This week the Australian Strategic Policy Institute (ASPI) released its report, entitled ‘What Australia’s parliamentarians think about cybersecurity and critical technology?’, and it makes for some interesting reading.
The report ‘aims to provide a snapshot of what our nation’s policy shapers and policymakers are thinking when it comes to cybersecurity and critical technologies. What are they worried about? Where are their knowledge gaps and interests? What technologies do they think are important to Australia and where do they believe policy attention and investment should focus in the next five years?’
24 parliamentarians took part. It is non-partisan, and participation was anonymous, without stated identifiers like gender or status. If you haven’t had a chance to grab yourself a copy, you can do so here.
And if you’re just looking for the highlights, here’s a quick precis with extracts from the Exec Summary:
- ‘Parliamentarians were primarily concerned about:
- State-backed cyberattacks against critical infrastructure, and
- State-backed cyber-enabled foreign interference.
- Other types of state-backed activity, like cyber espionage and intellectual property (IP) theft, also conducted by state-backed, bad actors, were further down their list.
- Cyber threats from those other than state-based bad actors (i.e. independent cybercriminals), including data breaches due to poorly designed systems were next in line.
- ‘Parliamentarians generally saw Australia's defence and intelligence organisations, defence industry and financial markets as cyber resilient. Conversely, many saw politicians' offices, political parties, state and territory governments and local councils as most vulnerable to malicious cyber actors - but still did not prioritise cybersecurity investment in those areas.’
- All agreed that ‘the federal government should have a data management strategy for the public sector, and a majority supported a significant overhaul of the legacy ICT systems that support Australia's critical national infrastructure.’
- ‘In the critical technology domain, they agreed on the need for Australian sovereign capacity in specified critical technology sectors—including cybersecurity technology, quantum computing and AI—to secure Australia’s national security and economic interests in a less certain geostrategic environment.’
- They also agreed that where ‘Australian sovereign capacity in critical technologies is lacking or unattainable, it’s important for Australia to have access to reliable supplies from other nations.’
- ‘Some parliamentarians either did not know what Australia was doing to shape international critical technology standards or did not think that it’s doing enough.’
- Most are concerned that they are ‘not educated on the nature, nomenclature and nuances of critical technology and cybersecurity’.
- Quoting one respondent, ‘Everyone kind of knows about technology but they just accept it in the form that it comes to them. Policymakers need to know more about it, but that’s the difficulty. We have got to find ways to explain it better.’
- ‘They openly admitted to being struck by how little they know about the opportunities and threats in those domains and how quickly those evolving fields are moving beyond their understanding.’
- ‘Parliamentarians agreed that state-backed backed cyberattacks on Australia’s critical infrastructure are a priority threat. However, their views on priority sectors for investing in cybersecurity resilience varied greatly.’
- And they ‘recognised the need for Australia to keep pace with technological developments to ensure future national security and prosperity.’
Quoting some of the respondents:
‘[I] have a lack of understanding of adversary capabilities—resources, time and personnel—on cybersecurity...’
‘Everyone kind of knows about technology but they just accept it in the form that it comes to them. Policymakers need to know more about it, but that’s the difficulty. We have got to find ways to explain it better.’
‘Parliamentarians have a responsibility to lead the debate on this. There’s a reluctance to engage in attribution, but we have to do more of it because we have to make it real for constituents. [We] need to raise [our] literacy levels and awareness about cyber.’
‘The best way of understanding is through connecting [us] with examples and showing how Australia is placed to handle it … [This is] an important area for parliament.’
‘[I] want to know more about all of it, and about what we know and what we don’t know. Politicians should know more about this stuff.’
‘It will be a generational change [among parliamentarians]. I think it’s very difficult to get people to go ‘back to school’. You see this in the very large discrepancy in knowledge and technological literacy. Some people have made an effort; some people just throw their hands in the air.’
We applaud ASPI for undertaking the study. It does raise some serious concerns though, in particular regarding the self-confessed lack of knowledge that our political leaders have about technology, and cybersecurity in particular.
And questions about their priorities, when they admit to seeing their own offices, parties, state and territory governments and councils as most vulnerable, yet they don’t prioritise investment in cybersecurity.
It’s encouraging that they acknowledge a need to ‘improve the level of cyber awareness and literacy’, and one hopes that they are receptive to the advice that they receive from those around them who are better-informed.
Likewise, where there is a stated intent to ‘build sovereign capacity’, but an acknowledgement that ‘where Australian sovereign capacity in critical technologies is lacking or unattainable, it’s important for Australia to have access to reliable supplies from other nations,’ one hopes that AUKUS and similar agreements don’t inadvertently result in Australia deferring to our allies for technological leadership, and that we continue to prioritise and invest in the people and assets that we have at home.
MailGuard declares its own self-interest of course, since former Prime Minister, the Hon. Malcolm Turnbull did say, that “MailGuard has developed world-leading cloud and email security IP. This is IP that is unique to Australia; it's among the leading cloud and email security solutions anywhere in the world."
We hope that our leaders recognise the wonderful talent and innovation happening here, and continue to nurture and develop Australia’s own capabilities, not just for our own cybersecurity and defence, but also for export as a source of economic growth and future prosperity for our citizens and our nation.
Stay up-to-date with MailGuard's latest blog posts by subscribing to free updates. Subscribe to weekly updates by clicking on the button below.
