Brislen on Tech: silent Cybersecurity war heats up
Late last month the Australian prime minister stood up and declared that Australia was under attack by other nations.
He wasn't speaking metaphorically but rather than tanks and ships, these attackers were using cyber-warfare to undermine Australia's political, financial, corporate and social fabric.
Although the PM didn't name the attacking country Australia's relations with China have drifted somewhat in recent years as Australia adopts a more belligerent tone, following the US lead on relations with the Communist nation.
Australia is going to spend an additional A$1.3 billion over the next three or four years to ramp up the country's defences, and in order to do so it will hire 500 new cyber-spies to join the Australian Signals Directorate (ASD) the government agency dedicated to electronic intelligence gathering.
The ASD is very similar in set-up to New Zealand's own Government Communications Security Bureau (GCSB) but has one major difference. The ASD explicitly targets foreign intelligence for collection. The organisation's motto (yes, it has a motto) is, "Reveal their secrets, protect our own".
For all its odd phrasing and the use of 'reveal' instead of perhaps 'uncover', the aim of the ASD is to go out and engage with the enemy.
"We collect foreign intelligence; we provide advice and assistance on information and cyber security; and we conduct offensive cyber operations."
That last part - the conducting of offensive cyber operations - puts the ASD in a different light to our own agency.
The Australian government also set up a "Cyber Security Strategy Industry Advisory Panel" to review Australia's capability and make a series of recommendations that will, in part, be filled by the A$1.3 billion budget and sets up the government's 2020 Cyber Security Strategy which will be released in the coming weeks.
Two things spring to mind when reading the report - Australia is well ahead of New Zealand in terms of its level of response to these issues and, secondly, if we're not careful Australia will hire as many cyber-security people as New Zealand can churn out making life very difficult for government and corporate CIOs alike on this side of the ditch.
Australia is already training cyber-security experts at degree level in a number of universities, offering a dedicated educational pathway that New Zealand simply doesn't have at this stage. Sure, we have Unitec's undergrad diploma in cybersecurity - a fine start - but that's it. Everyone else is working off a general tech background.
And sure, I'll be the first to say you don't need a degree to be able to do some of these jobs and yes, absolutely IT is changing rapidly, none more so than the security end of town, but the ability to offer a tertiary degree suggests there are lecturers, a critical mass of students and enough interest in the sector to warrant creating course materials and getting stuck in.
The second problem is how to fill those 500 roles quickly - and training newbies is going to take time. Better to hire a bunch of existing cybersecurity techs and put them to work.
That's where the offensive capability piece really comes into play - who wouldn't want to go work for the spy agency that is attacking the bad guys instead of just trying to fend them off? Surely that's a huge drawcard for cybersecurity folk both in Australia and here in New Zealand.
COVID has, of course, put international travel on hold for many and certainly Australia doesn't appear to be faring terribly well at the moment, but this will pass and those roles will still be soaking up talent, so it's time for New Zealand to act.
While I'm not suggesting we build our own offensive capability it does seem timely that we step up our engagement with cybersecurity as a discipline.
Part one of that is to realise that cybersecurity, and indeed the rest of the ICT sector, are valuable and viable employment paths for new recruits. Forget accounting, forget management, if you've got a head for numbers and an interest in the world outside the cubicle in an industry that is growing globally and offers rewards and entertainment then cybersecurity has to be up there in the top five opportunities.
You'll just have to convince your mum and dad that it's a real thing and not just a Hollywood fantasy.
Then we need more focus on this area at tertiary level. But of course, we could say the same (and we do) about a number of other IT related areas, including computer game development and plenty more besides. Yet sadly there doesn't seem to be enough interest from our universities to deliver and our current government doesn't fully grasp the opportunity and thinks IT is best relegated to those who can't study for a proper career.
Then we need to get the next wave of kids coming out to opt for this path over some of the others. That shouldn't be too hard but internships, scholarships and having clear role models will surely help with that. That's up to us in the industry to provide.
Finally we need to upweight our focus on cybersecurity as an essential part of corporate and government life. We absolutely need CSOs and associated teams in all our major companies, and we need them immediately. This should be a huge area of focus for every company that deals with intellectual property, with personal information, every company that has customers and suppliers and every organisation that collects data.
The ICT sector needs a strategy to drive this behaviour because it needs a cross-sector approach to ensure we can compete on the international stage and compete we must - because it's not just Australia that's getting its digital defences probed by the bad guys: it's all of us.
You must be logged in in order to post comments. Log In