lolloj - Fotolia
Australia’s 2016 Defence Whitepaper said the IT environment will be shaped by “complex non-geographic threats” over the next 20 years, but provides scant clues as to how it will address those threats.
The long-awaited paper – which commits to raising defence spending to $A42.4bn by 2021, or 2% of projected GDP – acknowledges the threat of computer-based attack, both on industry and directly on the defence force.
The Australian Signals Directorate (ASD) identified more than 1,200 cyber security incidents in 2015. While some were against defence industries, there were also attacks launched against banking and finance, communications and transport organisations.
It said a “more capable, agile and potent high technology force” is needed. The report does not elaborate in detail, but does outline the need to strengthen intelligence, surveillance, reconnaissance, space, electronic warfare and cyber capabilities.
Prime minister Malcolm Turnbull committed to “a very substantial increased investment in cyber capability”, which he described as a rapidly developing and dynamic area.
“We face adversaries that are both state-sponsored and not, as well as individuals, organisations and terrorist groups. It’s an area where you need to have the smartest people that you can employ using the latest technologies.” The whitepaper indicates that A$300m to A$400m will be spent in this area over the next decade.
However, the University of New South Wales Canberra-led Australian Centre for Cyber Security (ACCS) was unimpressed. It said the whitepaper failed to lay out any strategic approach to cyber-enabled warfare; did not address the cyber skills deficit in Australia; and did not provide guidance regarding how the nation might respond to sustained cyber attack.
Read more about cyber security in Australia
- Australia might be ranked low for its computer security preparedness, but there is enough innovation in the country to point to a more secure future.
- The relaxed attitude to IT security in Australia is holding back much-needed investment in security technology.
- The costs associated with a security breach can mount up and it is difficult to put a number on it, but organisations are increasingly trying to do this as attacks increase.
- Canberra is strengthening its cyber security response, but there is conflicting evidence about where the main threat is coming from.
ACCS director Jill Slay lamented the lack of focus on the “cyber warriors” Australia would need in the future.
A second cyber security academic at the centre, Greg Austin, said it was likely future cyber attacks would not just target defence, but civil infrastructure and civilians as well.
“The biggest gap in the government’s latest defence policy, in respect to cyber space, is its failure to spell out a transition to the sort of civil-military planning we need for resilience of our information systems in the civilian sector in war-time, apart from some references to telecommunications supporting military operations,” he said.
Besides acknowledging the cyber security challenge, the whitepaper reinforced the need for an overhaul of defence IT systems. It said there has been a serious underinvestment in defence IT in the past decade, leaving the organisation battling outdated and obsolete systems. It also noted the “serious degradation across the information and communications capabilities of defence”.
The defence department, which has been given an additional A$5bn to improve its IT platforms over the next decade, has been instructed to work with the recently formed Digital Transformation Office to ensure best practice is adopted as it rolls out overdue upgrades.
The transformation programme is underway with a desktop refresh and consolidation of 280 datacentres to 11 in Australia and three overseas.
Among those will be a biometric-based identity management and verification system for operational use based on the defence department’s experience in the Middle East and Afghanistan.