Australia ‘out in the cold’ on cyber
Security risk: Dr. Mark Gregory says Australia needs its own cyber assurance centre
Australia risks being “left out in the cold” and vulnerable to large-scale cyberattacks if it does not establish a telecommunications security assurance centre, according to RMIT associate professor and telco expert Mark Gregory.
Speaking at a Huawei breakfast event in Melbourne last week, Dr Gregory said Australia was already lagging behind the rest of the world in shoring up its telecommunications network, and needs to act swiftly.
“The centre would provide Australia with a new fundamental security capability. If we don’t have that, we’re falling behind the rest of the world, and we’ll be the target for malicious actions. We’re way behind the eight ball in dealing with criminal elements,” Dr Gregory said at the event.
‘If we don’t develop this capability now then we’re going to be left out in the cold. We’re going to be relying on other countries to tell us what to do. Australia needs to develop its own capability.”
He said the centre would bring together the telco industry, vendors and government to combat the cyber threats that the industry faces, audit the implementation and operation of systems, and ensure they are as secure as possible.
“You would learn about threats, risks and what’s going on at the time, so you have the tools, knowledge and wherewithal to ensure you’re not put at risk because you didn’t have that knowledge,” Dr Gregory said.
"Currently today we do not have the knowledge that we need about the systems we’re putting into our telecommunications network."
Such a centre would help to address this current gap in telco security, Dr Gregory said.
“Australia currently is in a situation where we’re being punted around in the cyber security space. We have developed a lot of security facilities and a lot of security knowledge, but we are lacking in telecommunications,” he said.
“If you don’t have security assurances in telecommunications then everything that you try to do on top of that is simply going to fail because you’re not protecting what’s underlying it.
“We don’t have any knowledge today whether any of the equipment in any of our telecommunications networks has been compromised. No company in Australia can tell me that their systems are guaranteed to not have been compromised.
“That’s the underlying problem that we have and why we need a telecommunications assurance centre.”
He said similar centres have been established in more than 30 countries around the world, but they are currently only focused on the rollout of new networks.
A recently passed bill has given the federal government the power to compel telecommunications companies and their vendors to provide information on their systems and technologies.
It has been dubbed the “anti-Huawei bill”, and Dr Gregory said that while the new power is reasonable, it’s important that decisions are made based on evidence.
“If we have advice that a particular vendor has been compromised or is doing things against the national interest, irrespective of where they’re from, the government needs to have the right to be able to direct companies not to use that equipment or systems,” he said.
“But the problem we have at this point in regards to the discussions about Huawei is that we don’t have the evidence that would be reasonable.
"We have a lot of innuendo, we have a lot of discussions behind the scenes and we have a lot of paranoia from people in the military and defence forces.
“I don’t hold to any of those things. I believe that what you need is to have evidence.”
The federal government is believed to be on the verge of banning Chinese company Huawei from participating in the build of Australia’s 5G network over national security concerns. But Dr Gregory said blocking any one vendor may make the network as a whole more vulnerable.
“I see 5G as being a massive opportunity, but not if you go and wipe out some of the vendors. The costs start to bloom because you’re limiting the number of vendors involved.
“That is very bad because it means the bad guys have only got a limited number of vendors that they can target. The more equipment systems you can put in play, the harder it is for them to do what they want to do,” he said.
The government is also reportedly considering banning another Chinese tech company, ZTE, from participating in the network. But decisions like these would “cause chaos in the industry”, Dr Gregory said.
“Rather than the government acting in a way that would simply cause chaos in the industry, they should take a proactive approach and get the whole of the industry and vendors involved in finding a solution that will give the government and public the knowledge they need to ensure our systems and networks are secure,” he said.