Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Earlier this week, The Australian broke the news that the Cyber Touhan hacking group stole classified plans for Australia’s new infantry fighting vehicles, a $7B AUD procurement program, in a massive cyber-attack targeting 17 Israeli defence contractors in the supply chain. The attack was carried out by targeting a downstream supplier, MAYA Technologies, exploiting vulnerabilities in their network and peripherals to gain access to sensitive data.

In response to evolving digital risks and growing concerns about data misuse, Australia has introduced a substantial privacy reform via the Privacy and Other Legislation Amendment Act 2024 (POLA Act) passed on December 10, 2024 Designed to modernise the country’s privacy framework and better align it with international standards like the General Data Protection Regulation (GDPR), the POLA Act marks a pivotal shift in how personal information is defined, managed, and protected.

Historically, secure communication across allied nations has been hindered by disparate standards and manual tagging processes. The challenge: each nation and its respective defense agencies have their own data classification and security standards and protocols, making interoperability between allies a constant struggle.

Australia’s updated Protective Security Policy Framework (PSPF) now mandates the adoption of Zero Trust principles. Australia’s Protective Security Policy Framework (PSPF) Annual Release 2025 now formally mandates the adoption of zero trust principles to improve cybersecurity posture. Government organisations must now align their cybersecurity strategies with the Information Security Manual and the Guiding Principles to Embed a Zero Trust Culture.

As organizations move to the cloud, ensuring robust data security and privacy controls has become a top priority. Encryption is crucial for any organization’s cloud security and data sovereignty strategy; however, who controls the encryption keys can significantly affect the effectiveness of these measures.

The debate over data sovereignty spurred by the U.S. CLOUD Act is intensifying. On June 10, 2025, France’s Senate held a hearing on the role of procurement in data sovereignty, where Anton Carniaux, Director of Public and Legal Affairs at Microsoft France, testified. He stated he could not guarantee that data from French citizens would not be shared with U.S. authorities without explicit authorization from French authorities.

With the abundance of compliance requirements that organizations must comply with, such as HIPAA, PCI and GDPR to name a few, there is an increasing need for organizations to properly classify sensitive data and safeguard it accordingly. Identifying and classifying sensitive data is a crucial initial step in an organization’s compliance journey.

Organizations today face an unprecedented challenge: their most valuable assets can disappear in a matter of milliseconds through accidental sharing, malicious theft, or simple human error. Data Loss Prevention is a strategic approach to safeguarding information before it crosses organizational boundaries, acting as both a guardian and a gatekeeper for critical business assets.

Partners in the defence supply chain, including manufacturers, distributors, and service providers, play a critical role in supporting national security initiatives. These entities frequently handle sensitive and classified information, which necessitates a robust framework of cybersecurity measures. To safeguard this sensitive data from potential breaches and cyber threats, they are required to adhere to stringent government-mandated cybersecurity protocols.

Implementing the right separation and information protection needed to meet defense and national security requirements is often challenging. As government and defense organisations continue to face increasingly sophisticated threats, cybersecurity must evolve to incorporate new technologies and methodologies where applicable. Dynamic Multi-Level Security (MLS) offers a solution.