Australia Lagging in Cyber War

greg-austin-eastwest-institute-international-policy-environment-for-cyber-security-changes-underpinning-the-move-from-prevention-to-resilience-24-638.jpg?cb=1435623380

Australia urgently needs to have an open and public debate on its military, security, and civil needs in cyberspace.

As Australia prepares to release its next White Paper on defense policy, expert eyes are waiting to see whether it will match the declaration by Malcolm Turnbull, the country’s new prime minister, that his government is one fit for the 21st century. 
The need for 21st century innovation in the defense portfolio is urgent, as a number of submissions to the 2015 White Paper through this year argued, not least those from specialists with direct experience in Australia’s intelligence and security services or its armed forces. One of these submissions, by the author, was revised and published under the title “Australia’s Digital Skills for War and Peace” in an Australian peer-reviewed journal in December 2014.

As part of its case, the article developed arguments and data provided by others, including the Australian Computer Society (ACS), that our universities were doing badly in educating Australians for the cyber age. Between 1999 and 2013, statistics of the Australian Department of Education show that our annual corpus of new domestic student graduates in information technology (IT) fell by 46 percent, though there was an upturn in 2012 and 2013. (This reference to IT graduates does not include electrical engineers, which saw an increase.)

According to the ACS, we were able to compensate for the sharp decline in IT graduates in part by temporary ICT migrants to Australia, which in 2009-10 numbered 8,530 – double the number of our own IT graduates for that year (ACS 2011: 27-28). (Data for later years does not allow a similarly granular comparison.)

In terms of student satisfaction with our IT tertiary offerings, Education Department data for 2005 to 2012, the latest available as of December 2014, showed that the completion rate for students enrolled in information technology over the period was only 61 percent, significantly lower than for any other of the ten general categories of study.
The article argued that any country “cannot hope to have cyber talents for war if it does not develop them in peacetime and if it does not have a strategy for transitioning these skills from the civil economy to military uses when emergencies dictate.” It also highlighted what it called a “virtuous circle of innovation” ─ the fact that “enhanced development of military cyber skills and strategies has flow-on effects to civil economy.”

The picture of weakness in our university-based IT education is matched in university-based research. While there are pockets of expertise and excellence in research, a review of research performance show high performance only in selected aspects of IT.

The results of the 2012 Excellence in Research analysis for the discipline of Information and Computing Sciences by the Australian Research Council reported out of 41 eligible universities, only two — the Australian National University (ANU) and the University of Melbourne) — were graded at 5 (on a sliding scale of 1-5) in the overall field. This is given a two-digit code (08) for the field of research (FOR). Only three other universities — Adelaide, the University of New South Wales (UNSW), and Queensland — received a ranking of 5 in any single four-digit sub-codes.

More concerning is the fact no single university received more than one 5 in any of the eight possible sub-codes. Even more worrying is the fact that out of a hypothetically possible 328 sub-code assessments (41 universities x 8 sub-codes), over 230 (or 70 percent) were “not assessed.” It seems that Australia is not even researching the bulk of the field of information technology!

In the same 2012 report, the situation Australia-wide in the Mathematic Sciences, another core discipline for cyber security, was even worse, though ANU, UNSW, and the University of Queensland scored comparatively well, and Monash and the University of Western Australia figured more prominently than in Information and Computing Sciences.
There is a direct link between the weak research position of the bulk of our universities and the collapse of undergraduate education in information technology (IT) in Australia.

Australia also has a weak information technology (IT) industry base, notwithstanding clear internationally competitive achievements, such as contributions to some key aspects of WiFi technology. We need to attract more venture capitalists, regardless of nationality, and get their money into university-based and industry-based R&D for IT.
Weaknesses in Australia’s cybersecurity situation in the civil sector (vulnerabilities everywhere) are not unique to Australia, but our inability to provide the skills base we need to overcome them, and a lack of industrial options to address them, must translate into great military dangers for the country.

There is recognition in the government and the university sector of the need for urgent reform. This has been evident through a government consultation on cyber security led by the Department of Prime Minister and Cabinet, the results of which are expected soon. The private sector is mobilizing in this sub-field as well and bringing new funds to the university sector. In the past two years, new centers for cybersecurity have been set up in several Australian universities.
So far, the leading university in the field of cybersecurity broadly defined (including cyber war) is probably the University of New South Wales, which set up its cybersecurity center in 2014. Among similar centers in Australian universities, it has the broadest remit and largest cohort of associated scholars (some 53). It should be noted that UNSW showed scores (all 3 or above) in more of the eight sub-fields (the sub-codes) of IT mentioned above than any other university.

