Australia Lagging in Cyber War

greg-austin-eastwest-institute-international-policy-environment-for-cyber-security-changes-underpinning-the-move-from-prevention-to-resilience-24-638.jpg?cb=1435623380

Australia urgently needs to have an open and public debate on its military, security, and civil needs in cyberspace.

As Australia prepares to release its next White Paper on defense policy, expert eyes are waiting to see whether it will match the declaration by Malcolm Turnbull, the country’s new prime minister, that his government is one fit for the 21st century. 
The need for 21st century innovation in the defense portfolio is urgent, as a number of submissions to the 2015 White Paper through this year argued, not least those from specialists with direct experience in Australia’s intelligence and security services or its armed forces. One of these submissions, by the author, was revised and published under the title “Australia’s Digital Skills for War and Peace” in an Australian peer-reviewed journal in December 2014.

As part of its case, the article developed arguments and data provided by others, including the Australian Computer Society (ACS), that our universities were doing badly in educating Australians for the cyber age. Between 1999 and 2013, statistics of the Australian Department of Education show that our annual corpus of new domestic student graduates in information technology (IT) fell by 46 percent, though there was an upturn in 2012 and 2013. (This reference to IT graduates does not include electrical engineers, which saw an increase.)

According to the ACS, we were able to compensate for the sharp decline in IT graduates in part by temporary ICT migrants to Australia, which in 2009-10 numbered 8,530 – double the number of our own IT graduates for that year (ACS 2011: 27-28). (Data for later years does not allow a similarly granular comparison.)

In terms of student satisfaction with our IT tertiary offerings, Education Department data for 2005 to 2012, the latest available as of December 2014, showed that the completion rate for students enrolled in information technology over the period was only 61 percent, significantly lower than for any other of the ten general categories of study.
The article argued that any country “cannot hope to have cyber talents for war if it does not develop them in peacetime and if it does not have a strategy for transitioning these skills from the civil economy to military uses when emergencies dictate.” It also highlighted what it called a “virtuous circle of innovation” ─ the fact that “enhanced development of military cyber skills and strategies has flow-on effects to civil economy.”

The picture of weakness in our university-based IT education is matched in university-based research. While there are pockets of expertise and excellence in research, a review of research performance show high performance only in selected aspects of IT.

The results of the 2012 Excellence in Research analysis for the discipline of Information and Computing Sciences by the Australian Research Council reported out of 41 eligible universities, only two — the Australian National University (ANU) and the University of Melbourne) — were graded at 5 (on a sliding scale of 1-5) in the overall field. This is given a two-digit code (08) for the field of research (FOR). Only three other universities — Adelaide, the University of New South Wales (UNSW), and Queensland — received a ranking of 5 in any single four-digit sub-codes.

More concerning is the fact no single university received more than one 5 in any of the eight possible sub-codes. Even more worrying is the fact that out of a hypothetically possible 328 sub-code assessments (41 universities x 8 sub-codes), over 230 (or 70 percent) were “not assessed.” It seems that Australia is not even researching the bulk of the field of information technology!

In the same 2012 report, the situation Australia-wide in the Mathematic Sciences, another core discipline for cyber security, was even worse, though ANU, UNSW, and the University of Queensland scored comparatively well, and Monash and the University of Western Australia figured more prominently than in Information and Computing Sciences.
There is a direct link between the weak research position of the bulk of our universities and the collapse of undergraduate education in information technology (IT) in Australia.

Australia also has a weak information technology (IT) industry base, notwithstanding clear internationally competitive achievements, such as contributions to some key aspects of WiFi technology. We need to attract more venture capitalists, regardless of nationality, and get their money into university-based and industry-based R&D for IT.
Weaknesses in Australia’s cybersecurity situation in the civil sector (vulnerabilities everywhere) are not unique to Australia, but our inability to provide the skills base we need to overcome them, and a lack of industrial options to address them, must translate into great military dangers for the country.

There is recognition in the government and the university sector of the need for urgent reform. This has been evident through a government consultation on cyber security led by the Department of Prime Minister and Cabinet, the results of which are expected soon. The private sector is mobilizing in this sub-field as well and bringing new funds to the university sector. In the past two years, new centers for cybersecurity have been set up in several Australian universities.
So far, the leading university in the field of cybersecurity broadly defined (including cyber war) is probably the University of New South Wales, which set up its cybersecurity center in 2014. Among similar centers in Australian universities, it has the broadest remit and largest cohort of associated scholars (some 53). It should be noted that UNSW showed scores (all 3 or above) in more of the eight sub-fields (the sub-codes) of IT mentioned above than any other university.

