Are you cyber ready?
Australian businesses grapple with cyber resilience – Cyber Risk Report 2024 out now!
In this podcast series, we explore all things cyber, including the legal, regulatory and policy developments that impact corporate Australia. We will do this by speaking to those people who are shaping the Australian legal and regulatory environment. Those who are on the front line, protecting Australian companies from cyber incidents.
Australian businesses grapple with cyber resilience – Cyber Risk Report 2024 out now!
In true Christmas spirit, we decided to deliver what many have been asking for….in this episode we cross examine Lieutenant General Michelle McGuinness, Australia’s National Cyber Security Coordinator.
As the Coordinator, she leads national cyber security policy, the coordination of responses to major cyber incidents, whole of government cyber incident preparedness efforts, and the strengthening of Commonwealth cyber security capability.
If you experience a major cyber incident, you will invariably meet Michelle.
She has served in the Australian Defence Force for 30 years and has a deep passion for learning and educating. This comes through in spades throughout the podcast.
I am also joined by Magda Blanch-de Wilt, our cyber risk advisory lead. Together we tackle a broad set of issues without interruption. This is a single episode…your bumper Christmas special.
I hope you enjoy the discussion. Cross examining Lieutenant General Michelle McGuinness. Thanks for listening. Here we go….
Part 1
In this episode, Cam is joined by Kaman Tsoi, one of the country’s most experienced and respected privacy lawyers. Together they cross-examine Privacy Commissioner Carly Kind.
Commissioner Kind takes on her first role in the public sector (at the OAIC). She had a successful career working in human rights law with the UN (spending time in Geneva, New York and London) and then moved into privacy (and the intersection of human rights with technology). She has worked on strategic litigation and privacy policy advice. She is the founding director of the Ada Lovelace Foundation.
In today’s podcast we talk about the privacy reform agenda, the role of the regulator in strategic enforcement and the efficacy of the notifiable data breach regime.
Commissioner Kind is an impressive individual, who brings a very practical approach to the role.
Part 2
In this episode, Cam is again joined by Kaman Tsoi and, together, they continue the cross-examination of Privacy Commissioner Carly Kind.
In this podcast, we talk about the role of the board, the OAIC’s enforcement approach and the Cyber Security Strategy, including the Commissioner’s view on the extortion demand ‘conundrum’. Commissioner Kind also offers some wise words on what it takes to be a good lawyer in the cyber space…courageous!
Commissioner Kind is a very impressive individual. She brings a very pragmatic perspective to the role and her personality is coming through in the OAIC’s approach and engagement.
Part 1
In this episode, we talk to David Thodey, one of our most respected company directors and currently Chair at Xero and Ramsay Healthcare.
Carolyn Pugsley (part of our market leading Head Office Advisory Team) and I talk to David about his career journey and provides some incredibly valuable insights into the role of a director and board in a cyber incident. Our discussion was so rich, we decided to break the podcast in two (we actually toyed with a series of podcasts with David alone).
Part 2
In this episode, Cam is joined by Carolyn Pugsley, an advisor to boards and a leader in corporate governance advice. Together we continue our discussion with David Thodey.
Today, we shift focus to some of the more challenging themes. We talk about the Cyber Strategy and payment of extortion demands. We also ask for David’s guidance for directors when dealing with the cyber challenge and ask him whether we are winning the cyber battle.
We start this podcast by asking for his observations on the responsibility that educational institutions play in helping with cyber education uplift.
Again, David’s thoughts are both considered, insightful and practical.
Cyber Security: How to keep data safe in the digital age
Bigger is not always better, especially when it comes to data.
In a digitised world, it is possible to collect reams of data on customers, but at what cost? Many companies don’t even realise they’re suffering an extreme case of ‘bad data hygiene’ which in the face of a cyber incident, could be critical.
Laura Newton, a regulatory lawyer and cyber incident response lead at Herbert Smith Freehills, explains best practices for managing customer data, how to prepare for a cyber incident, and what to do if an incident breaks out.
Part 1
In this episode, we talk to Ms Abigail Bradshaw, the Head of the Australian Cyber Security Centre (ACSC). Throughout her career, Abi has held a number of critical security related positions, including within the Department of Prime Minister and Cabinet and various senior roles in the Department of Home Affairs.
Ms Bradshaw began her career in the Royal Australian Navy, was awarded the Conspicuous Service Cross in 2005 and holds a Bachelor of Laws and a Bachelor of Asian Studies. A fascinating start to a remarkable career in the public service.
