Exploring Cyber Security Policy Options in Australia
ResearchPublished Aug 7, 2017
RAND conducted a cyber security exercise with participants from government, industry, think tanks, academia, and the media in Canberra, Australia. The goal was to explore opportunities to improve cyber security, assess the implications of possible solutions, and inform Australia's next national Cyber Security Strategy.
ResearchPublished Aug 7, 2017
Today's cyber environment presents unlimited opportunities for innovation, interaction, commerce, and creativity, but these benefits also bring serious security challenges. Satisfactory solutions will require building partnerships among public and private organizations, establishing mechanisms and incentives to foster routine information sharing and collective defense, and educating users about their role in thwarting increasingly sophisticated attacks. RAND developed and conducted a cyber security exercise in Canberra, Australia, that aimed to capture the widest possible range of stakeholder perspectives. Participants represented government, the private sector, think tanks and academic institutions, industry associations, and the media. The goal was to explore the challenges Australia faces in securing cyberspace by placing pressure on government authorities, industry capabilities, users' tolerance for malicious cyber activity, and the ability to develop interdisciplinary solutions to pressing cyber security challenges. The exercise was structured around two plausible cyber security scenarios set in the near future, and this was the third in a series of cyber security exercises developed by RAND. The two prior exercises were conducted in the United States — in Washington, D.C., and at the University of California, Berkeley, near Silicon Valley. Like these prior events, the Australian exercise provided a rich set of observations and options to strengthen cyber security and enforcement while protecting the benefits afforded by a free and open Internet.
The research described in this report was funded by a grant from the William and Flora Hewlett Foundation as part of its Cyber Initiative and conducted within the Acquisition and Technology Policy Center of the RAND National Security Research Division (NSRD) and the Science, Technology and Policy Program of RAND Justice, Infrastructure, and Environment (JIE).
This publication is part of the RAND research report series. Research reports present research findings and objective analysis that address the challenges facing the public and private sectors. All RAND research reports undergo rigorous peer review to ensure high standards for research quality and objectivity.
This document and trademark(s) contained herein are protected by law. This representation of RAND intellectual property is provided for noncommercial use only. Unauthorized posting of this publication online is prohibited; linking directly to this product page is encouraged. Permission is required from RAND to reproduce, or reuse in another form, any of its research documents for commercial purposes. For information on reprint and reuse permissions, please visit www.rand.org/pubs/permissions.
RAND is a nonprofit institution that helps improve policy and decisionmaking through research and analysis. RAND's publications do not necessarily reflect the opinions of its research clients and sponsors.