out FSD in Australia, especially for right-hand drive vehicles.

Q: What is UNECE and why is its approval process protracted?

A:

The UNECE establishes vehicle safety regulations for Europe and connected regions. Its approval procedure entails extensive documentation, testing, and multi-national agreement, which often takes years to finalize, constraining swift deployment.

Q: How does this affect the global competition in autonomous vehicles?

A:

Countries such as the US and China are quickly positioning themselves to lead in AV technology. Regulatory responsiveness, as evidenced by Norway and the US, can provide nations a significant advantage in this fast-evolving arena.

Q: What steps can Australia take to catch up in the AV field?

A:

Australia could initiate a temporary exemption framework, expedite NTC work following the election, and collaborate with industry leaders like Tesla to jointly develop right-hand drive FSD versions under regulated conditions.

Quick Overview: Essential Insights for 2025

• Cloud security continues to be a primary focus as businesses in Australia amplify their digital transformation initiatives.
• Identity and Access Management (IAM) is increasingly recognized as the first line of defence against credential-related breaches.
• The adoption of Extended Detection and Response (XDR) expands as companies pursue comprehensive threat visibility.
• Endpoint security is vital in hybrid work scenarios, with a rise in attacks aimed at remote employees.
• Data protection methodologies are evolving to adapt to regulatory updates and the shifting threat environment.
• Security executives advocate for enhanced collaboration between public and private sectors to combat advanced cyber threats.

The Cybersecurity Landscape in Australia for 2025: Adapting to Rising Threats

In 2025, Australia’s cybersecurity domain is experiencing a significant evolution driven by escalating cybercrime, intricate IT systems, and new digital hazards. An increasing assortment of Australian organizations—ranging from utility companies to educational institutions and health services—are recognizing cyber resilience as an issue of vital importance at the board level.

The most recent findings from TechBest’s yearly security analysis capture the collective perspectives of top security executives, including CISOs from SA Power Networks, University of Queensland, HammondCare, Melbourne Airport, and others, creating a detailed overview of the present cybersecurity landscape across multiple industries.

Cloud Security: Navigating Complexity in Multi-Cloud Ecosystems

Cloud Adoption Accelerates

Australian businesses are actively advancing their migration to cloud infrastructures, making multi-cloud and hybrid settings commonplace. This transition, however, brings about new vulnerabilities, such as misconfigurations, shadow IT, and data leakage.

Craig Lawson from Gartner observes that cloud security posture management (CSPM) tools are increasingly utilized to enhance visibility and uphold best practices for configurations. Organizations are allocating resources toward automated tools capable of identifying and rectifying misconfigurations in real time.

Identity & Access Management: Countering Credential Breaches

Zero Trust Approaches Gain Momentum

With credential theft accounting for a significant share of security breaches, the importance of Identity and Access Management (IAM) has never been greater. Australian security officials are pushing towards the adoption of Zero Trust architectures where ongoing verification and contextual access protocols are standard practices.

Multi-factor authentication (MFA), privileged access management (PAM), and behavioral analytics form the foundation of this strategy. Nathan Lewis from NGM Group underscores the necessity for more intelligent IAM protocols that adapt according to user behavior and device risk profiles.

Network & Infrastructure Security: Strengthened Perimeters in a Boundary-less Environment

Securing the Expanding Edge

As telecommuting and IoT adoption rise, the conventional perimeter has vanished. Organizations are resorting to software-defined perimeters (SDP) and secure access service edge (SASE) frameworks to safeguard their networks.

Derek Winter of UNSW stresses the importance of network segmentation, micro-segmentation, and heightened visibility across network traffic to prevent lateral movements from attackers.

Endpoint Security: Protecting the Distributed Workforce

Focusing on the Human Element

Endpoints continue to be a preferred target for attacks, particularly in hybrid work situations. Phishing, ransomware, and malware campaigns are increasingly directed at remote workers.

Advanced endpoint detection and response (EDR) solutions are being implemented to provide real-time threat detection and automated responses. David Stockdale from the University of Queensland highlights that user education and awareness are equally important as technical defenses.

XDR: Streamlining Threat Detection and Response

The Emergence of Unified Security Platforms

Extended Detection and Response (XDR) is on the rise due to its capacity to consolidate threat data from endpoints, networks, servers, and cloud environments. This comprehensive perspective facilitates quicker and more precise threat identification and reaction.

According to Forrester’s Andras Cser, XDR platforms assist in alleviating alert fatigue and refine incident response operations—a significant advantage for resource-strapped security teams.

