The Australian Department of Home Affairs has opened a public consultation to shape the nation’s cybersecurity policy. As part of its ongoing efforts to improve cyber resilience, the government is inviting feedback on its zero-trust approach, a key element of the 2023–2030 Cyber Security Strategy. This initiative seeks to better protect Australian infrastructure and systems from emerging cyber threats. The consultation, which began on December 2, 2024, will run until February 28, 2025, giving the public ample time to share their views and contribute to the policy’s development.
A central focus of the consultation is the five guiding principles outlined by Home Affairs for embedding a zero-trust culture across government operations. These principles aim to guide organizational changes necessary for adopting a zero-trust approach, which emphasizes strict verification for all users, devices, and systems within the network. The government recognizes that evolving cyber threats require a comprehensive and coordinated response across sectors, including industry and government stakeholders, and the consultation process is designed to foster collaboration.
The Home Affairs department particularly seeks input from cybersecurity professionals, organizations that are planning or already implementing cyber resilience programs, and Commonwealth providers. Feedback is crucial in ensuring that all impacted parties are aligned and that the policies enacted will be both effective and practical. By including diverse perspectives, the department aims to build a robust cybersecurity framework that addresses current and future challenges.
In addition to the zero-trust principles, the consultation will also contribute to ongoing revisions of various policy frameworks, including the Protective Security Policy Framework 25 and the Hosting Certification Framework. Home Affairs stated that these frameworks will be updated to reflect the guiding principles, supporting the development of resilient digital infrastructure. The department stressed that continuous verification, risk mitigation, and collaboration are essential components of Australia’s path toward enhanced cybersecurity resilience.
Reference:
