The Australian government has responded to the growing threat posed by cyber attack with a major co-ordinated response. Leading Australia’s cyber effort is AustCyber, designed to combine the best and brightest from across industry, government and academia to ensure Australia remains at the forefront of cyber capabilities.
While much has been made of the Commonwealth government's focus on its root and branch approach to enhancing Australia's defence capability and defence industrial base, the rising threat of cyber actors, both traditional state and non-state, asymmetric actors, has emerged as one of the critical areas of focus for the Australian government and the national security apparatus, ranging from the ADF through to intelligence agencies.
In response, the government has sought to spread the attention and focus on enhancing the nation's cyber resilience and capacity to respond to cyber attacks, particularly following a series of high-profile attacks against Parliament House in particular prompted the creation of AustCyber to combine the leading-edge research and development capabilities of Australia's academic institutions, private industry and government to respond to the rising cyber security challenges.
Established in 2017 as part of the Australian government's National Innovation and Science Agenda and the Industry Growth Centres Initiative, AustCyber serves as one of six centres that been established to leverage Australia's competitive strengths, with a focus on critical strategic priorities to boost the furtherance of innovation and science in Australia.
AustCyber is guided by five strategic themes, each with a focus on developing a vibrant and globally competitive Australian cyber security sector. In doing so we will enhance Australia’s future economic growth in a digitally enabled global economy, including:
- Demonstrate leadership and coherence;
- Drive industry collaboration and co-ordination;
- Accelerate commercialisation;
- Facilitate talent growth; and
- Pursue policy advocacy and reform.
Recognising this, AustCyber seeks to build important relationships both locally and internationally, with key relationships and partnerships developed to support the commercialisation and export of Australian solutions to help establish Australia's cyber security sector to tap into global hubs located within cyber security ‘hot spots’ around the world.
Defence Connect recently spoke with Michelle Price, CEO of AustCyber, to take a closer look at the organisation and the value add it brings to Australia's national security equation.
A core focus of AustCyber is supporting the development of Australia's local cyber security industry and its respective capabilities, how does it support such developments?
AustCyber is one of the Australian government's six industry growth centres. And we focus obviously on the growth sector that is cyber. The other five are not cyber-related, although we help them out with cyber; industry growth centres being federally funded, we are actually private entities.
So, we're limited by guarantee under the Corporations Act, but we also operate as non-profits. What that actually means in practice for those that are not familiar with the Corporations Act, by being federally funded, but a private sector entity, we operate in that lovely space that sits between government and the private sectors, including academia, which means that we can act with full independence.
The government can't tell us how to do what we do. But, they certainly can share with us how they think our mission should be shaped for the future.
We see it as a great partnership with both government as well as industry and academia and that's not just in Australia. Of course our focus is largely on Australia, to grow Australian sovereign cyber security capability, but also to export that to the world. So, we do a lot overseas as well as at home.
How does AustCyber define cyber resilience? What does it mean for Australia?
It's the broadest you can imagine, and that's deliberate because of course context in cyber is everything. It's a bit like the battlefield, you know, well versed with the matters of defence. I've worked in it, I'm married to it and I think that the defence context is one that's very complex.
It's just as complex for financial services as it is for mining as it is for retail as it is for insurance as it is for any of the other sectors that we find in the economy, and the context in each of those sub-sectors as we work through the different parts of the economy and how they interrelate with each other has impact for cyber security and cyber resilience.
For me, it's what matters for you and your organisation as you find yourself in a world that is very, very complex, interdependent, and increasingly challenging, but challenging I think in a positive way.
When we think about cyber security as an enabler that sits at the very horizontal level of the entire economy, we can certainly argue that cyber resilience and cyber security isn't needed in every part of kinetic life. So, not necessarily the horizontal for society, but it absolutely is for our economy. And Defence and defence industry is absolutely one of those more prominent and visual kind of elements to the Australian fabric, what we assign ourselves as the sort of the mateship, as Joe Hockey has labelled it, for the Americans with the airlines.
This is a really visible part of who Australians are and all of the different jobs and innovation that go on around Defence and defence industry. The context for cyber in each of those areas of the sectors for Defence are just as contextual as anywhere else.
Cyber security, I think we're all pretty familiar with the protection element of it, and certainly there's two aspects to cyber security. It's both the defensive mission as well as the offensive mission, and Defence knows that best really out of anyone.
Cyber resilience is actually about the functions that we use traditionally applied to business continuity, if you like. So, it's how we respond when an incident or an attack occurs. And we know in cyber space that it's a matter of not if, it's when you're going to be breached or compromised. Then that resilience piece comes into it when we think about how we would respond and recover.