{"id":38670,"date":"2018-04-18T14:30:36","date_gmt":"2018-04-18T04:30:36","guid":{"rendered":"https:\/\/www.aspistrategist.ru\/?p=38670"},"modified":"2018-04-18T15:45:44","modified_gmt":"2018-04-18T05:45:44","slug":"data-considered-critical-infrastructure","status":"publish","type":"post","link":"https:\/\/www.aspistrategist.ru\/data-considered-critical-infrastructure\/","title":{"rendered":"Should data be considered critical infrastructure?"},"content":{"rendered":"
<\/figure>\n

We\u2019ve all experienced the pain of data loss. Whether a work report, university assignment or family photos\u2014everyone knows that nauseating realisation that hours, days or even years of work have disappeared in the blink of an eye.<\/p>\n

In the late 1990s, Pixar almost lost its film Toy Story 2<\/em><\/a> before its release when backup systems failed. Luckily, the film\u2019s producer, a working mum, had a copy of the film stored on her personal computer.<\/p>\n

While the loss of that film might have been difficult to swallow, the devastation of losing critical national identity data would have much broader and more consequential implications, particularly on our national security, our democratic processes and the memory of who we are as a nation.<\/p>\n

Estonia, widely acknowledged as a leader in e-government, now have a cache of government data that they consider so valuable that they\u2019re establishing \u2018data embassies<\/a>\u2019. Effectively, these\u00a0 will be, datacentres located on foreign soil.<\/p>\n

By classifying these new facilities as embassies\u2014essentially Estonian territory in a foreign land\u2014rather than as offshore datacentres, Estonia will retain sovereign control and security over the data.<\/p>\n

The project will be expensive. Estonia\u2019s current embassies don\u2019t meet the technical requirements<\/a> to properly secure the data, which includes the physical construction as well as the necessary networks and trained personnel. Estonia obviously places a high value on its data if it\u2019s willing to go to such lengths to protect it, and to ensure that its government services are uninterrupted.<\/p>\n

So, what might happen if Australia\u2019s national digital identity data were manipulated or deleted? That\u2019s the question that ASPI Visiting Fellow Anne Lyons is asking<\/a>. Historically, the concept of critical infrastructure (CI) has, understandably, been confined to tangible assets.<\/p>\n

However, Canada\u2019s definition<\/a> of CI also refers to processes and systems, both of which could be considered intangible. So an argument could be made that data is both a process and a system, from its collection and creation to its use and eventual re-purposing.<\/p>\n

Australia defines CI as:<\/p>\n

those physical facilities, supply chains, information technologies and communication networks which, if destroyed, degraded or rendered unavailable for an extended period, would significantly impact the social or economic wellbeing of the nation or affect Australia\u2019s ability to conduct national defence and ensure national security.<\/p><\/blockquote>\n

Under that definition, data could be considered CI. So, why should we want to think of data as CI?<\/p>\n

Data is a valuable national asset that supports the foundations of our nation\u2014the parliament, the courts, the government. Without it, there would be no evidence of modern Australia, its property ownership, international relations, trade history, immigration records or information proving who we are as individuals.<\/p>\n

Our data is also evidence of where we have come from\u2014the songs, stories, communities and iconic representations of Australia through the ages.<\/p>\n

Our data is one of our nation\u2019s most important assets because it defines our uniqueness.<\/p>\n

But there are some who don\u2019t think data should be classified as CI. So what are the obstacles? In general, there are four primary objections:<\/p>\n