Australia needs to make “dramatically greater investments” in cybersecurity education and sovereign capability in order to become a more effective cyber power, according to a report by the International Institute for Strategic Studies.
The International Institute for Strategic Studies (IISS) released its report on the cyber capabilities and powers of 15 countries this week.
It ranked these countries across three tiers, with Australia placed on the second level, with “world-leading strengths” in some of the categories, but struggles in others, especially around skills, education and commercialisation.
The global report also called out failings in cyber controls in Australian government departments and agencies and the need for better coordination at a federal level.
“For Australia to become a more effective cyber power, it will need to make dramatically greater investments in cyber-related tertiary education and carve out a more viable sovereign cyber capability,” the IISS report said.
The report found that the federal government’s 2020 Cyber Security Strategy helped to “significantly improve” its cybersecurity guidance for all sectors, but there are still “significant weaknesses in the government’s own practices”, with “considerable recalcitrance on the part of government agencies when it comes to upgrading their cybersecurity”.
In terms of skills, the previous 2016 strategy didn’t have enough funding to make any real impact, the report found, and in last year’s iteration the government opted for “radical” new visa programs to attract talent from overseas.
But funding is still an issue here, according to IISS.
“But Australian universities’ response to the new opportunities and demand for cybersecurity education could not match the government’s ambition, particularly since the government wasn’t prepared to invest sufficient funds,” the report said.
The 2020 strategy included about $50 million in funding for workforce development, education and community initiatives.
“But this is unlikely to give universities much incentive because the government prefers community and business-based solutions,” the IISS report said.
This funding included a $26.5 million Skills Partnership Innovation Fund, with the first round of grants opened in February to “improve the quality and availability of cybersecurity professionals through training”.
The funding package also included $6.3 million for the Australian Cyber Security Centre to grow education skills, $14.9 million for Questacon and $2.5 million to improve data on cybersecurity skills shortages.
More leadership and funding is required from the federal government, it said.
“Australia has moved towards a more coherent policy and legislative framework for cybersecurity and resilience, but the changes need to be reflected in better governmental coordination and more consistent use of standardised tools,” it said.
“The country has not yet made adequate investments to defend against the most serious potential threats. Its providers of critical national infrastructure appear not to have a sufficient understanding of the risks and the situations is aggravated by a shortage of personnel with the relevant skills, including at board level.”
Funding and skills is also an issue in terms of Australia’s developing offensive cyber capability.
“In terms of resources and available personnel, Australia does not match the capabilities of its senior allies,” it said.
“In common with all other states, the biggest constraint on Australia’s offensive cyber capability may well be the limited extent of its national skills base and pipeline.”
In the report, the IISS also took aim at Australia’s long-running commercialisation struggles, pointing out that despite being among the top countries in the world in terms of average internet usage and companies engaged in e-commerce, it falls outside the top 10 in terms of innovation, competitiveness and cybersecurity.
“Since the turn of the century, Australia’s digital economy has mostly stood still in relative terms – for example, its information industries share of total global value added hardly increased between 2006 and 2016,” it said.
“There is a mismatch between its innovation inputs, in which it ranked 13th in the world in 2020, and its innovation outputs, in which it ranked only 31st. Overall, Australia has a modest capability to assess the security implications of imported technologies, with the best capabilities concentrated largely in government and in several larger corporations.”
Do you know more? Contact James Riley via Email.