The last month or so has seen unprecedented levels of focus and interest in Australia’s approach to cyber security and the trust we place in data, digital infrastructures and interconnected value and supply chains. Sustaining that is critical to national security, explain Michelle Price, CEO of AustCyber, and Alex Scandurra, CEO of Stone & Chalk.
In the week that Prime Minister Scott Morrison sounded the alarm on Australia continuing to be a target for malicious cyber activity, one of the success stories of Australia’s local cyber security industry, Kasada, announced two major milestones.
The first was its Series B capital raise, led by US firm Ten Eleven Ventures and included existing investors Main Sequence, Westpac’s Reinventure and importantly, the CIA-backed venture firm In-Q-Tel. The second announcement was the appointment of former prime minister Malcolm Turnbull to its board, who also participated in the round.
These are big achievements for an Australian company in an industry traditionally dominated by global players. It’s all the more remarkable for the fact that Kasada has achieved this success not because of Australia’s maturity around cyber security, innovation or technology start-ups, but in spite of it.
This is true also of the investment environment, where cyber security is one of select few industries bucking the otherwise downward trend following the economic hibernation caused by the COVID-19 pandemic.
There have recently been a number of announcements from Australian governments following the uptick in attacks since the start of the pandemic. None more so than the significant joint announcement made by Prime Minister Scott Morrison, Minister for Home Affairs Peter Dutton, and Minister for Defence Linda Reynolds for $1.35 billion in funding for the Australian Signals Directorate and related functions to improve the federal government’s cyber armoury.
The NSW government has devoted a record $240 million to shore up the state’s cyber security and integrated this into a $1.6 billion investment in digital infrastructure for government and community services.
To support this investment, Minister for Customer Service Victor Dominello has established a cyber security standards task force of key industry players being led by the minister, AustCyber and Standards Australia to reduce duplication, harmonise internationally and guide the implementation of improved cyber security practices across various sectors in the state.
It is taking the technical standards offered by the Australian government through the Australian Cyber Security Centre, together with the plethora of other standards and guidance created from local and offshore sources, and deliver the ways for businesses to apply the right standards in the right context with flexibility to adjust over time as maturity improves.
This is one of the missing links to push back against cyber attacks – businesses knowing how to engage in the practice of cyber security.
Further, it provides the sound baseline for improved procurement decisions for the cyber-physical world we now play in – and is one of the key ingredients for the NSW government’s efforts to demonstrate it is taking the role of sovereign capability in the digital domain seriously.
With the equal benefit of jobs creation through innovative products and services that will, over time, improve productivity and competitiveness of the state’s economy. Its recent announcement of a five-year whole of government sovereign cloud provision deal with Vault Cloud and Canberra Data Centres puts further weight behind its intentions.
Other Australian governments are also playing their part. While not with the same levels of funding inputs, their contributions are still important – having collaboration and testing facilities accessible by industry and academia, like those in the Adelaide-based Australian Cyber Collaboration Centre within Lot14, opening this month with the backing of South Australia’s Premier, are key infrastructures for a sector that can only grow in its importance.
Most state and territory governments, together with several councils, also have partnerships with AustCyber through its national network of Cyber Security Innovation Nodes to support a sustained pipeline of globally competitive, sovereign cyber capabilities suited to the needs of all sectors of the economy.
All of this activity is welcome - it’s good news for a complex area of national, economic and social security that is frankly too seldom part of the national discussion.
The Prime Minister took a big step in sharing publicly what many have known for a long time, that a particular nation-state has been systematically attacking Australian businesses, government bodies and Australian individuals. But what is our next move to make good on what is a trillion-dollar opportunity?
The sustained benefits for our economy, and therefore for Australians, differs greatly whether the spending mainly goes to overseas companies or is in part used to help grow Australia’s local technology talent. At present, Australia still imports the majority of its cyber technologies – it is not a level playing field, noting malicious cyber actors won’t ever play a fair game.
Australia’s growing cyber security industry, comprised not only of globally competitive, sovereign companies generating highly innovative technologies and services but also the right mix of foreign companies that complement local research and innovation efforts, can and is delivering on the needs of governments to defend and protect.
The Prime Minister has an opportunity to draw the connections between the role of sovereignty and trusted partnerships in cyber space, economic security and trusted digital transformation through the Australian government’s next cyber security strategy, due for release in the coming months.
The government can take deliberate steps to take on a similar approach to NSW and be a customer of the country’s own industry – and unlike the states and territories, take an integrated approach to sovereignty needs in supply and value chains.
It can do this by ensuring alignment and embedding of sovereign cyber capabilities across all areas of government investment in R&D, technological advancement and skilling. Especially in areas of critical growth and reliance such as defence industry, where the knowledge infrastructure is already being evolved through the Defence innovation programs.
It would also send a strong signal to large Australian corporates they ought to be doing the same, not because it is the right thing to do. It is the most effective means to deepen trust in technologies as well as the value chains that drive outcomes focused commercial coalitions and partnerships around cyber capability development and deployment.
