The federal government’s recent focus on Australia’s cyber military capabilities is two decades too late and the country remains vulnerable to a range of cyber attacks, a new report has found.
The Committee for Economic Development of Australia’s new report, Australia’s place in the world, was released on Monday.
It found that despite traditional security risks like terrorism remaining front and centre in the public consciousness, cyberattacks pose a more significant threat to the nation.
“Most Australian citizens see the primary security threats in a traditional mould and as coming from terrorism, refugees arriving by boat or China’s navy.
“[But] a case can be made for shifting the public rhetoric away from terrorist threats to a much more nuanced approach to the threatening technological environment that Australia faces in military uses of cyberspace,” said one of the report’s authors, Professor Greg Austin from the University of NSW Centre for Cyber Security.
“A case can be made that Australia faces the most dangerous international security environment it has seen for decades.”
Defence Industry Minister Christopher Pyne spoke at the launch of the report, and reaffirmed the risks that cyber attacks pose to Australia.
“Domestically, cyber security and cyber-attacks present major economic and security challenges,” Mr Pyne said. “They threaten industry, government and intellectual property. They affect the Australian Defence Force’s warfighting capabilities.
“Such circumstances require a potent, capable and adaptable Defence Force. Which means we must have a world-class defence industry and a sound, sovereign capability,” he said.
In June the government announced the creation of a new cyber warfare unit in Defence to protect Australian military targets from cyberattacks and prepare for the launch of assaults on foreign forces.
This marked a “sharp turn” in Australia’s place in global security affairs, Professor Austin said, but was 20 years too late.
“The Australian Defence Force is on the cusp of a revolution as it prepares to reorganise for cyber-enabled warfare; and the Australian cyber security industry is set for significant growth,” Prof Austin said.
“The military shake-up comes two decades late, and the country faces some security penalties because of the delay,” he said.
With the growth in the defence force’s technological capabilities, the defence department will need to keep up, and may even require its own Digital Transformation Office, he said.
“If the ADF makes revolutionary changes across the full spectrum of ‘raise, train and sustain’ for cyber-enabled war, the Defence department will need to make corresponding changes not only to its management of IT, but also its political strategising for such wars,” Professor Austin said.
He also said that the government is relying too heavily on the US for cyber security.
“Australia cannot count on significant operational support from its major ally to defend against a complex cyberattack in wartime,” Prof Austin said.
“A number of specialists agree the Americans will be too busy defending not only their own networks but tens of thousands of unique computerised systems in deployed weapons platforms and in outer space.”
The federal government launched its $230 million cyber security strategy last year, and its first ever international cyber strategy earlier this year, with an emphasis on growing digital trade, improving cyber security in the Indo-Pacific and countering state-based cyberattacks.
The international strategy pointed to other nations testing the boundaries in cyberspace and specifically referenced Russia’s involvement in last year’s US presidential election.
It outlined the government’s plans to work with other countries to counter state-based cyber attacks and willingness to deploy cyber capabilities if necessary.
In the report, Professor Austin said the cyber security strategy was “historic” and “ambitious” but also flawed.
“On the other hand, apart from mentions of terrorism, it does not openly discuss key sources of malicious activity in cyberspace from nation states,” he said.
“Many of the Australian government’s new commitments were fairly generalised and lacked granularity, such as the intent to increase numbers for cyber security graduates, women in the profession and school students ‘in the know’.
“Australia has some way to travel before it graduates to a coherent national cyber security strategy fully informed by global realities and funded accordingly.
“Australia does not yet have a national strategy for developing a sovereign cyber security knowledge economy that can sustain the war-fighting needs of the country in cyberspace.”
Despite the numerous risks and vulnerabilities, the cyber space also offers countless opportunities and potential economic growth for Australia, CEDA chief executive Melinda Cliento said.
“While it is a threat, it is also a huge opportunity for Australia. We are among the top nations in the world for some aspects of research in security in cyberspace but to capitalise on this for our economy, much more needs to be done,” Ms Cliento said.
“There has been a proactive government response but it is only the beginning of what is a significant reform task to create the cyber capability and cyber security infrastructure.”
The ecosystem works to create more new jobs than they’ll destroy,” he said.