Australia dragging chain on security
Julia Gillard originally announced the Australian Cyber Security Centre (ACSC), during her Prime Ministership.
The lines are forming on the battleground of the 21st century. Cyber security is emerging as a major point of tension between nations, and as a significant area of rivalry. But Australia is slow to respond.
The superpowers this time are the US and China. Europe is a major player, and India an emerging one. Add in Russia, and there are five key points of global focus.
Australia, as is so often the case in defence matters, is in the US orbit, along with the other ‘five eyes’ Anglophone nations – Canada, New Zealand and the UK.
The US and Europe are largely aligned with each other. Russia and China keep their own counsel. India, wary of China and increasingly mistrustful of Russia, is gravitating towards the West.
Australia is a significant player, though only as part of the US-dominated Five Eyes grouping. There remains a belief amongst many that Australia is a minor player internationally, but it is not. Australia has the eighth largest economy in the OECD, and sometime in December our population will pass 24 million.
Australia has made a lot of noise about cybersecurity, with Tony Abbott opening the new Australian Cyber Security Centre (ACSC), originally announced by Julia Gillard, in Canberra in 2013.
When he opened the centre, Mr Abbott said: “Economic security and national security are inextricably linked. There’s no prosperity without stability and there can be no effective defences without a strong economy to sustain them.”
He promised at the time a new Cyber Security Review, to be completed within six months. Nearly a year later, there is no sign of it.
There has been some action. An expert panel has been appointed, led by former Director of the GCHQ Sir Iain Lobban. Also on the panel are: Mike Burgess (Chief Information Security Officer at Telstra), Dr Tobias Feakin (Director of the International Cyber Policy Centre at the Australian Strategic Policy Institute); John Stewart (Chief Security and Trust Officer at Cisco Systems) and Jennifer Westacott (Chief Executive of the Business Council of Australia).
The panel met in April, when the Government sponsored a major conference on the subject in Canberra. The event was attended by over 700 cyber security experts from Australia and internationally, and was intended to engage private industry in the cyber security debate in Australia.
The keynote address at the conference was given by Margot McCarthy, former deputy director of Intelligence in the Defence Signals Directorate. She held the grand title of Associate Secretary for National Security and International Policy in the Department of Prime Minister and Cabinet, and was to have overseen the government’s promised review, but a few weeks ago she was quietly moved to the Department of Social Services. There was no announcement, and she has not commented on why she moved.
InnovationAus.com asked the Department of the Prime Minister and Cabinet why the review was delayed, and whether Ms McCarthy’s departure was a symptom or a cause. “The Review team has completed its work on a report for Government consideration,” said a spokesperson.
“The Government will soon consider the outcomes of the Cyber Security Review together with a new Cyber Security Strategy. This will be followed by the release of the Cyber Security Strategy with practical initiatives to improve Australia’s cyber security.” No word on exactly when.
In response to a further enquiry, the spokesperson also said that Ms McCarthy’s departure was not a factor in the delay. The government will be holding a ‘Cyber Security Challenge’ event in Canberra in October, which would seem to be an ideal time to release the report.
Australia had better get a move on. In the last year cyber security has moved up the agenda internationally, with the biggest issue the perceived aggression of China. China of course denies this, but its capabilities and its intent are widely known, and causing great concern, especially in the US.
Chinese president Xi Jinping is in the US this week. Cyber security has already become a key theme of his visit. It is not high on his own agenda, but he cannot escape questions about it.
US officials at many levels have been expressing increasing concerns about cyber threats from China, culminating in a recent FBI statement that they know the identities of many of the perpetrators. China sent a special cyber security emissary and Politburo member Meng Jianzhu to the US before Xi’s visit, hoping to smooth the path.
Meng claimed that in his visit he had achieved ‘consensus’ with the US on cyber security, but that is not what we have heard from the US. Jing’s first stop in the US was Seattle, home to both Microsoft and Boeing. He announced an aircraft ‘finishing plant’ in China for some of the hundreds of planes Chinese airlines have recently ordered from Boeing, and he announced plans to reduce restrictions on foreign investment in China, but he could not dodge questions about cyber security.
In Seattle he also attended a US-China Internet Industry Forum at Microsoft’s campus, where he was quizzed on the subject. Just last week US Director of National Intelligence James Clapper said that China (and Russia) posed the greatest cyber threats to the US, with Chinese cyber espionage targeting a broad spectrum of US commercial interests.
Enter India. Both the US and Australia have engaged with India recently on the subject – Australian officials met with their Indian counterparts in New Delhi last week, and it was on the agenda of the US-India Strategic and Commercial Dialogue conference that finished in Washington earlier this week.
Tony Abbott (remember him?) was right to say that cyber security is an increasingly important subject, affecting national security and the economy. This makes the delay of Australia’s cyber security review all the more puzzling, given the government’s strong emphasis on security in recent years.
Australia now has a new administration, with a new emphasis in very many areas. Malcolm Turnbull, never short of words, has not yet specifically mentioned the subject. But he is a fellow known for his technological literacy, so we can expect him to take an interest in the subject.