In this episode (part 1 of 2), Abi talks about her career and the increasing relevance of the ACSC. She provides a unique perspective to the cyber challenge, one that is based on resilience uplift across the economy.
Part 2
This is part two of our ‘cross examination’ of Ms Abigail Bradshaw, head of the Australian Cyber Security Centre.
In this episode, Abi notes that “a cyber criminal will attack the networks you have, not the network you think you have”. Such an important perspective! We also look at the role of the ACSC, the benefit of threat intelligence sharing and the way in which the ACSC can assist an entity (both with advice, technical assistance or disruptive actions). Abi also calls out her top 6 non-negotiables for building cyber resilience. Fantastic content.
In this episode we talk with the Dr Marcus Thompson. Marcus was a Major General in the Australian Army, and the inaugural head of information warfare with the ADF. Since retiring from the armed forces, Marcus has been incredibly active in the cyber space. .
He’s probably one of the more well known public commentators, he advises numerous companies in cyber strategy and sits on a number of boards, including a number of cyber security companies.
Marcus comments on his role with the ADF and the transferability of his cyber skills to the corporate world. He also offers some excellent insights on board engagement and building cyber resilience, including the need to undertake simulations. Importantly, Marcus talks about the role that veterans can play when they re-enter in the workforce and the role we all play in facilitating that. While his comments resonate well beyond cyber, notably, a number of ADF veterans are now leading some of our most successful cyber companies.
It was great to speak with Marcus. I’m sure you’ll enjoy this podcast, Episode Seven of our podcast services. Cross examining Dr Marcus Thompson. Here we go…
Listen to Episode 7
Part 1
In this episode we cross examine Andy Penn, previously CEO of Telstra and more recently the Chair of the Government’s Expert Advisory Board (leading the development of strategic advice to the Government in relation to the Cyber Security Strategy). We caught up with Andy from his home in Mexico (a town called San Miguel de Allende). Andy brings a level of industry and policy expertise that is unrivalled. Again, we have split the discussion in two. In this episode, we talk about the formation of the Cyber Security Strategy, the dynamics of cybercrime, what success looks like and offensive / defensive security strategies. There is more to come in our conversation, but let’s kick things off with part 1 of our cross examination of Andy Penn. Here we go…!
Part 2
In this episode, we finish our cross examination of Andy Penn, previously CEO of Telstra and more recently the Chair of the Government’s Expert Advisory Board . The conversation just gets better...
Andy makes some insightful comments about the similarities between our physical world and our digital world, and how this should guide our measure of success. We also take a closer look at the Cyber Strategy, the value in placing responsibility on those best placed to take responsibility, what does "good" look like, the value in managing data holdings, threat sharing / locking, the benefit of transparency and reporting (rather than banning extortion).
Andy also makes some incredibly relevant (and sobering) observations on the impact that compute power and quantum computing will have on our security settings (“…a Y2K event when don’t know the date…”).
Finally, I ask Andy “what makes a great lawyer”? Luckily, we come out of that question relatively unscathed.
Part 1
This is Episode 3 of Cross Examining Cyber, where we cross examine Bill Siegel, CEO & Co-Founder of Coveware. We could have talked to Bill for hours, so we have broken this podcast in two.
Part 1 covers a range of issues including the establishment of Coveware, the value of good data, cyber extortion payment trends, cyber extortion “business models” and the challenging geopolitics we all face. Here we go…
Part 2
In this episode, we return with Part 2 of our discussion with Bill Siegel, the CEO of Coveware. We look closely at Coveware itself (and its history), the scope of Coveware’s services, how threat actor negotiations unfold, banning ransom payments, the role of the cyber simulation and what makes a good simulation. We also discussed the role of the board during an incident and managed to squeeze some cyber predictions out of Bill, including the impacts of AI on the cyber landscape. This is a “must listen” episode!
Part 1
In our inaugural podcast, we are joined by Hamish Hansford, Deputy Secretary Cyber & Infrastructure Security, Home Affairs.
Part 2
Hot-on-the-heels of our inaugural podcast, we now bring you Cross Examining Cyber, Episode 2, the cross examination of Hamish Hansford (Part 2). We take the time to speak to Hamish about the SOCI Act, whether we are winning the war on cyber and the role of lawyers in the crisis room..
The contents of this publication are for reference purposes only and may not be current as at the date of accessing this publication. They do not constitute legal advice and should not be relied upon as such. Specific legal advice about your specific circumstances should always be sought separately before taking any action based on this publication.
© Herbert Smith Freehills 2024
We’ll send you the latest insights and briefings tailored to your needs