Managing information security risk and compliance to compete for AUKUS business

While AUKUS will improve Australia’s Indo-Pacific capabilities, it also introduces new security regulations and cybersecurity challenges for Defence and the supply chain.

While AUKUS will improve Australia’s Indo-Pacific capabilities, it also introduces new security regulations and cybersecurity challenges for Defence and the supply chain.

In the past few weeks, AUKUS has gained a lot of attention. The trilateral security partnership between Australia, the United Kingdom, and the United States has been in place since 2021. However, last month AUKUS partners announced an optimal pathway for Australia to acquire a conventionally armed, nuclear-powered submarine capability. 

While this is good news for Australia’s Indo-Pacific capabilities and defence suppliers looking to win resulting contracts, it also introduces new cybersecurity challenges and regulations. Tony Howell, archTIS Chief Architect offers guidance on what this means for Australian Defence and the supply chain and solutions to assist in this Q&A.

Some experts have claimed Australia’s cyber security is not as robust as the other countries in the trilateral security dialogue. Will this potentially deter UK or US defence companies from wanting to share defence tech in Australia? 

The AUKUS partnership is intended to promote deeper information sharing and technology sharing so security, in particular data protection, is paramount to the success of the initiative. 

Improving our security posture is critical. Without effective, trustworthy capabilities to share regulated and sensitive information, the confidence for UK and US companies to share Defence tech in Australia is greatly compromised. 

archTIS has been working across a number of areas of Defence and with key Defence Industry players to address these information security challenges through modern security frameworks and technologies that focus on data-centric capabilities. 


With even more state-of-the-art defence technology, including nuclear technology, housed in Australia, do we expect that Australian defence businesses will face an increase in cyber threats?

Without a doubt cyber threats will continue to grow and evolve. We are probably looking at an order-of-magnitude increase in offensive cyber activity directed at Defence and the defence industry.

As we introduce a nuclear dimension to Australia’s Defence capabilities (weapons or powered) it is guaranteed to attract the attention of bad actors for many different reasons. Defence, defence suppliers and researchers will be in the crosshairs of new foreign state actors, individuals perpetrating corporate espionage and even those who oppose nuclear capability.


What are the biggest AUKUS challenges from a cybersecurity perspective? 

From my perspective the biggest cybersecurity challenges are:

  1. The capacity between the AUKUS partner nations to enable secure, rapid and effective information sharing.
  2. Traditional Cyber Security frameworks only go so far. We need to adopt a new framework designed to effectively enable secure information exchange.
  3. An effective compliance regime to manage the exchange of information is required. U.S. International Traffic in Arms Regulations (ITAR) and other export control frameworks are only part of the problem. Other types of information sharing that need to be addressed include IP, commercial sensitivity, sovereign interests, international obligations, and non-traditional export controlled material.
  4. The utility of data holdings also poses a challenge. There is no value if the data isn't discoverable, available and usable for the purpose it was shared. This extends to the context in which it will be used (e.g., at a shipyard by builders, in Defence for design or for compliance purposes).


How does archTIS help address these security challenges?

archTIS specializes in developing military-grade information security software. What sets archTIS products apart is our technology foundation based on Attribute Based Access Control (ABAC). 

ABAC is a data-centric security model that uses dynamic policies to control who accesses information and under what conditions/context. With ABAC, access and protection policies can be based on any combination of user, environment, and data attributes. This ensures only the right people can access the right information at the right time in accordance with security and compliance guidelines.

Whether you need to store classified information or help with securing sensitive files within your Microsoft applications, archTIS products enable fine-grain zero trust access and data security out of the box.


Kojensi is designed to assist organisations in rapidly meeting complex requirements for sensitive information handling and sharing, including up to TOP SECRET compartmented information. Information custodians can set up secure workspaces and ITAR compartments to share and collaborate on export controlled information, knowing only authorized users will have access to the information with Kojensi’s built-in ITAR compliant dissemination controls. Defense Industry organizations consume the SaaS platform as they need, without the substantial costs of implementing new on-premises secured ICT infrastructure. It is also available as an on-premises offering. 

NC Protect assists in safeguarding information stored and sharing using Microsoft applications including Microsoft 365, SharePoint Server, and file shares. NC Protect does not interfere with how Microsoft products work, instead it enhances native security with dynamic ABAC policies and unique security trimmings. Importantly, it manages controlled unclassified information (CUI) tagging and document labelling, a mandated capability for ITAR and other U.S. Defence requirements that cannot be met using Microsoft products alone. 


Do you expect that AUKUS will change ITAR requirements? How is archTIS ready to respond?

It has already been alluded to in AUKUS announcements, the utility of ITAR to meet expectations around effective management of this alliance will be examined.

AUKUS is creating brand new challenges around the use of nuclear technology, whereby a nuclear state is supplying specific types of nuclear capabilities to a non-nuclear state. I am sure this will generate a number of new compliance obligations and safeguards to meet these needs.

archTIS stands ready to help the Defence industry address current and future requirements. With a technology foundation built on dynamic and flexible ABAC policies, we can support rapidly changing requirements to manage compliance and mitigate information security risks as AUKUS regulations evolve. 

Listen to the complete interview with Tony Howell and host Liam Garman on the Defence Connect Spotlight podcast here


You need to be a member to post comments. Become a member for free today!