Australia’s most pressing threat of war is one in the cybersphere.
Rising tensions between China and the US have led to recent discussions about the threat of Australia being dragged into a war with China, likely fought over Taiwan. While it’s possible that China could launch an assault on Taiwan in the future, other than some sabre-rattling from President Xi Jinping and the US, war is not inevitable and according to some experts, it’s unlikely to happen in this decade.
For Australia, I would argue the most pressing threat of attack would likely come from bad actors, either in the form of other nations or from criminal syndicates and the war would be waged in the cybersphere. And there’s plenty of intelligence from the last decade on what a war in the cybersphere might look like.
Take Russia’s attacks on Ukraine for example. While Ukraine has been engaged in a traditional land war since February 2022, Russia has been waging a cyberwar against Ukraine since the 2014 illegal annexation of Crimea, and has launched sustained cyber-attacks at its public, energy, media, financial, business and non-profit sectors, attempting to disrupt services, gather intelligence and manipulate elections.
The level of Russia’s success on the cyber battlefield has been mixed, as Ukraine’s cyber defences have proven to be resilient and have certainly benefited from support and technology from other Western nations.
The cyber-attacks against Medibank and Optus were a small taste of what Australia might expect from a sustained cyber-attack
The cyber-attacks against Medibank and Optus were a small taste of what Australia might expect from a sustained cyber-attack and the response from the Albanese government, led by Clare O’Neil has been commendable. Appointing Ms O’Neil as the first dedicated Cyber Security minister in the OECD’s top 20, indicates how seriously the government is taking the cyber threat, and the need for urgent reform.
One of Minister O’Neil’s first pledges was to concentrate on building a cyber security strategy focused on sovereign capability and boosting our future cyber security workforce. Australia is well placed, I believe, to achieve some of the goals outlined by the government, including an ambition to be the world’s most cyber secure nation by 2030.
Our government’s efforts to safeguard data have also recognised by The MIT Technology Review Insights Cyber Defense Index, which ranked Australia number one amongst 20 of world’s largest and most digitally advanced economies on preparation against and response and recovery from, cybersecurity threat.
There are threats to the process of building Australia’s sovereign capability. One threat is that of offshoring.
There are threats to the process of building Australia’s sovereign capability. One threat is that of offshoring. Offshoring IT work is commonplace in Australia, from customer support to software programming and data storage but if there’s one thing that the pandemic has taught us, it’s that supply chains breakdown, and sovereign capability matters.
When it comes to cyber security, we can’t afford to be relying on overseas third parties to be protecting us or storing our sensitive data.
When it comes to cyber security, we can’t afford to be relying on overseas third parties to be protecting us or storing our sensitive data. We must invest in building own data storage facilities, and like the Australian government which mandates all public sector data is stored on-shore, we should be looking to strengthen our sovereign data laws to ensure Australians’ private data held by business is safely stored, on-shore.
The cost-cutting attitude some Australian business have towards IT services, data storage, and cybersecurity also needs to shift.
When a business is working with a low-cost IT or cybersecurity service provider overseas, that business must ask itself, are they sure that the highest levels of security are being maintained? Are they confident when there are many different contractors involved, that those people are qualified and will carry out work to the highest standards? And if a data breach does occur, what legal recourse might they have, if any?
Choosing an off-shore cyber security company might be enticing for the bottom line, but with little to no oversight, a lack of quality control and potentially no legal recourse, it’s a recipe for disaster.
If Australia truly wants to be ready to defend ourselves against cyber-attacks from countries like Russia, Iran, China and North Korea, who we know are already targeting us, and if we want be the most cyber secure country in the world by 2030, our best defence must start and end here in Australia.
By Ches Rafferty, Scantek CEO.
First published in The Canberra Times, March 21 2023.