One important feature of the Australian Center for Cyber Security (ACCS) at UNSW Canberra is its location at the Australian Defense Force Academy, the main officer cadet tertiary education facility in the country.

ACCS was tasked by UNSW Canberra with setting up in 2015 the first course in cybersecurity compulsory for all undergraduates in any Australian university. In 2016, ACCS and its partner schools (Humanities and Social Sciences and Engineering and IT) will deliver the first course in any Australian university in cyber war and diplomacy. The course has few peers in universities in the English speaking world.

In November 2015, ACCS will partner with the country’s Defense Science and Technology Group in the Department of Defense in a one-day conference that will take a critical, if informal or unofficial look, at the country’s R&D priorities for national cybersecurity.

There are many departure points for this conference. On the one hand, there are developing capabilities in countries like the United States, China, Russia, and Japan. Australia therefore needs its own sovereign capabilities. On the other hand, there is the important consideration that cybersecurity is bigger than each of us, either at the national level of the international level.

Just where a country like Australia needs to position itself in this highly dynamic and complex environment (the “infosphere”) is something that only the collective wisdom of the country’s best minds can answer, working in partnership. We need first of all an open and public debate on our military, security, and civil needs in cyberspace and how well our emerging capabilities match those needs. We would have to admit, as so many specialists have argued, that we are badly lagging.
The Diplomat:  http://bit.ly/1RDIWJa

 

 

« EU Rules Bitcoin Exchange Is Now Tax-Free
Can Russian Submarines Cut Off the Internet? »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Blueliv

Blueliv

Blueliv is a leading provider of targeted cyber threat information and intelligence. We deliver automated and actionable threat intelligence to protect the enterprise and manage your digital risk.

Infosecurity Europe

Infosecurity Europe

Infosecurity Europe is Europe’s number one information security conference and exhibition.

Messageware

Messageware

Messageware is the market leader in securing, enhancing, and customizing Microsoft Exchange and Outlook Web App.

Atea

Atea

Atea is the market leader in IT infrastructure for businesses and public-sector organizations in Europe’s Nordic and Baltic regions.

GE Digital

GE Digital

GE Digital is a leading software company for the Industrial Internet. Products include Industrial Cyber Security for Operational Technology (OT).

Cobalt Labs

Cobalt Labs

Pen Testing as a Service for Modern SaaS Businesses. Cobalt is redefining the modern pen test for companies who want serious hacker-like testing built into their development cycle.

CipherTrace

CipherTrace

CipherTrace develops cryptocurrency Anti-Money Laundering, cryptocurrency forensics, and blockchain threat intelligence solutions.

Partnership for Conflict, Crime and Security Research (PaCCS)

Partnership for Conflict, Crime and Security Research (PaCCS)

PaCCS delivers high quality and cutting edge research to improve our understanding of current and future global security challenges in areas including cybersecurity.

SyncDog

SyncDog

SyncDog is a leader in enterprise security and the preeminent vendor for containerized mobile application security across cloud & on-premise computing environments.

Onesecure Asia

Onesecure Asia

ONESECURE Asia’s expertise and services are built around its mission to provide reliable, robust and scalable technology solutions to cater for its customers’ needs.

ImmuniWeb

ImmuniWeb

We Simplify, Accelerate and Reduce Costs of Security Testing, Protection and Compliance.

Intel 471

Intel 471

Intel 471 provides adversary and malware intelligence for leading intelligence, security and fraud teams.

Irys Technologies

Irys Technologies

Irys Technologies specialize in pioneering digital transformation solutions designed to streamline communications and enhance maintenance and operational efficiency for a variety of sectors.

Resemble AI

Resemble AI

Resemble AI is an innovator in Generative Voice AI technology and tools to combat AI fraud including audio watermarking and deepfake detection.

Raito

Raito

Raito's unique solution integrates with the data development process and lets data teams monitor, manage, and automate data security across the data stack.

Icon Information Systems (ICONIS)

Icon Information Systems (ICONIS)

ICONIS is an integrated infrastructure and service provider, offering unified Information Technology (IT) solutions globally.