The federal government must develop a strategic technology industry policy to align R&D, procurement, defence spending and policies, according to shadow assistant minister for cybersecurity Tim Watts.
Speaking in Parliament on Monday, Mr Watts said that while the government is planning to pour money into the cyber capabilities in its Defence and spy agencies, it has no plan to support the local cybersecurity industry and grow sovereign capability.
There needs to be an overarching strategy to ensure various aspects of the government’s tech activities are cohesive, he said.
“Given the security and economic imperatives, it’s time for the government to consider an Australian strategic technology industry policy. A strategic industry policy for the information age would align research and development, government procurement rules, defence spending, higher education and industry policies to the development of strategically important sovereign capabilities – and growth opportunities – in cybersecurity,” Mr Watts said.
“A framework for the Australian government to back Australian companies to meet Australian security needs – and to create jobs to other Australians in the process.”
Australia’s cybersecurity industry could play an important role in the country’s economic recovery from the COVID-19 pandemic, but the government’s recently released 2020 Cyber Security Strategy “set no objectives for domestic cyber industry development and supported no policies to grow the local industry”, Mr Watts said.
“The local cybersecurity industry isn’t just a key part of our national cyber defence, they are also a source of high-wage jobs in a sector that is only going to grow in coming years. Despite the pressing need for local capability and the job creation opportunity it presents, we’re missing the opportunity,” he said.
“We’re investing more and more in the cyber capabilities of our security and defence agencies, but not matching this in the local ecosystem needed to support, grow and develop our national capability.”
The recent 2020 Defence Strategic Update and 2020 Force Structure Plan emphasised the importance of cyber in Australia’s defence abilities, he said.
“But while our defence planners have a growing appreciation of the role of cyber in Australia’s war-fighting capability, the government’s understanding of Australia’s cybersecurity sector as a crucial sovereign capability in Australia’s defence industry is stuck in the last century,” Mr Watts said.
“Cybersecurity capabilities are slightly different than other defence capabilities. Offensive and defensive cybersecurity capabilities are two sides of the same coin – you can’t understand one without understanding the other.
“At the same time, the terrain of these offensive and defensive cybersecurity capabilities traverses defence and civilian networks, public and privately owned infrastructure and OT systems, decades old legacy systems and rapidly innovating new systems.”
But these capabilities can’t exist in isolation, Mr Watts said, and need to be “embedded in a diverse interconnected and rapidly evolving sector to be effective”.
“They need a thriving ecosystem to develop – not just well-resourced security agencies and defence forces, but also a network of cybersecurity firms – big and small, local and international – as well as independent researchers, academics and savvy journalists,” he said.
“Australian private security cybersecurity companies in particular have a significant role in helping to defend Australia from cyber-attacks and building the necessary resilience to protect Australians from the near-constant cyberattacks that we experience today.”