{"id":66343,"date":"2021-08-11T12:30:40","date_gmt":"2021-08-11T02:30:40","guid":{"rendered":"https:\/\/www.aspistrategist.ru\/?p=66343"},"modified":"2021-08-11T12:11:53","modified_gmt":"2021-08-11T02:11:53","slug":"a-sovereign-australian-government-data-framework","status":"publish","type":"post","link":"https:\/\/www.aspistrategist.ru\/a-sovereign-australian-government-data-framework\/","title":{"rendered":"A sovereign Australian government data framework"},"content":{"rendered":"
\"\"<\/figure>\n

The federal government set an example for state and territory counterparts in early June when it announced<\/a> that all relevant government data under the Digital Transformation Agency\u2019s hosting certification framework<\/a> will soon need to be stored only in either \u2018certified assured\u2019 or \u2018certified strategic\u2019 data centres.<\/p>\n

The government\u2019s move follows concerns<\/a> about the acute data challenges confronting the Australian public sector, including data sovereignty, supply-chain vulnerabilities and cybersecurity threats. The challenge once faced by Australian governments was completing their digital transformations; now, it\u2019s about figuring out how to adequately protect government systems that are hosted in the cloud.<\/p>\n

More and more countries are addressing these data and digital issues through policy and regulation. Data localisation and targeted government procurement of digital goods and services are two ways governments may seek to secure their data, and the systems and infrastructure that rely on it.<\/p>\n

Data localisation means keeping data within Australian borders\u2014not just when it\u2019s stored, but also when it\u2019s processed. Targeted or sovereign procurement means not just selecting contractors that are operating in Australia but selecting those that aren\u2019t subject to the legal influence of foreign jurisdictions.<\/p>\n

But these policies are often condemned in international trade law circles as discriminatory trade barriers. Government policy claiming to pursue the legitimate objective of data protection may be accused of promoting data protectionism in disguise. With Australia continuing to push ahead with trade liberalisation and wishing to maintain its reputation for honouring its international trade obligations, government data challenges will need to be addressed through balanced and proportionate measures.<\/p>\n

I argue in a forthcoming report that a level of digital sovereignty is required for securing and developing Australia\u2019s national interests. The report also finds that Australia retains the regulatory autonomy under international trade agreements to adopt digital sovereignty measures that balance its liberalised trade agenda with its national interests.<\/p>\n

The federal government now requires relevant government data to be hosted only by certified data companies. This is data at the \u2018protected\u2019 level or data belonging to whole-of-government systems.<\/p>\n

This two-fold classification is a recognition of two realities. First, the threats posed by failure to protect government data are very different to those for other types of data. Second, there are particular vulnerabilities inherent in hyperscale cloud systems, where information belonging to various agencies is hosted together.<\/p>\n

An inability to monitor, control and protect overseas data centres is an overt practical risk of using foreign clouds. It means uncertainty about the operational reliability of overseas data centres. Physical attacks, shutdowns, blackouts, natural disasters and regulatory interference are less able to be managed far away.<\/p>\n

There are also risks of foreign interference by overseas governments and private actors, which are often legal in nature. Foreign agencies can exercise authority over cloud and data companies that are legally subject to foreign jurisdictions.<\/p>\n

Australia\u2019s proposed bilateral agreements with America under the US CLOUD Act is an oft-cited example. Under that law, a US-based company can be asked by US authorities to relinquish access and control over data regardless of where the data is located.<\/p>\n

Other vulnerabilities relate to weak points in the distributed supply chains of multilayered cloud systems, or the security defects of large-scale cloud providers that house multiple tenants\u2019 data simultaneously.<\/p>\n

Importantly, accepted technological principles that emphasise security processes over data location don\u2019t account for other, non-cybersecurity-related risks. Data stored outside Australia may be stored in countries with political, social and economic interests that don\u2019t necessarily align with Australia\u2019s national interests, or by providers with obligations to such countries. Foreign facilities and personnel may not be subject to the same legal, regulatory and physical controls as domestic suppliers operating onshore.<\/p>\n

