InnovationAus.com has introduced free subscriber-only content.

Click here to find out why

Trust is key to building cyber resilience


Stuart Kennedy
Contributor

The world is entering a dark place as trust breaks down at societal, governmental and digital levels, and Australia will need to dig deep to survive and become more cyber resilient.

So says Professor Lesley Seebeck, chief executive of the Cyber Institute at the Australian National University and a participant in the recent InnovationAus CyberArk webinar. Also participating were Deloitte risk advisory partner Andrew Hayes and privileged access management leader CyberArk’s ANZ regional director Thomas Fikentscher.

“Trust is foundational to any delivery of any digital system, and the more so as our economic systems depend on the fact that we need to be able to trust those digital systems,” said Prof Seebeck.

“Now trust as a concept can be for good or bad. You can trust the system won’t work as much as you can trust the system will work,” she said.

Lesley Seebeck
Lesley Seebeck: Trust is a key component of resilient systems, and cyber plays a big part

Examples of the world turning into a cyber wild west abound. Prime Minister Scott Morrison recently warned in June that Australia was under cyber attack from a “sophisticated state-based cyber actor” who had attempted to infiltrate Australian government, industry, political organisations, education, health, essential service providers and operators of other critical infrastructure.

Meanwhile, on the home front, the Federal government’s heavily promoted COVID-19 tracking app has so far proved relatively ineffectual compared to rigorous testing and manual contact tracing.

Prof Seebeck sees the dynamics of national trust as complex.

“We really need to think of that bundle of concepts within trust. Can the government deliver reliably and that tends to be the concerns of most ministers. Can they actually get that service out reliably?

“But trust for the average citizen means more than that. Is the government going to act in my best interest for example. That’s up for debate.

“Is a government prepared to share risk with me so if something goes down is the government going to bear some of the cost of that,” Professor Seebeck said.

“Does the government trust me is also a question that comes up as well. So, I think in all these areas, we need a better, more well-rounded understanding of trust because otherwise we’ll just keep missing the mark.

Prof Seebeck said democracies were a better place to establish trust than authoritarian societies such as Russia and China

“We have mechanisms in democracies to help build that trust and build the trust in digital systems and society.

Professor Seebeck listed transparency, accountability, maturity of discussion and user centricity as vital to building trust.

“if we don’t do these things all else is marketing. The level of distrust in those systems for the average citizen will grow.”

However, the intricacy of those systems is ramping up which can cause communication problems for government.

“The problem these days is that the complexity of those systems is increasing, such that ministers find it hard to describe what’s going on

“They are more inclined to just say trust me or in some cases you must trust me because we are the government and of course we are here to help.”

Meanwhile, the world is becoming a darker place as it grapples with the health and economic effects of the COVID-19 pandemic as well as geopolitical fractures such as the growing belligerence of China and the US global leadership vacuum under President Donald Trump.

Prof Seebeck said Mr Morrison did a good job of describing this darker world when he launched the 2020 Defence Strategic Update on July 1.

“He described a world that was more threatening, that was poorer and darker. It is almost Hobbsian in the deep, dark places that we could go.”

But Prof Seebeck believes there are also strong opportunities for Australia to become more resilient and independent technologically and as a nation in general.

It will be difficult for Australia which has typically relied on offshore partners and alliances.

“Now we’re going to have to build [our] own capacity and capability in R&D and people, and building societal resilience.

“Which is not the usual way of reacting, which is barring doors and shutting windows.

“We need to build on our value sets and double down on democracy and put effort into having those discussions and get to that level of (technical) contestability,” said Professor Seebeck.

CyberArk’s Thomas Fikentscher worries about the cyber security issues arising from the Covid-19 inspired work from home boom.

“All of a sudden you have you know your security parameters in your home office or in your bedroom and you are using your routers at home to access a corporate network.

“That doesn’t really feel very secure to me.

We’ve got to think a bit harder about controls and operating models and how they actually enforce things for them to come into place,” Mr Fikentscher said.

Deloitte partner Andrew Hayes believes Australia is in a strong position when it comes to COVID-19 era cyber security.

He cites everyday Australian’s willingness to “do the right thing” such as download levels for the COVID contact tracing app and greater responsibility from government departments as Mr Morrison has elevated the importance of cyber.

“I think each organization is going to have to put enough controls in place to be able to manage the trust of the public seems willing to give,” said Mr Hayes.

“If your health record is released to the public or you know your judicial record released inappropriately that can have a significant impact on people’s lives. So you have to treat that with seriousness.”

CyberArk and InnovationAus collaborated in the presentation of The Cyber Imperative webinar held in mid-July. You can watch the 40-minute online discussion here.

Do you know more? Contact James Riley via Email.

3 Comments

Related stories