By far the greatest part of Australia’s discourse on cybersecurity is focused on the protection of systems: the software, the hardware and the communications networks that provide the access, storage and carriage of sensitive information. Without doubt, this is vitally important. After all, it is within the systems of information management that cyber vulnerabilities exist, and it is through understanding the capabilities of adversaries and vulnerabilities of systems that security can be strengthened.

But the thorough analysis of security threats requires more than just ‘capability’. We also need to assess ‘intent’. And more often than not, the intent that motivates a cyberattack is access to data. It’s the data that needs to be protected from exfiltration, manipulation or destruction, because it’s the data that holds information critical to Australia’s agency and success as a sovereign nation. To date, however, there has been very little serious analysis of Australia’s critical data assets or the national policy settings required for the proper recognition and management of this important national resource.

This report fills that gap, and comes at a crucial time as all Australian Government agencies continue on the path of digital transformation. Anne Lyons has reminded us all that our national identity assets form the heart of who we are as a nation, and her recommendations provide a sharply focused action plan for a whole-of-government policy framework that looks beyond the temporary, technology-driven threats and vulnerabilities affecting the current generation of government ICT and addresses instead the very foundation of Australia’s digital future—the precious data that defines us.