So digital sovereignty concerns are intensifying because of the inherent risks associated with hosting government data in foreign clouds, and the threats that those risks pose to Australia\u2019s national interest.<\/p>\n

It\u2019s this combination of urgent risks and threats that gives Australia sufficient latitude under international trade law to introduce proportionate, tailored digital sovereignty measures for the public sector rather than data protectionism.<\/p>\n

Cybercrime and commercial cyberespionage against private citizens and enterprises are serious issues in their own right. But the consequences are potentially much graver when they affect government data.<\/p>\n

Australian defence and intelligence agencies continue to rely more heavily on cloud computing and other emerging digital technologies to carry out operations. And digital technology is part of Australia\u2019s offensive and defensive cyber arsenals.<\/p>\n

This dependence on digital technology is expanding even more rapidly in critical infrastructure sectors, where cloud technology and various cyber\u2013physical systems are being used to control infrastructure. Recent remote attacks on power plants, refineries and gas pipelines have highlighted some dangerous vulnerabilities.<\/p>\n

Measures designed to afford competitive advantages to domestic businesses may be seen as merely protectionist. However, the line between building stronger domestic digital sectors for industrial policy purposes and securing an adequate level of strategic autonomy is quickly fading. The widespread integration of digital technologies and their central role in government and other critical sectors has illustrated the legitimacy of protecting or promoting domestic capacities.<\/p>\n

The federal government\u2019s tightening of its certification framework is a welcome acknowledgement of these risks and legitimate policy concerns that remains to be embraced by governments at the subnational level.<\/p>\n

However, there is now an opportunity for all Australian governments to improve on the federal approach. Companies certified under the current framework don\u2019t need to be Australian owned and controlled or even have their operations exclusively in Australia.<\/p>\n

A better approach, and one that\u2019s commensurate with the risks, would be much stronger provisions to ensure that data hosts are Australian owned and based.<\/p>\n

The personnel and supply-chain assessment procedures and strict requirements that limit changes in ownership and control under the current framework may be sufficient to maintain Australian government control over its own data. But as they currently stand, the existing arrangements fall short of a truly sovereign framework for government data.<\/p>\n","protected":false},"excerpt":{"rendered":"

