Australians must get more comfortable sharing cyber-related threat information if the nation is to secure its online assets, and take advantage of the multi-billion dollar global cyber security market, Industry Minister Arthur Sinodinos says.
Information sharing and collaboration on security issues between Australian commercial interests are not things that come naturally or easily between our business leaders. But building these formal and informal collaborative relationships on cyber is critical to building a globally competitive cyber industry.
Senator Sinodinos said the significant ongoing cyber threats presented huge opportunities. Quoting Winston Churchill – as if to underline the size of the threat – he said “a pessimist sees the difficulty in every opportunity and an optimist sees an opportunity in every difficulty.”
“And this is a very big opportunity for Australia … an opportunity to build up our capability, to build our resilience and to be a world leader in cyber security,” he said.
“This is an industry development opportunity, and there is a lot we can do. As a country we can’t be number one at everything – we don’t have the resources or the breadth or the bandwidth to do that. But [cyber] is an area where I am convinced we can be a leader.”
“We have some competitive advantages that are very important. One of them is that we are a member of the Five Eyes intelligence community covering the US, the UK, New Zealand and ourselves,” the minister said.
“This gives us a unique access to some very interesting intelligence and other resources, and gives us some great insights into the cyber world. Without spilling and secrets, we can use those insights to further develop our capability.
“And in this world, particularly in our very competitive region, we have got to leverage every single advantage we’ve got.”
Senator Sinodinos said government’s approach was to build cyber capability across the economy. Part of that was about skills and research collaborations – he called out the CSIRO’s Data61 as a key partner in capability development – but also in encouraging information sharing among Australian businesses.
Craig Davies, the ex-Atlassian CEO of the Australian Cyber Security Growth network, says the building of formal and informal information sharing on cyber was a “foundational element” to building capability – both in locking down digital assets and in building Australian cyber businesses.
These information sharing networks were often started through personal relationships between cyber executives, Mr Davies said. But however they start, they are critical.
Prime Minister and Cabinet assistant secretary Sandra Ragg said the Joint Cyber Security Centres being set up by government under its year-old cyber security strategy were platforms for sharing intelligence. But she’s encouraged the private sector to get more active.
“My view would be that right now its still government that’s really trying to shape this,” Ms Ragg said, “and what we need is for industry partners to come and tell us ‘ this is what we want to achieve’ and to break down the barriers [to information sharing] and really drive the initiative.”
The reality is, according to CyberGym executive chairman Avi Schechter, is that cyber criminals and state sponsored black hats are well connected, and very adept at information sharing on the dark side of the cyber ledger.
“The bad guys don’t have government to deal with, they don’t have laws to comply with, and they don’t have policy or compliance. They can do whatever they like, and they are connected all over the place,” Mr Schechter said.
“And we are segmented, we are closed and we don’t like to share information. There are too many barriers [to information sharing], and we need to bring them down,” he said.