Trust is key to building cyber resilience


Stuart Kennedy
Contributor

The world is entering a dark place as trust breaks down at societal, governmental and digital levels, and Australia will need to dig deep to survive and become more cyber resilient.

So says Professor Lesley Seebeck, chief executive of the Cyber Institute at the Australian National University and a participant in the recent InnovationAus CyberArk webinar. Also participating were Deloitte risk advisory partner Andrew Hayes and privileged access management leader CyberArk’s ANZ regional director Thomas Fikentscher.

“Trust is foundational to any delivery of any digital system, and the more so as our economic systems depend on the fact that we need to be able to trust those digital systems,” said Prof Seebeck.

“Now trust as a concept can be for good or bad. You can trust the system won’t work as much as you can trust the system will work,” she said.

Lesley Seebeck
Lesley Seebeck: Trust is a key component of resilient systems, and cyber plays a big part

Examples of the world turning into a cyber wild west abound. Prime Minister Scott Morrison recently warned in June that Australia was under cyber attack from a “sophisticated state-based cyber actor” who had attempted to infiltrate Australian government, industry, political organisations, education, health, essential service providers and operators of other critical infrastructure.

Meanwhile, on the home front, the Federal government’s heavily promoted COVID-19 tracking app has so far proved relatively ineffectual compared to rigorous testing and manual contact tracing.

Prof Seebeck sees the dynamics of national trust as complex.

“We really need to think of that bundle of concepts within trust. Can the government deliver reliably and that tends to be the concerns of most ministers. Can they actually get that service out reliably?

“But trust for the average citizen means more than that. Is the government going to act in my best interest for example. That’s up for debate.

“Is a government prepared to share risk with me so if something goes down is the government going to bear some of the cost of that,” Professor Seebeck said.

“Does the government trust me is also a question that comes up as well. So, I think in all these areas, we need a better, more well-rounded understanding of trust because otherwise we’ll just keep missing the mark.

Prof Seebeck said democracies were a better place to establish trust than authoritarian societies such as Russia and China

“We have mechanisms in democracies to help build that trust and build the trust in digital systems and society.

Professor Seebeck listed transparency, accountability, maturity of discussion and user centricity as vital to building trust.

“if we don’t do these things all else is marketing. The level of distrust in those systems for the average citizen will grow.”

However, the intricacy of those systems is ramping up which can cause communication problems for government.

“The problem these days is that the complexity of those systems is increasing, such that ministers find it hard to describe what’s going on

“They are more inclined to just say trust me or in some cases you must trust me because we are the government and of course we are here to help.”

Meanwhile, the world is becoming a darker place as it grapples with the health and economic effects of the COVID-19 pandemic as well as geopolitical fractures such as the growing belligerence of China and the US global leadership vacuum under President Donald Trump.

Prof Seebeck said Mr Morrison did a good job of describing this darker world when he launched the 2020 Defence Strategic Update on July 1.

“He described a world that was more threatening, that was poorer and darker. It is almost Hobbsian in the deep, dark places that we could go.”

But Prof Seebeck believes there are also strong opportunities for Australia to become more resilient and independent technologically and as a nation in general.

It will be difficult for Australia which has typically relied on offshore partners and alliances.

“Now we’re going to have to build [our] own capacity and capability in R&D and people, and building societal resilience.

“Which is not the usual way of reacting, which is barring doors and shutting windows.

“We need to build on our value sets and double down on democracy and put effort into having those discussions and get to that level of (technical) contestability,” said Professor Seebeck.

CyberArk’s Thomas Fikentscher worries about the cyber security issues arising from the Covid-19 inspired work from home boom.

“All of a sudden you have you know your security parameters in your home office or in your bedroom and you are using your routers at home to access a corporate network.

“That doesn’t really feel very secure to me.

We’ve got to think a bit harder about controls and operating models and how they actually enforce things for them to come into place,” Mr Fikentscher said.

Deloitte partner Andrew Hayes believes Australia is in a strong position when it comes to COVID-19 era cyber security.

He cites everyday Australian’s willingness to “do the right thing” such as download levels for the COVID contact tracing app and greater responsibility from government departments as Mr Morrison has elevated the importance of cyber.

“I think each organization is going to have to put enough controls in place to be able to manage the trust of the public seems willing to give,” said Mr Hayes.

“If your health record is released to the public or you know your judicial record released inappropriately that can have a significant impact on people’s lives. So you have to treat that with seriousness.”

CyberArk and InnovationAus collaborated in the presentation of The Cyber Imperative webinar held in mid-July. You can watch the 40-minute online discussion here.

Do you know more? Contact James Riley via Email.

3 Comments
  1. /rant

    Trusted systems are the problem! Not the solution. When will people learn the difference between TRUSTED and TRUSTWORTHY? We need TRUSTWORTHY people, processes and systems! All of our problems are attributable to people, processes or systems that were trusted but turned out to be untrustworthy.

    We MUST bake in trustworthiness and teach people how to do that.

    /end rant

  2. A basic issue completely avoided here is that trust must be earned.And trust can be lost. Leadership in areas people do not have personal expert judgement in resides in leadership and the behaviour of leaders.

    The apparently unending chain of rorts associated with the current government undermines trust-and has done so.

    As simply one example, The steady increase in efforts to destroy safe encryption for communication must be understood in the context of government behaviours associated with Robodebt and the penal manner in which it has been handled. The impact has been extremely widespread and severely damaged the credibility of large scale government ICT disintermediated initiatives.

    Unless and until this is recognised and appropriately and ethically responded to there is little reason to expect the community to rebuild trust -or indeed that they should

  3. Digital Koolaid 4 years ago

    Where do these words come from ??? “Cyber Resilience” ??? You’re gaging. Next it will be Cyber Vaccines with Cyber Vitamins and Cyber Injections. You already did Cyber wild west, Cyber attacks, Cyber actors and Cyber security. You liked that security meme and pushed it three times. Maybe you want people to be afraid. In total you used the Cyber word 20 times in one piece of propaganda. But you never defined or clarified the meaning once, not at all. I’m sure there’s no meaning. I’m sure it’s a made-up word that means nothing but tries to sound important. If it’s important then Australians can spend money on it and go without Covid-equipped hospitals, modern schools, quality Internet infrastructure, safe roads, a decent life for unemployed people ….. it’s a big list. How about Cyber Equity, or a Cyber Fair-Go, or Cyber Decency or Cyber Education or Cyber Health ?? I like all those things. Maybe other Australians do too. I don’t really care about your scary Cyber Fantasies. No, there aren’t Cyber Chinese under my mouse mat. I don’t like my Cyber tax $$$$$ leaving the country and heading into the pockets of Cyber Profiteers in other countries (the Cyber USA?). No worries about Cyber Morrison’s info being released but. He’s a Cyber Secret keeper. Mr Cyber Hush Hush. @digikooliad

Leave a Comment

Related stories