The federal government set an example for state and territory counterparts in early June when it announced that all relevant government data under the Digital Transformation Agency\u2019s hosting certification framework will soon need to be …<\/p>\n","protected":false},"author":1403,"featured_media":66346,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_mi_skip_tracking":false,"footnotes":""},"categories":[1],"tags":[416,483,2175,435],"class_list":["post-66343","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-general","tag-australian-government","tag-cloud-computing","tag-data","tag-sovereignty"],"acf":[],"yoast_head":"\nA sovereign Australian government data framework | The Strategist<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.aspistrategist.ru\/a-sovereign-australian-government-data-framework\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"A sovereign Australian government data framework | The Strategist\" \/>\n<meta property=\"og:description\" content=\"The federal government set an example for state and territory counterparts in early June when it announced that all relevant government data under the Digital Transformation Agency\u2019s hosting certification framework will soon need to be ...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.aspistrategist.ru\/a-sovereign-australian-government-data-framework\/\" \/>\n<meta property=\"og:site_name\" content=\"The Strategist\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/ASPI.org\" \/>\n<meta property=\"article:published_time\" content=\"2021-08-11T02:30:40+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2021-08-11T02:11:53+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2021\/08\/GettyImages-671033610-e1628641632983.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"900\" \/>\n\t<meta property=\"og:image:height\" content=\"600\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Andrew Mitchell\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@ASPI_org\" \/>\n<meta name=\"twitter:site\" content=\"@ASPI_org\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Andrew Mitchell\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.aspistrategist.ru\/#website\",\"url\":\"https:\/\/www.aspistrategist.ru\/\",\"name\":\"The Strategist\",\"description\":\"ASPI's analysis and commentary site\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.aspistrategist.ru\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-AU\"},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-AU\",\"@id\":\"https:\/\/www.aspistrategist.ru\/a-sovereign-australian-government-data-framework\/#primaryimage\",\"url\":\"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2021\/08\/GettyImages-671033610-e1628641632983.jpg\",\"contentUrl\":\"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2021\/08\/GettyImages-671033610-e1628641632983.jpg\",\"width\":900,\"height\":600,\"caption\":\"MEYRIN, SWITZERLAND - APRIL 19: A detailed view in the CERN Computer \/ Data Centre and server farm of the 1450 m2 main room during a behind the scenes tour at CERN, the World's Largest Particle Physics Laboratory on April 19, 2017 in Meyrin, Switzerland. Experiments at CERN generate colossal amounts of data (the LHC experiments produce over 30 petabytes of data per year). The Data Centre stores it, and sends it around the world for analysis. Archiving the vast quantities of data is an essential function at CERN. CERN has more than 130 Petabytes of stored data (the equivalent of 700 years of full HD-quality movies). CERN does not have the computing or financial resources to crunch all of the data on site, so in 2002 it turned to grid computing to share the burden with computer centres around the world. The centre maintains disk and tape servers, which need to be upgraded regularly. (Photo by Dean Mouhtaropoulos\/Getty Images)\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.aspistrategist.ru\/a-sovereign-australian-government-data-framework\/\",\"url\":\"https:\/\/www.aspistrategist.ru\/a-sovereign-australian-government-data-framework\/\",\"name\":\"A sovereign Australian government data framework | The Strategist\",\"isPartOf\":{\"@id\":\"https:\/\/www.aspistrategist.ru\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.aspistrategist.ru\/a-sovereign-australian-government-data-framework\/#primaryimage\"},\"datePublished\":\"2021-08-11T02:30:40+00:00\",\"dateModified\":\"2021-08-11T02:11:53+00:00\",\"author\":{\"@id\":\"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/a95941acf5dcd28a237961a45d7f2b55\"},\"breadcrumb\":{\"@id\":\"https:\/\/www.aspistrategist.ru\/a-sovereign-australian-government-data-framework\/#breadcrumb\"},\"inLanguage\":\"en-AU\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.aspistrategist.ru\/a-sovereign-australian-government-data-framework\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.aspistrategist.ru\/a-sovereign-australian-government-data-framework\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.aspistrategist.ru\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"A sovereign Australian government data framework\"}]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/a95941acf5dcd28a237961a45d7f2b55\",\"name\":\"Andrew Mitchell\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-AU\",\"@id\":\"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/2a98f7ae7d6e1d0277b5546689c564e1?