Australia’s federal opposition spokespersons on cybersecurity, Senator Kristina Keneally and Tim Watts MP, have presented a constructive direction to help Australia become cyber-secure. Their statement “We need policies that bring cybersecurity to the community and build cyber resilience throughout the country.” correctly highlights the need for cybersecurity amongst citizens, businesses, and government agencies alike.
Cybersecurity is not the exclusive domain of businesses and/or governments. However, it begins with national government leadership, through policies, example, and action. To be successful, such an important national government initiative demands a bipartisan approach. However, recent Australian cybersecurity history highlights a record of serious data breaches and hacking attacks, in both business and government sectors. We are a long way from success.
The current Covid-19 pandemic has seen an opportunistic spike in all forms of cyber-attack by bad actors. These bad actors have unleashed wave after wave of attacks on government agencies and businesses around the world. Their effectiveness highlights how policy makers, businesses, government agencies and citizens share a common failure to protect themselves from cyber-threats.
As with other national security or health & safety issues in the 21st century, attitudes towards cybersecurity need to change. Before the 1970s there was never an Australian culture of protecting passengers and drivers through compulsory use of car seatbelts; never a thought of alcohol and drug testing of drivers; and never comprehensive workplace occupational health and safety legislation, until bipartisan political approaches to legislation.
What does Australia need?
What Australia needs today is a government-led bipartisan cybersecurity taskforce involving government, through the Australian Signals Directorate (ASD), industry and our best research institutions. It must also harness our substantial and best in class private enterprise expertise in cybersecurity; something that is recognised and exported around the world.
There are many initiatives that a national cybersecurity taskforce could address. Moreover, such a taskforce should advise the Australian government on today’s urgent cybersecurity issues, including:
- The need for government to support the growth of cybersecurity skills in the private and public sectors.
- A better understanding of the problem of ‘cyber-resilience’, which will soon be made more complex through the arrival of quantum computing and its threat to ‘classical’ cybersecurity solutions.
- Continued underinvestment in cybersecurity, despite constant reporting by industry and technology analysts.
- The underestimation of cyber-threats and the risks they represent; financially, operationally, and existentially.
- The need for all organisations to see cybersecurity as a core business practice. Whatever their size or type, too many organisations neglect their cybersecurity.
- In the 21st century, a strong Australian economy requires global trust that Australia is a safe place in which to do business. The recent ransomware attack on Toll Holdings had repercussions not just for Toll and its stakeholders but also its customers and the wider national economy.
- The opportunity to leverage Australia’s sovereign world class cybersecurity technologies for our national security. Australia has the cybersecurity resources necessary to be self-reliant and resilient.
- An increased citizen understanding of cybersecurity’s role in national security; including how bipartisan national security policy settings are not limited to defence. Critical national infrastructure such as telecommunications, health, energy, and cybersecurity are all essential to national security and national independence.
- Active government support for home-grown cybersecurity capabilities (software and hardware) and education is essential. Government leadership requires prioritising Australian cybersecurity for procurement. A “buy Australian” mandate (where the capability exists) is essential to encouraging private investment.
- Continued bipartisan support for organisations including AustCyber and Austrade that play important roles in bringing Australian cyber-companies together and help develop new export markets for them.
- The need for a federal ministry and cabinet position to support Australian cyber-resilience and independence.
- Encouraging investment in cybersecurity research and innovation by Australian companies within Australia. This support must include a simplification of the processes that often inhibit and add costly overheads.
- Address the need for qualified technology staff in policy-making government departments, to collaborate with Australian cybersecurity developers.
The sleeping giant we are yet to face is the cyber-threat represented by quantum computing. To date, no Australian government initiative has been discussed. Possibly because of a lack of understanding of the technology and the challenges it will pose.
Few, if any, governments around the world will be ready to meet the chaos that will occur when quantum computing is unleashed as a tool for cyber-attacks. When used against today’s ‘classical’ cybersecurity defences, quantum will face little or no resistance.
Quantum computing represents a fundamentally different way of harnessing mechanics and physics to perform incredibly complex computations at speeds never imagined before. Unlike ‘classical’ computing, quantum computing is a difference in kind rather than degree; hence it will provide an exponential increase in computational performance.
Unfortunately, like all beneficial technologies, quantum computing offers bad actors new opportunities. Quantum computing’s capabilities threatens the cybersecurity encryption algorithms we rely upon today. Encrypted data already being stolen and stored today by rogue-states and cyber-criminals for nefarious purposes will be accessible (decrypted) in the future using quantum computing.
Preparing for tomorrow, today
So, what does this mean for Australia today? First, we must put in place the bipartisan cybersecurity policies and taskforce essential for our security tomorrow.
However, effective bipartisan cybersecurity policies require Australian federal government leadership – a strong cybersecurity regulatory environment; improved enforcement of government agencies’ adoption of data security regulations and policies; and a well-resourced bipartisan ministry dedicated to the tasks and collaboration with our world-class cybersecurity companies.
Australia is at the forefront of cyber-resilience. We punch well above our weight. Senetas will soon announce how we will lead in quantum-readiness and quantum resistant cybersecurity. Our high-speed network data encryption engineers have already assisted global quantum-readiness by providing the University of Waterloo a software engine for evaluating NIST candidate quantum resistant encryption algorithms.
We must combine sovereign Australian capabilities with bipartisan government support so that we not only flatten the cyber-threat curve but stay ahead of it.