NBN Co Launches Bold New Five-Year Security Plan
We independently review everything we recommend. When you buy through our links, we may earn a commission which is paid directly to our Australia-based writers, editors, and support staff. Thank you for your support!
NBN Co Introduces New Five-Year Security Framework for Strengthened Cyber Defense
NBN Co, the operator of Australia’s national broadband network, has launched a new five-year security framework with the objective of aligning with the Australian government’s cyber security initiatives while establishing security as a facilitator for business growth. This extensive strategy aims not just to safeguard essential infrastructure but also to enhance NBN Co’s business goals through effective security measures.
Quick Overview
- The new five-year security framework from NBN Co corresponds with Australia’s 2023-2030 cyber security agenda.
- The framework merges both physical and cyber security into an integrated security structure.
- A primary emphasis is placed on risk quantification in monetary terms, aimed at clarifying security risks for executives and board members.
- The strategy complies with government measures such as the Protective Security Policy Framework (PSPF), ASD’s Essential 8, and the NIST Cybersecurity Framework.
- Management of third-party risks and workforce-related issues are also incorporated into the framework.
Aligning with National Cyber Security Objectives
NBN Co’s fresh five-year security framework emerges as Australia intensifies its endeavors to safeguard its digital infrastructure. This strategy closely correlates with the Australian Government’s 2023-2030 Cyber Security Strategy, which seeks to enhance the nation’s cyber resilience. Tasked with managing one of Australia’s most vital infrastructures, NBN Co is taking a forward-thinking stance to ensure alignment with national standards and laws, such as the Security of Critical Infrastructure (SoCI) Act.
Chief Security Officer Darren Kane has highlighted the strategy’s nature as a “living document,” which can adapt to new threats and opportunities. This level of adaptability is critical in a rapidly changing threat landscape, necessitating that security frameworks remain both comprehensive and flexible.
Unified Security: An Integrated Model
NBN Co is a front-runner in Australia, implementing a unified security model. This strategy consolidates physical, human resources (HR), and IT security under one executive leader. As Kane points out, this integrated oversight of all security dimensions allows for a fuller understanding of security threats and the optimal ways to mitigate them.
“Having a single accountable leader for all security aspects allows us to have a transparent, detailed picture of possible risks and manage them effectively,” Kane stated. This framework streamlines risk management, resource distribution, and post-incident evaluations, easing the identification of failures in the case of a security breach.
Risk Quantification: Making Business Case for Security
A remarkable aspect of NBN Co’s updated strategy is its emphasis on risk quantification in economic terms. Kane has accentuated the necessity of conveying security risks in a manner that executives and board members readily comprehend—dollars and cents.
In a time where cyber threats can lead to considerable fiscal consequences, articulating risk in monetary terms permits executives to fully appreciate the gravity of potential risks and the significance of investing in security protocols. Kane strongly supports this perspective, observing that while technical jargon is commonplace in the industry, a more straightforward form of communication is vital for acquiring executive endorsement.
“Utilizing the language of business allows us to explain risks and necessary mitigating actions in a way that connects with the CEO, CFO, and other pivotal stakeholders,” Kane remarked. This strategy not only assists in securing requisite resources but also guarantees that every member of the organization recognizes the necessity of solid security practices.
Ensuring Adherence to Government Frameworks
NBN Co’s five-year framework is crafted to comply with several essential governmental frameworks, including the Protective Security Policy Framework (PSPF), the Australian Signals Directorate’s (ASD) Essential 8, and the National Institute of Standards and Technology (NIST) Cybersecurity Framework. These frameworks provide organizations with directives for safeguarding their critical assets and ensuring resilience against cyber threats.
Adhering to these frameworks is not merely a regulatory obligation but also a corporate necessity. As the guardian of Australia’s national broadband network, NBN Co is responsible for ensuring that its infrastructure remains secure and resilient, consequently enhancing the country’s cyber security stance.
Tackling Third-Party Risks and Human Issues
Another pivotal component of the strategy focuses on managing third-party risks and human-related challenges. In today’s interconnected environment, third-party vendors and associates can introduce considerable security risks if not adequately controlled. NBN Co’s strategy aims to reduce these risks through strict third-party security policies.
Moreover, the strategy acknowledges the importance of the human factor in security. Cybersecurity extends beyond just technology; it fundamentally involves people. Training, awareness, and fostering a robust security culture are vital to ensuring that employees and stakeholders are ready to confront potential threats.
Conclusion
NBN Co’s new five-year security framework is an all-encompassing plan intended to align with national cyber security aims, consolidate physical and cyber security efforts, and express risks in financial terms. The framework is designed for adaptability, enabling NBN Co to tackle emerging risks while ensuring adherence to government frameworks. By emphasizing third-party risk management and the human aspect of security, NBN Co aspires to establish a strong security foundation that not only protects essential infrastructure but also facilitates business advancement.
Q: What is the main goal of NBN Co’s new five-year security framework?
A:
The main goal of NBN Co’s new five-year security framework is to align with Australia’s 2023-2030 cyber security strategy while establishing security as a business facilitator. The framework also strives to protect the national broadband network and secure compliance with various governmental frameworks.
Q: What role does converged security play in NBN Co’s strategy?
A:
Converged security incorporates physical, HR, and IT security into a unified function led by a single executive. This strategy provides a thorough comprehension of security risks and enables more efficient management and mitigation of those risks.
Q: Why is risk quantification in economic terms essential?
A:
Quantifying risk in financial terms is vital as it converts security risks into a language that executives and board members can easily grasp—dollars and cents. This approach aids in securing vital resources and ensures that all stakeholders appreciate the significance of strong security practices.
Q: How does NBN Co’s strategy approach third-party risks?
A:
NBN Co’s strategy involves stringent third-party security measures to manage risks from vendors and partners. This is essential in the modern interconnected landscape where third-party relationships can introduce significant security vulnerabilities if not properly managed.
Q: Which frameworks does NBN Co’s strategy align with?
A:
The strategy aligns with several crucial government frameworks, including the Protective Security Policy Framework (PSPF), the Australian Signals Directorate’s (ASD) Essential 8, and the National Institute of Standards and Technology (NIST) Cybersecurity Framework.