Data Security: Transitioning from Compliance to Confidentiality

Data Governance Undergoes Revamping

The escalation of data breaches and stringent data privacy legislation (including reforms to the Privacy Act) are compelling organizations to reassess their data protection approaches. Encryption, tokenization, and data loss prevention (DLP) have become indispensable rather than optional.

Philippa Watson, previously of UBank, emphasizes the necessity for all-encompassing data governance frameworks that encompass people, processes, and technology to ensure sensitive information is managed responsibly and securely.

Leadership Insight: Collaboration is Crucial

Public-Private Partnerships Essential for National Cybersecurity Defense

CISOs in Australia are urging for more profound collaboration among government entities, regulators, and the private sector to address increasingly advanced threats. Initiatives like the Australian Cyber Security Strategy 2023–2030 are laying the foundation, but effective execution is key.

Cheuk Wong from Melbourne Airport underscores the significance of intelligence sharing and coordinated response measures to withstand challenges posed by nation-state actors and organized crime.

Conclusion

In 2025, the cybersecurity landscape in Australia is characterized by rapid digital evolution, complex threats, and an urgent need for resilience. Organizations must leverage emerging technologies such as XDR and Zero Trust while addressing human factors through comprehensive training and policies. With collaborative efforts across sectors and strong leadership, Australia can adeptly navigate the changing cyber threat environment.

Q: What is the most pressing cybersecurity threat facing Australian organizations in 2025?

A: Credential-based attacks and ransomware will continue to pose significant threats, exacerbated by cloud misconfigurations and phishing attacks targeting remote workers.

Q: How are organizations improving their cloud security stance?

A: Organizations are adopting Cloud Security Posture Management (CSPM) tools, Zero Trust frameworks, and automation to identify and resolve vulnerabilities in real time.

Q: What is XDR, and why is it becoming more prominent?

A: Extended Detection and Response (XDR) merges data from various sources—endpoints, cloud, network—to deliver unified visibility and quicker, more intelligent threat detection.

Q: Why is Identity & Access Management increasingly vital now?

A: With a growing number of access points and remote users, securing identities has become the initial line of defence. IAM solutions offer necessary checks, including MFA and behavioral analytics.

Q: What is the importance of data governance in cybersecurity?

A: Robust data governance ensures that sensitive information is appropriately managed, stored, and transmitted, as well as aiding in meeting compliance obligations under evolving data privacy laws.

Q: Are Australian organizations equipped to handle nation-state cyberattacks?

A: While awareness is increasing, many organizations still lack the necessary resources or frameworks for intelligence sharing needed to effectively counter such sophisticated threats.

Q: What does the future hold for endpoint protection in remote work settings?

A: EDR solutions, along with user training and policy enforcement, will be crucial for safeguarding distributed endpoints in the hybrid work environment.

Q: How can government and private sectors enhance their collaboration?

A: By engaging in initiatives such as real-time threat intelligence sharing, incident response simulations, and cooperative public-private cybersecurity strategies, collaboration can be significantly enhanced.

ASIC Enhances Cybersecurity Framework with CISO Appointment

The Australian Securities and Investments Commission (ASIC) has appointed Jamie Norton to the position of Chief Information Security Officer (CISO) as part of its commitment to strengthening its digital and cybersecurity infrastructure. This transition comes after a strategic evaluation that led to the reclassification of the CISO role as a senior executive leader position, highlighting the critical nature of cybersecurity in the realm of financial regulation and public governance.

Jamie Norton, ASIC

Jamie Norton Brings Extensive Cybersecurity Knowledge

Norton’s induction signifies a crucial turning point for ASIC. He arrives with extensive expertise, having recently worked as a partner at McGrathNicol, a firm specializing in advisory and restructuring. Prior to this, he served as the CISO at the Australian Taxation Office (ATO) from 2018 to 2021, where he played a key role in establishing advanced cybersecurity measures and overseeing substantial digital infrastructure.

Furthermore, Norton has occupied high-ranking positions at NEC Australia and global cybersecurity firm Check Point, providing him with a comprehensive perspective on the cybersecurity challenges faced by both the government and private sectors.

Reclassification Highlights ASIC’s Cybersecurity Goals

The reclassification of the CISO role to a senior executive level emphasizes ASIC’s acknowledgment of cybersecurity as a vital function. During the recruitment process, ASIC stated that this adjustment “illustrates the significance ASIC assigns to the CISO role, especially as we progress in our goal to become a data-driven, digitally capable regulator.”

This decision is in line with broader movements within the Australian public sector, where agencies are increasingly elevating cybersecurity leadership to executive levels in light of escalating threats and public concerns stemming from major data breaches in recent times.