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/2a98f7ae7d6e1d0277b5546689c564e1?s=96&d=mm&r=g\",\"caption\":\"Andrew Mitchell\"},\"url\":\"https:\/\/www.aspistrategist.ru\/author\/andrew-mitchell\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"A sovereign Australian government data framework | The Strategist","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.aspistrategist.ru\/a-sovereign-australian-government-data-framework\/","og_locale":"en_US","og_type":"article","og_title":"A sovereign Australian government data framework | The Strategist","og_description":"The federal government set an example for state and territory counterparts in early June when it announced that all relevant government data under the Digital Transformation Agency\u2019s hosting certification framework will soon need to be ...","og_url":"https:\/\/www.aspistrategist.ru\/a-sovereign-australian-government-data-framework\/","og_site_name":"The Strategist","article_publisher":"https:\/\/www.facebook.com\/ASPI.org","article_published_time":"2021-08-11T02:30:40+00:00","article_modified_time":"2021-08-11T02:11:53+00:00","og_image":[{"width":900,"height":600,"url":"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2021\/08\/GettyImages-671033610-e1628641632983.jpg","type":"image\/jpeg"}],"author":"Andrew Mitchell","twitter_card":"summary_large_image","twitter_creator":"@ASPI_org","twitter_site":"@ASPI_org","twitter_misc":{"Written by":"Andrew Mitchell","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebSite","@id":"https:\/\/www.aspistrategist.ru\/#website","url":"https:\/\/www.aspistrategist.ru\/","name":"The Strategist","description":"ASPI's analysis and commentary site","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.aspistrategist.ru\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-AU"},{"@type":"ImageObject","inLanguage":"en-AU","@id":"https:\/\/www.aspistrategist.ru\/a-sovereign-australian-government-data-framework\/#primaryimage","url":"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2021\/08\/GettyImages-671033610-e1628641632983.jpg","contentUrl":"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2021\/08\/GettyImages-671033610-e1628641632983.jpg","width":900,"height":600,"caption":"MEYRIN, SWITZERLAND - APRIL 19: A detailed view in the CERN Computer \/ Data Centre and server farm of the 1450 m2 main room during a behind the scenes tour at CERN, the World's Largest Particle Physics Laboratory on April 19, 2017 in Meyrin, Switzerland. Experiments at CERN generate colossal amounts of data (the LHC experiments produce over 30 petabytes of data per year). The Data Centre stores it, and sends it around the world for analysis. Archiving the vast quantities of data is an essential function at CERN. CERN has more than 130 Petabytes of stored data (the equivalent of 700 years of full HD-quality movies). CERN does not have the computing or financial resources to crunch all of the data on site, so in 2002 it turned to grid computing to share the burden with computer centres around the world. The centre maintains disk and tape servers, which need to be upgraded regularly. (Photo by Dean Mouhtaropoulos\/Getty Images)"},{"@type":"WebPage","@id":"https:\/\/www.aspistrategist.ru\/a-sovereign-australian-government-data-framework\/","url":"https:\/\/www.aspistrategist.ru\/a-sovereign-australian-government-data-framework\/","name":"A sovereign Australian government data framework | The Strategist","isPartOf":{"@id":"https:\/\/www.aspistrategist.ru\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.aspistrategist.ru\/a-sovereign-australian-government-data-framework\/#primaryimage"},"datePublished":"2021-08-11T02:30:40+00:00","dateModified":"2021-08-11T02:11:53+00:00","author":{"@id":"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/a95941acf5dcd28a237961a45d7f2b55"},"breadcrumb":{"@id":"https:\/\/www.aspistrategist.ru\/a-sovereign-australian-government-data-framework\/#breadcrumb"},"inLanguage":"en-AU","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.aspistrategist.ru\/a-sovereign-australian-government-data-framework\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.aspistrategist.ru\/a-sovereign-australian-government-data-framework\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.aspistrategist.ru\/"},{"@type":"ListItem","position":2,"name":"A sovereign Australian government data framework"}]},{"@type":"Person","@id":"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/a95941acf5dcd28a237961a45d7f2b55","name":"Andrew Mitchell","image":{"@type":"ImageObject","inLanguage":"en-AU","@id":"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/2a98f7ae7d6e1d0277b5546689c564e1?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/2a98f7ae7d6e1d0277b5546689c564e1?s=96&d=mm&r=g","caption":"Andrew Mitchell"},"url":"https:\/\/www.aspistrategist.ru\/author\/andrew-mitchell\/"}]}},"_links":{"self":[{"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/posts\/66343"}],"collection":[{"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/users\/1403"}],"replies":[{"embeddable":true,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/comments?post=66343"}],"version-history":[{"count":3,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/posts\/66343\/revisions"}],"predecessor-version":[{"id":66348,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/posts\/66343\/revisions\/66348"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/media\/66346"}],"wp:attachment":[{"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/media?parent=66343"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/categories?post=66343"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/tags?post=66343"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}