Small businesses seeking contracts with the Department of Defence can now access a cyber security guide to help ensure they are best-placed to secure the job.
The Working Securely with Defence guide, which was developed by the national employer association Australian Industry Group (Ai Group) in partnership with the Department of Defence, seeks to address the reasons why small to medium defence firms fail to secure contracts.
Due to poor cyber security practices, up to 40% of small to medium businesses are rejected from defence contracts, The Australian Financial Review reports.
Launching the guide on Monday, Innes Willox, chief executive of Ai Group, said threats to the security of defence and industry are “increasingly pervasive and alarming”.
“Companies throughout the supply chain must have the right security credentials in place to protect defence and industry information and assets,” Willox said.
“Having the right security capabilities in place is essential for all business, and none more so than in the defence sector.”
Applying for the Defence Industry Security Program
The guide encourages small businesses in the defence industry to apply for membership to the Defence Industry Security Program (DISP).
In some cases, holding DISP membership is mandatory for businesses doing sensitive or classified work, including at non-defence facilities.
The guide details how businesses can become eligible for membership and gives practical guidance on how Australian organisations can protect themselves from a range of security threats.
Defence industry legislation and reporting
The guide also summarises the legislative and policy framework that businesses providing services in the defence industry operate in.
These include the Australian Government Protective Security Policy Framework, the Defense Security Principles Framework, the Australian Government Information Security Manual, the Espionage and Foreign Interference Act and the Criminal Code Act, among others.
The guide says it is important that businesses understand the changing regulatory environment of the defence industry as well as the reporting requirements, which affect businesses both inside and outside the defence security environment.
Working in a defence industry supply chain
Finally, the guide has an FAQ for small businesses that want to partner with larger firms in the defence supply chain.
It also specifies the security obligations that businesses have when sharing information, and what to do in the case of a security breach.
The 122-page guide is part of a broader campaign that seeks to lift standards across the industry and support small-to-medium businesses across the defence supply chain.