Further, Australia’s competitive advantages globally wold improve, whilst also helping to underwrite the success of trusted digital transformation that is starting to occur as part of the COVID-19 pandemic recovery. Further, it would support a deepening of social resilience to increasingly complex cyber-physical challenges we all now face such as disinformation and malicious interference of online information.
The benefits of this approach are potentially enormous. A sovereign industrial capability should bring industrial benefits as well as those conferred by sovereignty. The digital transformation across the economy catalysed by the pandemic is going to create more points of exposure to potential attacks for all organisations.
Expanding a sovereign capability in cyber security will produce job creation and economic growth as this transformation continues over the coming months and years in the financial services, retail, logistics and services sectors.
Past arguments of reciprocal agreements regarding government procurement with other countries no longer hold true. Many countries including the UK and the US have for many years had mandatory minimum requirements on government procurement from local businesses, whether generally or in key areas of strategic importance.
If the US intelligence apparatus can become customers of and investors in Australian companies like Kasada, there is no reason that Australia’s own government agencies and larger businesses cannot support the development of local cyber security and other emerging technology providers at a much earlier stage in their journey.
Government procurement of local capability is of course happening, but it hasn’t been without the tireless efforts of AustCyber and others to encourage our own governments to understand what is on offer and why the start-ups and scale-ups of today are a far cry in sophistication and global competitiveness from their distant relatives of the past.
There are many capable and successful Australian cyber security start-ups and scale-ups with the potential to be the next Kasada. AustCyber has a portfolio of over 300 companies with more than a third in scale-up phase and more than half having commenced business since AustCyber was established in January 2017. Several accelerators, including Stone & Chalk, are now home to a number of Australian cyber security companies and increasingly the companies taking steps into other areas of emerging (and convergent) technology like quantum and artificial intelligence.
Australia has the maturing industry, the pipeline of entrepreneurial talent and the world renown ability to solve problems. We have also invested in globally recognised methods to incubate deep technology, through the likes of Defence Science and Technology Group and Cicada Innovations, as well as accelerate commercialisation and market access through catalysers like Stone & Chalk and Industry Growth Centres.
Now is the time.
The national cabinet should develop procurement guidelines that account for the geostrategic dynamics of cyber space, for both state and federal governments, perhaps looking to governments such as NSW and South Australia who are doing good things in this regard. This will sustain the development of local intellectual property to embed sovereign industrial capability around cyber security and assure the trustworthiness of many other nationally significant emerging industries and technologies.
It is worth noting here, that through the delivery of its national programs across sectors of the Australian economy, AustCyber has been able to calculate that for every dollar spent in a government procurement process on a local cyber security company, the return to the economy is at least $4.70 in direct revenue and a further $5.00 in indirect or spill over benefits, including from jobs creation.
The likes of Atlassian, Canva, Freelancer, Airwallex, Afterpay, Judo Bank, Nuix and many others are evidence that Australia is already incredibly successful in designing, developing and exporting software-based technologies.
In the same vein, the national cabinet and National COVID-19 Coordination Commission Advisory Board would do well to observe the impressive contributions of Bugcrowd, Cloud Conformity, Kasada, Penten (well known to Defence Connect readers), Prophecy International, QuintessenceLabs, Secure Code Warrior, Senetas, ThreatMetrix and UpGuard who all prove we have weight in global cyber security standings.
Government cannot do it alone. Industry and researchers cannot do it alone. The community certainly cannot do it alone. Partnership and trusted collaboration are how we step up – and sustain the continued need to adjust, pivot, duck, weave and grow in the face of such widespread adversarial behaviour online.
Now, as our nation faces a once-in-a-lifetime economic crisis, we must harness the intellectual force Australia has to deliver globally compelling capability for both resilience and recovery, as well as to help include as many Australians as possible transition towards the economy of the fourth industrial age.
Our leaders have been united by a crisis. They face a changed future and an ever-changing present. They can seize the opportunity to build a vital sovereign capability that will both secure our essential infrastructure and power our economic recovery. The philosophical, strategic and therefore policy choices they make in this regard will affect us for generations to come. It’s time to be bold.
Michelle Price, CEO of AustCyber, leads Australia’s efforts to create a globally competitive cyber security industry for Australia. She was instrumental to the delivery of the nation’s 2016 Cyber Security Strategy, has worked across policy areas in national security and developed her risk management acumen across several private sectors. Price has featured on an episode of Defence Connect’s podcast and was a judge of the Defence Connect Australian Defence Industry Awards 2019.
Alex Scandurra, CEO of Stone & Chalk, has served in the armed forces and led digital transformation efforts in a major financial services company. He has seen both sides of the security capability equation and is applying this experience to the evolution of Stone & Chalk’s focus from supporting the growth of Australian fintech to supporting all emerging technologies for national benefit. Scandurra is a leading voice in Australia’s advancement of commercialisation, attracting investment in start-ups and scale-ups and driving deeper collaboration within the Indo-Pacific region.