The federal government’s cybersecurity industry advisory panel is “incredibly out of balance with the reality” of the local sector, according to the founder of Forticode.
There are growing concerns within the cybersecurity sector that the panel selected to help guide the government’s 2020 Cyber Security Strategy is too narrow, is Telstra-dominated, and does not include representatives from startups or SMEs.
The Department of Home Affairs unveiled the panel last November when it met for the first time in Canberra. It is made up of members of large telecommunications companies and corporates, and has no members from any cybersecurity startups or small businesses.
The panel is chaired by Telstra chief executive Andrew Penn and includes former Telstra chief operating officer and Tesla chair Robyn Denholm, NBN chief security officer (and former long-time Telstra senior executive) Darren Kane, Vocus Group chair (and former Telstra chair) Robert Mansfield and Northrop Grumman Australia chief executive Chris Deeble.
The industry panel will work with the government and public sector to oversee the development and implementation of the government’s 2020 Cyber Security Strategy.
In revealing the panel, Home Affairs Minister Peter Dutton said the panel has a “depth of practical experience protecting families, businesses and governments from constantly evolving cyber threats”.
But the panel is out of step with the Australian cybersecurity sector and lacks diversity, according to Tony Smales, the founder of cybersecurity startup Forticode.
“The problem I see is that this is meant to be an industry panel and it’s so incredibly out of balance with the reality of Australian businesses, innovation and industry representation,” Mr Smales told InnovationAus.
“The people that have been brought to bear dominantly represent telecommunications and infrastructure. The individuals themselves don’t necessarily have the pertinent strategic and operational experience but their resources should.”
Better representation of SMEs could have been achieved through AustCyber featuring on the panel, Mr Smales said.
“Given the horizontal nature of the cyber industry, I don’t think it is sensibly possible to include the required number of SME representatives, but to have them represented by a body such as AustCyber should be non-negotiable to ensure the strategies from big corporates don’t continue to exclude the small but critically important contributors,” he said.
AustCyber chief executive Michelle Price has also criticised the make-up of the panel, telling CIO.com late last year that it “does not reflect the full breadth of challenges facing the country”.
“There are people from across the economy who have a very different set of experiences that could have been brought to bear,” Ms Price said.
“There are some very experienced people involved in the different facets of cybersecurity that could have brought those different sectoral perspectives as well as contextual perspectives to the table.”
It’s important that the industry panel consult widely with the wider cyber sector now, Penten chief executive Matthew Wilson said.
“The panel is a good start and probably reflective of those to largely bear the load of expected policy refinements. Strengthening the panel will come from representation from those bearing the threat load, those most directly affected and to benefit from a more cyber resilient Australia,” Mr Wilson said.
“The banking and finance sector, SMEs and the cyber industry have important and valuable learnings and insights.”
The government is planning to release a significant revamp of its cyber strategy this year. It has been consulting on the new strategy for several months now, and has received more than 200 submissions.
From the companies represented on the industry panel, only Telstra provided a submission on the strategy.