CNI Cyber Update: Horizon 2 of the 2023-2030 Australian Cyber Security Strategy

Key Insights

• The next phase of the 2023–2030 Australian Cyber Security Strategy has been launched
• 19 actions and 64 initiatives aimed at strengthening Australia’s cyber security by the end of 2028
• Horizon 2 delivers practical steps to improve resilience and "reduce real-world impact on Australians and businesses"
• Protecting critical infrastructure and government systems is top of mind for the next phase of the six core defensive "cyber shields"
• Shield 4 - Protected critical infrastructure was designed to implement strict security obligations, compliance regulations, and scenario-based stress tests for essential sectors

Australia launches Horizon 2 cyber initiatives for 2028 delivery

The Australian Government has reaffirmed its commitment to positioning Australia as "a world leader in cyber security by 2030" with the launch of the Horizon 2 Action Plan this week.

Originally outlined in the 2023-2030 Australian Cyber Security Strategy, Australia set out a significant target for the country in response to a series of major breaches and incidents and audits that found many of the Government's own systems were vulnerable to attack and exploitation.

The Minister for Cyber Security, the Hon Tony Burke MP, has documented the latest series of initiatives designed to strengthen cyber maturity across the Australian economy, society and digital infrastructure.

In total, there are 19 actions and 64 initiatives to deliver before the end of 2028 with an ambitious number of items to delivery on over the next 30 months.

Maturing cyber security across Australia

Horizon 2 will deliver security uplift over 2026 to 2028 for members of the public, community groups, not‑for-profit organisations, businesses and industry

Partnerships sits at the heart of the national strategy and the Government is running several consultations to ensure that key assets are protected and regulation keeps pace with an evolving threat landscape.

Overcyte has previously covered the SOCI Act 2018, produced a Compliance Guide for Critical Infrastructure, an Essential Eight OT Compliance Checklist and reviewed how the country aims to strengthen CNI by targeting security uplift in areas of greatest risk.

The full Action Plan for Horizon 2 of the 2023-2030 Australian Cyber Security Strategy has details on every planned activity and timelines. There is also a fact sheet for industry and critical infrastructure.

Supporting Systems of National Significance and government supply chains is prioritised with a focus on intelligence sharing and defending against evolving threats.

Governance activities also address day to day issues such as an Industry Data Classification Framework and working to protect data sets of national significance. Future focused activities also include quantum security threats and protecting AI infrastructure.

The key high level items are:

4.1 Harden Australia’s critical infrastructure

a. Uplift the cyber security of Australia’s critical infrastructure.

b. Protect Australia’s foundational cyber infrastructure.

4.2 Uplift cyber security of the Australian Government

a. Mature the government’s cyber security baseline.

b. Prioritise the protection of our most critical digital services.

c. Strengthen cyber resilience through more targeted government investment.

4.3 Drive greater collaboration and coordination across all levels of government

a. Promote the expansion of coordination and support across jurisdictions to uplift cyber security policy alignment.

Get involved with Horizon 2 activity

Australia's Department of Home Affairs are hosting an online public town hall to discuss delivery of the Horizon 2 Action Plan later in July.

Attendees will hear from government about the new program of work to uplift Australia’s cyber maturity over the next three years and  opportunities to get involved.

With critical national infrastructure customers in key industries across Australia, Overcyte will be keeping an eye on developments across the Tasman.

We will also be hosting an upcoming webinar on applying threat intelligence to Australian organisations in July. Register now to learn more about the work of CI-ISAC and how threat intelligence is more important than ever.