Greg Moriarty: contractor vulnerabilities need more than just cyber security arrangements, export controls


Secretary for Defence Greg Moriarty at a defence industry . Source: Department of Defence.

After a string of Defence industry data breaches, senior public servant Greg Moriarty has opened up about government’s current thinking on the vulnerabilities to Australia’s security interests posed by growing local Defence industry.

Existing export controls outdated

More than any other issue raised by Defence industry lobbyists, export restrictions is the one they raise first and most frequently. Thursday, in front of hundreds of Defence industry partners, the department’s top official said he agreed with them.

The Department of Defence secretary, opening the Defence and Industry conference, said the existing legislation was “really designed for a previous era where were were looking at making sure that technologies, which might contribute to weapons of mass destruction programs, weren’t being made available to [buyers] that were a risk.”

The technology has changed so much, Moriarty noted, and the next step is to update government’s thinking to deal with more contemporary threats.

“Government does have a strong expectation that we will work together to protect the sensitive technologies that Australian industry is developing,” Moriarty said. “And in a rapidly changing threat environment, we’re also conscious that the time it takes for new technologies to be weaponized is reduced.”

SME assets are significant, need more than just a cyber plan

That previous-era approach was heavily focused on the larger suppliers, with the greater resources at their disposal, but not so much about the resources and capability of SMEs to operate in these security controls.

“We used to think much more about industrial-scale Defence industrial proliferation concerns. Were now also conscious that small startups and emerging technologies also represent very significant assets to Australia that we need to think very seriously about the security wraparound in the envelope for those.”

“Ministers are thinking about how we how we in Defence can better help industry work to protect the technology produced by Australian industry.

“Security is much more than just talking about the cyber security arrangements. They are critical, but there are a range of security threats that we face in this country. They are changing and evolving. In Australia, Defence industry has to be increasingly conscious of its vulnerabilities and what it needs to do to protect itself for commercial reasons, as much as national security reasons.”

Contractors named in breaches in the last couple of years have included French contractor DCNS, US contractor Booz Allen Hamilton and Australian prime defence contractor and shipbuilder Austal.

Delicate balance of stakeholders

The government is consulting with industry about getting the balance right between protection national interests and industry’s commercial interests. Consultation sessions have been held in Adelaide, Darwin with more to come in Brisbane and Perth in September and October, respectively.

Last year, Defence faced a backlash from Australian universities after the department proposed expanding its ability to control technologies beyond the current Defence and Strategic Goods List. Moriarty explained the rationale during a Senate estimates hearing in October saying: “We are certainly not seeking a role for the department in an intrusive, across-the-board, deeply inappropriate involvement in the work of universities and researchers. But there are some areas where we are concerned about the possibility of those technologies being used or not being harnessed effectively for the capability edge of the Australian Defence Force.”

READ MORE: Greg Moriarty: collaboration is the key to reform a ‘change-resistant bureaucracy’

About the author
Premium

The essential resource for effective public sector leaders

Special offer on now: Subscribe for a year to Mandarin Premium, get two outstanding books free.

Get Premium Today