Organizational Shifts Indicate a New Chapter for ASIC

Norton’s appointment follows another important leadership shift at ASIC. In February, the previous Chief Data and Analytics Officer, Darshil Mehta, left after five years to join King & Wood Mallesons. The consecutive changes signal that ASIC is undergoing a significant overhaul of its digital leadership, with a refreshed concentration on technology, security, and data analytics.

These modifications are likely components of ASIC’s comprehensive strategy aimed at improving its regulatory efficiency and resilience in an ever-changing financial and technological environment.

Cybersecurity Gains Prominence in Government Agencies

The elevation of the CISO position at ASIC reflects a larger trend seen across government bodies at both federal and state levels. Following significant cybersecurity events affecting organizations like Optus and Medibank, there has been a focused effort to elevate the cyber maturity of the public sector. The Australian Cyber Security Strategy 2023–2030 articulates an aspiration for Australia to emerge as the most cyber secure nation by 2030. ASIC and similar agencies are anticipated to play a crucial role in this national directive, both as regulators and exemplars of cyber resilience.

With Norton in charge, ASIC is poised not only to safeguard its own digital infrastructure but also to shape the cybersecurity practices of the financial sector through its regulatory oversight.

Summary

Jamie Norton’s selection as ASIC’s new Chief Information Security Officer signifies a strategic advancement towards strengthened cybersecurity governance within the commission. With a background that spans both public and private sectors—including his tenure at the ATO, McGrathNicol, and NEC Australia—Norton’s proficiency will be critical in steering ASIC through its digital evolution. The elevation of the CISO role to senior executive status underscores the regulator’s dedication to cybersecurity as a primary focus, aligning with national initiatives to bolster cyber resilience across Australian organizations.

Q: Why did ASIC change the classification of the CISO role?

A:

ASIC redefined the CISO role to that of a senior executive leader to signify the increasing significance of cybersecurity in its functions and regulatory duties. This adjustment ensures that the role possesses greater strategic impact and aligns with the organization’s digital transformation objectives.

Q: Who is Jamie Norton, and what are his qualifications?

A:

Jamie Norton is a well-regarded cybersecurity professional with vast experience in both the public and private sectors. Before assuming his role at ASIC, he worked as a partner at McGrathNicol and served as CISO at the Australian Taxation Office. He has also held senior positions at NEC Australia and Check Point.

Q: What implications does this appointment have for ASIC’s cybersecurity strategy?

A:

Norton’s onboarding signals a reinforced emphasis on cybersecurity at ASIC. As the CISO, he will oversee the enhancement of the organization’s cyber capabilities, support regulatory efforts, and contribute to national cyber resilience initiatives.

Q: How is this development consistent with wider public sector cybersecurity trends?

A:

This initiative aligns with a general trend among Australian government entities to elevate cybersecurity leadership due to rising cyber threats. It represents a strategic shift to approach cybersecurity as a matter of executive-level importance.

Q: What other leadership changes have taken place at ASIC recently?

A:

In addition to Norton’s appointment, ASIC’s Chief Data and Analytics Officer, Darshil Mehta, recently departed the agency after five years to join King & Wood Mallesons. These transitions indicate a wider reorganization of ASIC’s digital leadership.

Q: How will Norton’s experience in both private and public sectors benefit ASIC?

A:

Norton’s diverse experience equips him with a profound comprehension of cybersecurity from both operational and strategic angles. His ability to connect government compliance with private sector innovation is expected to enhance ASIC’s cybersecurity capacity.

Q: What are ASIC’s broader ambitions as a regulator in a digital landscape?

A:

ASIC aspires to evolve into a data-driven, digitally proficient regulator capable of proactively monitoring and mitigating risks within Australia’s financial systems. Fortifying its cybersecurity framework is a foundational component of this evolution.

Quick Overview: Key Insights from the 2025 Benchmark Awards in Tech Excellence

• The 2025 Benchmark Awards celebrated Australian organizations and leaders who are leading the charge in innovation and digital transformation.
• Winners demonstrated excellence in areas such as cybersecurity, cloud services, data integration, sustainability, and digital inclusivity.
• Prominent Australian firms such as NAB, Woolworths, and Services Australia emerged as notable winners.
• Collaboration between the public and private sectors was a consistent theme in the award-winning projects.
• The awards indicate a rising emphasis on ethical technology, inclusive services, and sustainability within the local tech landscape.
• TechBest continues to spotlight exemplary practices and leadership that are shaping Australia’s digital future.