Urgent action and considerable energy must be directed at building the cyber leadership skills across professions and across the economy if Australia is to fully participate in – and fully reap the benefits of – the global digital economy.
Those were the themes to emerge from an InnovationAus.com and PwC roundtable in Sydney that included a group of Australia’s foremost thinkers and practitioners on cyber security.
The need to build cyber leadership skills across the Australian economy would be central to its ongoing success. Technical skills are critical, but there is a fundamental need for cyber skills in all industry sectors, from healthcare to retail to financial services and tourism.
Participants in the discussion included Chief Executive Officers, Cyber Security Officers, and Directors of IT Security. They came from a diverse range of industries, including banking, telecommunications, consulting and academic research.
There was a strong consensus that building a pipeline of critical cyber skills at all levels was challenging but critical – from the TAFE graduates of generic ICT to the post-graduate qualified pure mathematics specialists.
It goes beyond ‘cyber awareness’. Generic awareness of cyber issues should be a given – it is a baseline need across any modern workforce.
Cyber leadership is a different beast, a group the group. It is cross disciplinary and is at a higher level. It involves improved frameworks for information sharing between organisations, between industry sectors, between governments – and most importantly between government and business.
If Australia is to fully participate in the global digital economy it needs to be a technology and innovation leader. But there was agreement that there are significant challenges in designing and building the leadership frameworks that will deliver the cyber skills we need, and that these are challenges that cannot wait.
Steve Ingram, the Asia Pacific Cyber Lead at PwC, said that the best way to develop a future cybersecurity work force was for business and government to share thinking and share experiences.
“We need to be asking how can government and the private sector can work better together. In cyber security one plus one can equal three. We cooperate better we can make Australia a much better place to do business,” Mr Ingram said
“Is a lot going on in cyber. There is an industrial revolution in the technology. There’s an employment or an expectations revolution. There’s a gender revolution to get the balance right.
“They are all converging, because we’ve seen a gap and we’ve all stepped up to fill it. If we want to take something forward, we need to be more open. If we put effort into an initiative, it’s to bring those initiatives together with others and not think anyone’s failed or done the wrong thing.”
Collaboration is fundamental to security, said Mr Ingram. “We live in a whole new ecosystem now, where major corporates invite customers and suppliers to be part of their electronic environment.
“Industrial control systems that once operated separately from IT platforms are now all interconnected. The systems are so interrelated that everyone is depending upon everybody else.
“But they’re not collaborating or cooperating as much as they should be. And, as has always been the case, our ecosystem is only as strong as our weakest link.
“We need to share, because the crooks are sharing,” says Mr Ingram. “You go onto the dark web and it’s a marketplace, just like when you hire a car or make a hotel room booking.
“They even have their own ratings on customer satisfaction. They share information. They sell stuff. They give feedback to each other. They’re not bound by the same sense of secrecy that we are.
“That means they have an edge in the game at the moment. We have to change our thinking and understand that information sharing is fundamental. That’s what leadership is,” he said.
“As a nation we can be tough on ourselves. We don’t celebrate success. But Australia does some amazing stuff and I think we actually punch above our weight, especially in cyber.”
Some comments from other participants:
- “The cyber security ecosystem has so many hidden parts, but they all have the people aspect. We need the right people with the right skill sets in the right places, including at the Board-level.” Len Kleinman, Senior Cyber Security Advisor, RSA.
- “We need to get bold about our thinking on how to get more graduate level skills through our universities. We should get rid of HECS debts for people studying cyber.” Dave Powell, General Manager IT Security Strategy, National Australia Bank.
- “One of the challenges we have in Australian industry is that lots of people are trying to do lots of things, which creates an environment that can misfire.” Craig Davies, CEO, Cyber Security Growth Network.
- “It’s not just about bringing up the graduates or encouraging people to do undergraduate courses in cyber. It’s also about looking at people that already have degrees or have a skill set in a particular area, and helping to transition them across.” Stuart Mort, Director Cyber Security, Optus.
- “The great success of Israel’s cyber industry has been drawn from the military and the expertise gained by 20 year olds in intelligence, where they really learn these strong skills around critical thinking. They’re learning in a very agile environment and dealing with sophisticated threats where they are given leadership opportunities.” Michelle Blum, CEO, Australia-Israel Chamber of Commerce.
- “The area in which we work moves so quickly. The problem is that more and more people can’t keep up. The competencies you need for tomorrow’s threats are very different from today.” Helaine Leggat, Board Director, AISA.
- “Cyber security is a core part of where we’re going as a society and as an economy. We need to hurry up and get kids knowledgeable about it.” Peter Woollacott, CEO, Huntsman Security.
There is no easy answer, the group agreed. But they also agreed that the starting point is awareness and skills, and that those things come through leadership.
“Effective cyber security is not a technology issue,” said PwC’s Mr Ingram. “It is about people, it is about information and it is about coordination.
“In Australia, we need to increase the cyber security awareness in both the public and private sector with the view to establishing a layered approach for sharing information among different industries. That is leadership.”
You can find further details about cyber security issues and download an edited transcript of the roundtable leadership discussion by visiting this page.