One important feature of the Australian Center for Cyber Security (ACCS) at UNSW Canberra is its location at the Australian Defense Force Academy, the main officer cadet tertiary education facility in the country.

ACCS was tasked by UNSW Canberra with setting up in 2015 the first course in cybersecurity compulsory for all undergraduates in any Australian university. In 2016, ACCS and its partner schools (Humanities and Social Sciences and Engineering and IT) will deliver the first course in any Australian university in cyber war and diplomacy. The course has few peers in universities in the English speaking world.

In November 2015, ACCS will partner with the country’s Defense Science and Technology Group in the Department of Defense in a one-day conference that will take a critical, if informal or unofficial look, at the country’s R&D priorities for national cybersecurity.

There are many departure points for this conference. On the one hand, there are developing capabilities in countries like the United States, China, Russia, and Japan. Australia therefore needs its own sovereign capabilities. On the other hand, there is the important consideration that cybersecurity is bigger than each of us, either at the national level of the international level.

Just where a country like Australia needs to position itself in this highly dynamic and complex environment (the “infosphere”) is something that only the collective wisdom of the country’s best minds can answer, working in partnership. We need first of all an open and public debate on our military, security, and civil needs in cyberspace and how well our emerging capabilities match those needs. We would have to admit, as so many specialists have argued, that we are badly lagging.
The Diplomat:  http://bit.ly/1RDIWJa

 

 

« EU Rules Bitcoin Exchange Is Now Tax-Free
Can Russian Submarines Cut Off the Internet? »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Fortinet

Fortinet

Fortinet is a provider of network security systems. Our products provide protection against dynamic security threats while simplifying the IT security infrastructure.

CloudCodes Software

CloudCodes Software

CloudCodes is a cloud security solutions provider focused on providing cloud security solutions to enterprise customers.

ManagedMethods

ManagedMethods

ManageMethods Cloud Access Monitor is the only Cloud Access Security Broker (CASB) that can be deployed in minutes, with no special training, and with no impact on users or networks.

ThreatBook

ThreatBook

ThreatBook is dedicated to providing real-time, accurate and actionable threat intelligence to block, detect and prevent attacks.

Cyber Defense Labs

Cyber Defense Labs

Cyber Defense Labs helps companies identify, mitigate and reduce risk as a trusted, reliable partner for cyber risk management.

TrainACE

TrainACE

TrainACE, is a professional computer training school offering courses in information technology with a focus on Advanced Security training.

Excellium Services

Excellium Services

Excellium’s Professional Services team combines expertise and experience that complements your in-house security resources.

6point6

6point6

6point6 is a technology consultancy with strong expertise in digital transformation, emerging technology and cyber security.

2Keys

2Keys

2Keys designs, deploys and operates Digital Identity Platforms and Cyber Security Platforms through Managed Service and Professional Service engagements.

Quantum Xchange

Quantum Xchange

As the provider of unbreakable quantum-safe encryption, Quantum Xchange gives commercial enterprises and government agencies the ultimate defense to keep high-value data safe.

Futurae Technologies

Futurae Technologies

Futurae - enabling trust and invisible security for your users on all devices and applications. Strong customer authentication (SCA) made easy.

xorlab

xorlab

xorlab is a Swiss cybersecurity company providing specialized, machine-intelligent defense against highly engineered, sophisticated and targeted email attacks.

CyberX9

CyberX9

CyberX9 helps you protect against a wide range of cyber attacks whether you are a business or a high-net worth individual under risk.

PROW Information Technology

PROW Information Technology

PROW is at the forefront of the technology and digital revolution with a focus and mastery in the cybersecurity, information security and data management realms.

Kralos

Kralos

Kralos are an experienced team of Software and IT experts, specialized in the development of innovative cybersecurity solutions.

Averlon

Averlon

Averlon offers organizations peerless cloud security through Panoptic Cloud Visibility, Predictive Attack Intelligence and Rapid Remediation.