Welcome to my CSU ITC571 202130 Capstone Project Blog, contributing to and required in fulfillment of my Master of Cyber Security.

To read more about me, as the writer and researcher of this project, visit the About Me page.

My Project title is: Cybersecurity Standards Required of US and Australian Defence Supply Chains: Disparity of Standards and SME Achievability

The project has been selected based on a period of 20+ years working in Defence and Defence supply chain businesses, within Australia. Also a fascination with the dispirit, limited requirements and assistance provided to the deeper and smaller members of the Australian and United States defence supply chains, for Cyber Security.

With the growth of the Defence supply chain in Australia, much of that growth shared among thousands of SMEs across the country, I feel this is a timely and relevant topic to research and write on. Our capstone project lecturer/supervisor agreed. The topics raised and key questions and problem domains arising in this work, have significant value to the Australian defence industry and are also having impact within SME areas of the US defence supply chain too.

This topic for my final research project and report, also aligns directly with the stream of my studies, Master of Cyber Security, but also closely aligns with the work I currently do, consulting to SMEs in the Australian and US defence supply chains, for ICT Management, Cyber Security, Governance, Risk Management and Compliance.

I hope this work is found satisfactory in completion of requirements of the Master, but also has value to the industry and particularly SMEs, in their effort for understanding, compliance and certification, within their industry.

This blog provides for feedback from my cohort of fellow students and others with interest in the topic, through the Recent Posts and Recent Comments sections of the blog. This is not required by the project, but is required by me, in order to understand how people view the work. Thank you.

Abstract

It is estimated more than 3000 Australian businesses, many of them small and medium businesses, have successfully entered Australian and US defence supply chains.

Concurrently with development of defence supply chain capability, the threat profiles for defence industry participants have been rapidly evolving. In response to evolving threats, many Cyber Security standards and frameworks have been evolving also. Notably, Cyber Security standards, including those required of defence supply chain participants, now incorporate Maturity Models.

This raises several critical problem domains:

• disparity between US and Australian cyber security requirements, along with certification of defence supply chain contributors;
• deficiency in available Cyber Security professionals to elevate the supply chain security posture, compliance and certification;
• with reference to the Small and Medium Enterprises (SME), access, equity, affordability and achievability in meeting expectations of defence supply chains.

This research project aims to highlight difference between required Cyber Security standards and maturity models.

Investigating availability of Cyber Security resources for concurrently elevating cyber security postures and achieving certification.

Addressing the risks associated with the potential failure of the smaller contributors to elevating their posture to achieve compliance.