The Prime Minister Malcolm Turnbull will personally unveil the long-awaited review of Australia’s cyber security capability on April 21, with a raft of measures expected to include frameworks for deeper public-private collaboration of cyber issues.
The expected cyber initiatives, which will include details of the $30 million Cyber Security Growth Centre that was announced as part of the National Innovation and Science Agenda last year, will include new money to bolster Australia’s cyber defence apparatus.
Although the focus of the review’s findings are expected to be on ‘operationalising’ cyber cooperation between government and the private sector, it will include substantial strategic initiatives aimed to allowing the development of commercial products through these collaborations.
In a landmark speech to the Australian Cyber Security Centre conference in Canberra this week, the Department of Prime Minister and Cabinet’s First Assistant Secretary for Cyber Policy and Intelligence Lynwen Connick said there was a recognition that cyber security, cyber defence and cyber resilience were each cornerstone’s to taking advantage of the economic opportunities presented by the networked economy.
Mr Connick said the Prime Minister had continued “to champion Australia’s commitment to an open, free and secure internet and to advance the importance of cyber security on the world stage including multilateral fora and with individual national leaders.”
“As an influential voice regionally and globally, Australia has an opportunity to play a leading role in global cyberspace, to ensure Australians continue to enjoy a free, open and secure internet that supports prosperity and growth.”
Central to the government’s message about cyber security is the opportunity – rather than the threat – that a strengthened cyber outlook will have for economic prosperity.
“Strong cyber security presents enormous opportunities for Australian businesses. Trust and confidence in the security of our systems will help grow our economy by enabling all business to access new markets and by fostering new business models including through adopting disruptive technologies enabled by trust in cyber space,”
“We have a significant opportunity to capitalise on this business opportunity and seek our share of a growing global market opportunity,” Ms Connick told the conference.
She said Australia was already well regarded internationally for its technology R&D and innovation, and as early adopters of new technology. This is certainly true in cyber research, where Australian researchers already focus on high quality R&D in niche areas of security, such as quantum technology, wireless technology and trustworthy hardware.
“We can use this to grow our cyber security business and develop innovative cyber security solutions that enable all Australian companies to diversify, grow and expand internationally through secure cyber connectivity,” she said.
“International experience has demonstrated that government involvement in this area is central to facilitating collaboration and providing national leadership to guide strategic outcomes.”
Since Malcolm Turnbull became Prime Minister last September, cyber security had been made one of government’s nine top research priorities, which would more effectively coordinate the cyber security R&D links between students, researchers, entrepreneurs, start-up companies and businesses.
“We have also focused on cyber security research and innovation in the development of the Government’s new public Cyber Security Strategy, which will reflect the Review’s findings,” Ms Connick said.
“The strategy will better position us to address cyber threats and risks and take advantage of more opportunities in cyberspace. We have collaborated with business leaders and the research community to make sure the strategy’s initiatives are practical and effective,” she said.
Meanwhile, Internet security giant RSA’s vice-president for the global public sector Mike Brown told the conference that cooperation between government and the private sector – as well as government to government – needed to move beyond simple information-sharing to include more complex forms of collaboration.
Mr Brown, former US Navy Rear Admiral with deep experience in cyber roles in both the military and civilian government in the US, said government and private sector interests needed to develop the capability to quickly work together on threats from an operational capacity.
“It really comes down to trust, so that you have the ability to work together,” Mr Brown said. A part of that is in “liability relief” – where a private sector company can be sure that they will not be held liable in an instance where they have taken good faith actions in relation to a cyber defence operation.
Mr Brown says a renewed push should be made toward training, so that the top cyber specialists from government and the private sector have experience working together.
“You just can’t show up as a public sector or private sector member and immediately begin to work together. There needs to have greater emphasis on training together and then exercising together, and that’s one of the new steps that we’re trying to work in the public-private partnership,” Mr Brown said.
“The first step was trying to come up with actionable information that can be shared bilaterally between the public and private sector. In many cases, we’re getting over that now,” he said.
“Now it’s how do we operationalise that type of capability.”