Complex Regimes: Mapping Australia's Cyber Security Regulatory Landscape for Cloud Services

Background and aims The cloud services sector supplies significant benefits to Australia’s economy but the sector itself and its customers rely on robust cyber security protection. In Australia, the sector is undergoing a significant regulatory reset, in part due to the reforms to Australia’s critical infrastructure legislative framework, which include amendments to the Security of Critical Infrastructure Act 2018 (Cth) (SOCI). This reset is influenced and accentuated by changes in the industry, such as the increased uptake of cloud services by Australian businesses and governments, and new security threats. This report aims to map the relationships between, and obligations of, cloud services providers and other businesses, and government, and specifically in five industry sectors: data storage or processing; transport (freight); water; energy (electricity) and financial markets and services. This includes cloud services providers, who form part of the supply chain for others who have security obligations; and cloud service providers, who have direct obligations, such as being responsible entities for critical infrastructure assets and/or systems of national significance under the critical infrastructure reforms. It aims to assist the cloud industry and its customers navigate new legislation along with existing cyber security regulations and guidance documents. It aims to provide guidance to Parliament and government agencies on current problems with the cyber security obligations placed on cloud services providers, and the best ways to overcome those problems to bolster sustainable and robust cyber security in cloud services provision. Analysis In this report, we critically analyse the current cyber security regulatory regime and its impact on cloud service providers and customers and: (1) identify and describe key elements of existing regulatory and guidance instruments regulating cyber security; (2) identify areas of overlap, duplication, inconsistency, and lack of clarity in those instruments; and (3) provide recommendations on improving the current regulatory framework. Findings The legal and regulatory framework regarding cloud service providers and cyber security is unclear and inconsistent, a problem exacerbated by changes imposing significant new obligations and costs on cloud service providers. Federal and state governments and regulators have implemented numerous legislative, policy, strategy, and guidance instruments to bolster cyber security, which apply to the cloud services sector. However, many of these are not well-aligned, resulting in cyber security obligations and guidance that are unclear, difficult to navigate, and duplicative in many cases. This complex regulatory landscape is likely to result in increased costs, variable compliance, and decreased confidence in provision of cyber security services by cloud service providers. These problems are exacerbated by new obligations on the data storage or processing sector imposed by the legislative reforms relating to critical infrastructure assets and systems of national significance. Recommendations Cloud service providers (particularly SMEs) face significant barriers to consistent and cost-effective cyber security compliance. This may result not only in weaker cyber security protections but a less competitive cloud services sector as well. In summary, we recommend: 1. formalise a forum under terms of reference for collaboration between cyber regulators across jurisdictions and across industry sectors; 2. creation and allocation of a cyber security regulatory unit or role to every sector-specific and cross-sectoral regulator, whose responsibility is to coordinate with the Cyber and Infrastructure Security Centre and provide expert guidance on regulatory matters to their regulator; 3. recommend Standards Australia, in partnership with cyber regulators, review standards relevant to cyber security in the cloud services sector to identify the concerns of users and any blockers to the adoption of international standards in Australia; 4. review supply chain risk management processes between Standards Australia, and cyber regulators to identify opportunities for innovations to securing a cyber supply chain framework fit for purpose; 5. create ‘equivalence’ principles for cyber security standards to inform legislation or guidance

Proteomic Biomarkers for the Prediction of Transition to Psychosis in Individuals at Clinical High Risk: A Multi-cohort Model Development Study.

