Opinion piece - The West Australian - Australia's cyber security [7 July 2020]

July 07, 2020

In 2018, I gave a speech to the Safeguarding Australia conference in Canberra, where I talked about the growing integration of cyber-crime and terrorism. I argued that new threats would emerge out of the use of cyber capabilities – not as weapons of attack, but as enablers of much more damaging activities by criminal syndicates, terrorist organisations and nation states. I also noted that we needed to focus our efforts on preparedness for such attacks, but that our current level of skill was lacking.

Australia is woefully underprepared to meet the needs of a cyber defence expansion. We don’t have enough cyber security graduates. Law enforcement and defence agencies find it difficult to retain good cyber security personnel (who are often poached by private companies where they can earn more), and the training systems aren’t in place to upskill the cyber workforce in a range of advanced cyber disciplines. The government’s 2016 Cyber Security Strategy has not been updated. A new cyber strategy is soon to be released, but it is unclear how this new strategy will differ significantly from the 2016 strategy that arguably failed to achieve the real changes we need.

Many readers will remember a time when the Cold War between the US and the Soviet Union and their respective allies defined international security. Growing tensions between the US and China have raised some concerns that the world is entering another Cold War period – one where China and the US face off on trade, technology, military capabilities and regional influence. It seems that this view of international security sparked the Government’s launch this week of new defence spending, to the tune of $270 billion. Spread over a decade, this money will go towards materiel like strike weapons, long range combat systems, hypersonic missiles, underwater surveillance and cyber capabilities.

Even without COVID-19, economic recession and high levels of unemployment, $270 billion is a lot of money and represents a major investment in defence. Unveiling Australia’s new military strategy, Scott Morrison stated that we need to prepare for a world that is “poorer, more dangerous and more disorderly” in the post-COVID security environment. But the world has been poorer, more dangerous and more disorderly for at least the last two decades; the Chinese program of expansionism is not new. Changes to the international security landscape have been developing for some time, and have permanently altered both the source and nature of threats to Australia’s national security. In response we need a defence strategy that prepares us for the threats of the future – and if we do not take account the lessons of the past, we are bound to make the same mistakes.

One of the greatest failures in the so-called “War on Terror” was the assumption that a non-traditional enemy could be fought with traditional means. The combined military efforts of the “Coalition of the Willing” decimated the capacity and capabilities of Al Qaeda and its affiliates, but failed dismally in stopping terrorism. We fought a war with missiles and guns; terrorists fought theirs with hearts and minds, in the dark spaces of the internet. Indiscriminate terror attacks are now part of warfare. The wisdom of employing a conventional ‘hard’ military response against an unconventional enemy which relies on its ability to employ ‘soft’ strategies of influence and mobilisation has, rightly, been questioned.

Today’s security environment is characterized by diverse threats and a broader range of actors. While state-on-state conflict remains an enduring factor, it is no longer the defining concern for international and national security. Intra-state conflict, the collapse of fragile states, climate change, mass population displacement, extreme economic events, cyber security, energy and resource security, transnational organised crime, terrorism and pandemics - all these things are current concerns, and they will remain so. Consequently, States are no longer the only, or even the major actors, in the international security landscape. Non-state actors, individuals, non-government organisations and private corporations play a larger role in conflict and security now than they have in the past.

To face the security challenges of the future, Australia will need higher defence capabilities. But it is vital that those capabilities are responsive to threats we’ll see in the 21st century. Developing our hard military capabilities will send a strong message to our allies and our adversaries in the region and we should not be dissuaded from building our defence capacity – but this alone may not be enough to protect us from new and emerging threats.

Of the $270 billion for defence over the next decade, just $1.35 billion is earmarked for cyber capability – just a week after Scott Morrison warned that Australia was the target of a sophisticated cyber attack from a source widely reported to be China. The Government’s current commitment includes funding for 500 new jobs in cyber intelligence, and money to boost the capacity of the Australian Signals Directorate and the Australian Cyber-Security Centre – while welcome, it does not go far enough to addressing the deficits in our cyber defences.

While our law enforcement and defence agencies do a great job of keeping Australians safe, their task is made ever more complex with the introduction of novel modes of terror and crime. Keeping Australians safe, now and into the future, means strengthening our capacity to stay ahead of these trends. But it also relies on our understanding that security success is more than just gains on the battlefield.

The West Australian, 7 July 2020