Having the director-general of an intelligence agency sitting as a director on the board of Australia’s industry development organisation focused on cyber is either the best thing ever or it opens up potential conflicts of interest.
Or maybe it’s both. This is the case with the director-general of the Australian Signals Directorate, Mike Burgess and his board position with the industry growth centre, AustCyber.
It is probably a measure of the regard with which Mr Burgess is held within intelligence, cyber and industry circles that this has not been raised more openly as an issue.
But it is surely worth noting that the specific goals and interests of the ASD do not always align with the development of the local cyber industry.
Mr Burgess will take up a new role in September as the nation’s director-general of security as the new head of the Australian Security and Intelligence Organisation (ASIO). Among other things he is expected to retool the agency in a technology transformation.
Australia can now boast a former head of ASIO as chair of the Cyber Security Cooperative Research Centre – David Irvine – and an incoming head of ASIO as a director of the AustCyber growth network in Mike Burgess.
The most obvious conflict occurred through the design and passage of the so-called encryption laws, the Telecommunications and Other Legislation Amendment (Assistance and Access) Act 2018.
The ASD had been an institutional driver of those changes to the laws which created a huge backlash from the Australian industry and specifically from local cyber companies.
The complaints have been well documented, but in summary Australian software developers and telecommunications companies complained of government over-reach that would make information less secure, damage the reputation of Australian software companies and their ability to export products and services to the world.
These were the substantial and consistent claims of the sector. They couldn’t simply be dismissed as the grumblings of a few – the entire industry from startups to telcos came together to oppose it.
As director-general of the ASD, Mike Burgess issued a rare statement on the issue to dismiss all of the concerns – all of them – as he ran through seven myths of the TOLA Act. As a director of AustCyber, an organisation set up by government to foster the growth of the local cyber industry, Mr Burgess was silent.
It is worth noting also that Mr Burgess was appointed to the AustCyber Board as an industry representative prior to his appointment as head of the ASD (he was chief information security officer at Telstra), but stayed in the role.
The current board of AustCyber comprises former IBM global services legend Doug Elix, outgoing Data61 CEO and Silicon Valley veteran Adrian Turner, former Australian Industry Group CEO Heather Ridout, and Mr Burgess. AustCyber CEO Michelle Price is an ex officio member.
According to AustCyber, there is no indication that the board composition will change. Adrian Turner will remain on the board once he departs Data61.
The Australian government’s industry growth centres program is run out of the Industry department.
The industry will be hoping that in joining and retooling ASIO, Mr Burgess keeps his secondary role as an AustCyber board member front and centre in his mind – and make the agency a customer of as many Australian cyber companies and software providers as possible.
The best industry support the government can provide is to buy from the Australian industry. Mike Burgess is in a great position to do this.