Psychosis risk prediction is one of the leading challenges in psychiatry. Previous investigations have suggested that plasma proteomic data may be useful in accurately predicting transition to psychosis in individuals at clinical high risk (CHR). We hypothesized that an a priori-specified proteomic prediction model would have strong predictive accuracy for psychosis risk and aimed to replicate longitudinal associations between plasma proteins and transition to psychosis. This study used plasma samples from participants in 3 CHR cohorts: the North American Prodrome Longitudinal Studies 2 and 3, and the NEURAPRO randomized control trial (total n = 754). Plasma proteomic data were quantified using mass spectrometry. The primary outcome was transition to psychosis over the study follow-up period. Logistic regression models were internally validated, and optimism-corrected performance metrics derived with a bootstrap procedure. In the overall sample of CHR participants (age: 18.5, SD: 3.9; 51.9% male), 20.4% (n = 154) developed psychosis within 4.4 years. The a priori-specified model showed poor risk-prediction accuracy for the development of psychosis (C-statistic: 0.51 [95% CI: 0.50, 0.59], calibration slope: 0.45). At a group level, Complement C8B, C4B, C5, and leucine-rich α-2 glycoprotein 1 (LRG1) were associated with transition to psychosis but did not surpass correction for multiple comparisons. This study did not confirm the findings from a previous proteomic prediction model of transition from CHR to psychosis. Certain complement proteins may be weakly associated with transition at a group level. Previous findings, derived from small samples, should be interpreted with caution

Proteomic biomarkers for the prediction of transition to psychosis in individuals at clinical high risk: a multi-cohort model development study

Psychosis risk prediction is one of the leading challenges in psychiatry. Previous investigations have suggested that plasma proteomic data may be useful in accurately predicting transition to psychosis in individuals at clinical high risk (CHR). We hypothesized that an a priori-specified proteomic prediction model would have strong predictive accuracy for psychosis risk and aimed to replicate longitudinal associations between plasma proteins and transition to psychosis. This study used plasma samples from participants in 3 CHR cohorts: the North American Prodrome Longitudinal Studies 2 and 3, and the NEURAPRO randomized control trial (total n = 754). Plasma proteomic data were quantified using mass spectrometry. The primary outcome was transition to psychosis over the study follow-up period. Logistic regression models were internally validated, and optimism-corrected performance metrics derived with a bootstrap procedure. In the overall sample of CHR participants (age: 18.5, SD: 3.9; 51.9% male), 20.4% (n = 154) developed psychosis within 4.4 years. The a priori-specified model showed poor risk-prediction accuracy for the development of psychosis (C-statistic: 0.51 [95% CI: 0.50, 0.59], calibration slope: 0.45). At a group level, Complement C8B, C4B, C5, and leucine-rich α-2 glycoprotein 1 (LRG1) were associated with transition to psychosis but did not surpass correction for multiple comparisons. This study did not confirm the findings from a previous proteomic prediction model of transition from CHR to psychosis. Certain complement proteins may be weakly associated with transition at a group level. Previous findings, derived from small samples, should be interpreted with caution

The association between migrant status and transition in an ultra-high risk for psychosis population

Purpose: Migrant status is one of the most replicated and robust risk factors for developing a psychotic disorder. This study aimed to determine whether migrant status in people identified as Ultra-High Risk for Psychosis (UHR) was associated with risk of transitioning to a full-threshold psychotic disorder. Methods: Hazard ratios for the risk of transition were calculated from five large UHR cohorts (n = 2166) and were used to conduct a meta-analysis using the generic inverse-variance method using a random-effects model. Results: 2166 UHR young people, with a mean age of 19.1 years (SD ± 4.5) were included, of whom 221 (10.7%) were first-generation migrants. A total of 357 young people transitioned to psychosis over a median follow-up time of 417 days (I.Q.R.147–756 days), representing 17.0% of the cohort. The risk of transition to a full-threshold disorder was not increased for first-generation migrants, (HR = 1.08, 95% CI 0.62–1.89); however, there was a high level of heterogeneity between studies The hazard ratio for second-generation migrants to transition to a full-threshold psychotic disorder compared to the remainder of the native-born population was 1.03 (95% CI 0.70–1.51). Conclusions: This meta-analysis did not find a statistically significant association between migrant status and an increased risk for transition to a full-threshold psychotic disorder; however, several methodological issues could explain this finding. Further research should focus on examining the risk of specific migrant groups and also ensuring that migrant populations are adequately represented within UHR clinics