National cybersecurity capability needs decades of “fresh thinking” on skills, private-sector partnerships: ACCS

The process of developing a national cybersecurity capability requires a complete overhaul of technology and R&D processes that will take 10 to 20 years to complete, according to a government-security academic who warns that it will be “problematic” if Australia fails to retain a leadership role in the fast-evolving transformation.

Australia has always been “a little bit backward” in general ICT posture and military planning around cybersecurity, Dr Greg Austin, a visiting professor at the UNSW-ADFA joint venture Australian Centre for Cyber Security (ACCS), told CSO Australia in the wake of a recent conference exploring forward requirements for Australia's cybersecurity capability.

Improving that capability would require the kind of candid public discussions that the government had historically shied away from in the name of security, Austin said, noting “reluctance in the highest levels to embrace these ideals publicly.”

Growing concern over cybersecurity – and an ever-growing hit list of successfully hacked organisations – had increasingly led to demand for “a clear public strategy from the government”, Austin said, so that the academic and research community “can do all that we have to in terms of public research, mobilising the industry, and mobilising the population in terms of having people knowing what we're doing and training up for it.”

Investments in skills and R&D would have a direct impact on the ability of Australia's military complex to adapt to the rapidly evolving cybersecurity theatre – where the development of new methods of cyberwarfare was a high priority that “is as big a change for most militaries as was the introduction of the air force,” Austin said.

“It's a whole new way of fighting and thinking, and a whole new set of technologies. It's a process that will take 10 to 20 years to put in place – and if Australia is not a technology leader in that it will be even more problematic.”

The ACCS and UNSW this week opened enrolment to a Master in Cyber Security, Strategy and Diplomacy course that will begin in February and complements the existing Master in Cyber Security and Master in Cyber Security Operations degrees .

Australia's academic community would need to bring sets of skills to the government's military mission, Austin warned, with students enticed to embark on cybersecurity-related careers and government recruitment and training policies key to bolstering what he said is a quite sub-standard R&D community at present.

“The bad news for Australia and the ICT sector is that we're performing quite badly” in cybersecurity research,” he warned. “It's one of the few research fields where Australia is below the world average in terms of citations for research.”

“There is a high degree of disaffection with the way we teach IT,” he said. “We're such a dumbed-down country when it comes to innovation and we've been falling behind. Giving a much higher priority to innovation across the country, and innovation for defence in the ICT sector, would help enliven that educational experience for people.”

Systemic inadequacies in cybersecurity training have long been a sticking point across the security industry, with skilled professionals in such demand that even an academic centre of excellence like ACCS has struggled to get all the skilled staff it wants. Security-industry organisations have been vocal on the issue, with the likes of Cisco Systems, Earthwave, and Securus Global warning of the need for change and recent surveys showing that cybersecurity is not attracting the necessary salary premiums and that it has serious brand-recogition problem amongst young Australians.

Cybersecurity skills development policy needed to not only focus on attracting students when they are young, Austin said, but also to focus on building bridges between public and private-sector organisations so that the government can call on private-sector skills when they are needed urgently.

This meant that Defence and other departments faced a decision “about what parts we can import and what parts we need to produce ourselves,” he said. “There are a lot of Australians working overseas for these high powered companies.”

“If only we knew where they were, we could call on them at times of crisis – but we don't have a clue where they are. We're contributing to the global stock of knowledge in areas of interest, but we don't have any mechanisms for calling on them if we get into a conflict.”

Building those pipelines would take time and cultural change, Austin said, but in the short term government agencies needed to accept the need for “fresh thinking” around Australia's cybersecurity policy – and to be prepared to stump up the funding it requires to execute on this planning.

“It is a matter of urgency,” he said. “There's arguably a premium you have to pay for readiness that you don't normally have to pay in respect of preparing conventional armed forces, but if we're prepared to spend $1b on a submarine maybe it's time we consider the same for cyber defence. Hopefully, as we move forward in the cyber defence and cybersecurity sector, we'll play a part in what will hopefully be a rethink of Australian innovation.”

Security ALERT!

Need help making the right choice for you business? Need to update your system but don't know where to start? CSO can help, check out our security hub today.

Gigamon Transform Security Zone

Join the CSO newsletter!

Error: Please check your email address.

Tags cybersecurityACCSCT sectorCSO Australia

More about CiscoCSOEarthwaveGigamonSecurus GlobalUNSW

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by David Braue

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place