At the launch of ASPI’s International Cyber Policy Centre in 2013 I fielded a question from the audience: ‘What will help advance and grow the nature of the discussion on cyber security within Australia?’ My rapid response was ‘it requires a prime minister who will be prepared to champion the issue and spend some time talking about it with those that can make a difference’. Admittedly, I had reservations: cyber security certainly hadn’t been a topic that previous prime ministers had wanted to invest more than a cursory sentence or two in. But, it’s pleasing to be able to say that that has now changed with Prime Minister Abbott chairing a Cyber Security Summit in Sydney on 8 July, involving some of Australia’s top CEOs and business leaders in an intense three hour exchange.
The meeting took place within the context of the Australian Government’s Cyber Security Review, announced by the PM in November 2014, alongside the launch of the Australian Cyber Security Centre; the review panel is due to report back in the next few months. A key thrust of the Review is underlining the important role that cyber security will play in the increasingly digitised economy of the future. The logic follows that as more of our goods, services and transactions are facilitated online we’ll need to be increasingly cognisant that there are a range of nefarious actors who would like nothing more than to profit from those actions, be it through criminal or espionage activities. So cyber security needs to be a priority for us all.
The business representatives gathered in the room spanned various sectors: banking, mining, telecommunications, aviation, retail, consultancy and broader manufacturing. (This is in and of itself is a rarity as those groups don’t often get the chance to meet and talk, let alone about cyber security.) The effort illustrated to CEOs that they too need to prioritise the issue in the boardroom, as the PM is doing with his Cabinet. Beyond this, the meeting sought to identify the various ways that Government and Australian businesses can collaborate on this issue, to both strengthen the economy and national security.
The first point of discussion was the question of how businesses and Government could work together to build skills and education programs to ensure a steady flow of skilled workers to address the shortfall in the cyber security profession. The current shortfall in the workforce—and the research and development base which compliments it—can only be fixed through investment in sound policy and a long-term education plan that targets high schools and universities to promote careers in the cyber security profession. Programs need to be established to identify talented pupils, especially females who are noticeably fewer in number in the industry, that show aptitude for the sciences, maths and computing; such initiatives should ensure that there are pathways into higher education courses which teach the right content and technical skills in both the classroom and the workplace, and illuminate opportunities for employment in both the private and public sectors. Building cyber security in Australia will also require psychologists, law enforcers, corporate strategists and risk managers. Additionally other professions such as lawyers, accountants and other business leaders need to be able to understand cyber security in order to assess, manage and mitigate the business risk of cyber threats.
The second focus of the summit was an examination of how those around the table could assist in strengthening Australia’s cyber defences through voluntary cyber security standards and cyber ‘health checks’. There was discussion around how government and the private sector could improve their threat information sharing arrangements. Creating a two-way exchange of timely and usable threat information will be no easy task, and the parameters of this arrangement will have to be thought about intensively before embarking on any practical work, but it was clearly one of the key issues for the room.
The most significant element of this meeting was the symbolism of the Prime Minister investing his time and attention in the issue. It demonstrates that he and his Government believe cyber security is an issue of importance for Australia’s future, and indicates that it’ll be prioritised in the coming months and years. We saw the UK’s Prime Minister David Cameron hold court with business leaders back in 2010, but he’s not spent nearly as much time on the issue as Abbott—a decision that has had a great impact on the way that the UK has prioritised cyber security. We have also observed how President Obama and President Xi have both made cyber security a priority for their nations. It’s likely that we are seeing the beginning of something similar in Australia.