Government procurement processes could improve the cyber security of supply chains through a combination of regulation and encouragement, according to Australian Strategic Policy Institute fellow Rajiv Shah.
ASPI on Tuesday launched the International Cyber Policy Centre’s latest report on leveraging government procurement to improve cybersecurity and supply chains.
Authored by Shah, the report argued that the federal government needed a less fragmented, more strategic approach to information and communications technology (ICT) procurement to uplift cyber security across the economy.
Using improved frameworks to measure security, and providing incentives for suppliers to propose more cyber secure solutions could improve cybersecurity as well as boost sovereign capability and industry, the report found.
Speaking at the launch, industry minister Karen Andrews said procurement could be an economic lever for government to support efforts to grow the Australian cyber security business.
“My view is that we should be using all our levers to build Australian capability and bolster supply chains. I’m particularly interested in building our sovereign capability and am pleased to see the report encourages this as a priority for the cyber security sector,” she said.
“Growing, supporting and maturing Australia’s sovereign cyber security is now more critical than ever, as the digital threat landscape accelerates and business, government and the community need to be increasingly on their guard to protect themselves from malicious activities.”
On developing sovereign capability, Andrews argued it was important for the government to help develop Australian capability in a number of key areas for immediate needs, and to “feed into global supply chains”.
“We have done a considerable amount of work to look at what our sovereign needs are, and I think it’s fair to say that people get really quite anxious when I talk about sovereign needs because they see that as protectionism,” she said.
“I’m not talking protectionism at all, I’m saying very clearly that Australia needs to be looking after its own needs. We won’t be able to deliver everything that we want, we will need global supply chains. For that we’ll need to continue to be a strong export nation, but in terms of our sovereign needs I’d reframe that as sovereign resilience because that doesn’t seem to alarm so many people when I talk about sovereign resilience.”
She said the government needed input from industry to better understand what those sovereign needs are — particularly from a cyber security perspective — that can be built into a “resilience program”. Industry could also give advice to the government on the key areas for helping businesses protect themselves against malicious activity, Andrews added.
Shah noted government procurement processes could improve the cyber security of supply chains through regulation, but also by encouraging people to invest in better cyber security by providing them with an incentive.
Adding to the latter point, Macquarie Government’s Aidan Tudehope argued that the government needs to embed a cyber security assessment into its value for money assessment when procuring.
“But for that to happen, we first of all need a benchmark to compare it against,” he said.
“The key is for it to be consistent, it’s one set of benchmarks. But one set doesn’t mean it’s not graduating, we just don’t want to put different rules for the federal versus each state, and maybe even local governments. It needs to be one set, but there could be different levels, which is exactly what the defence industry has done. They have a four tier system.”
Michelle Price of AustCyber argued that Australia has “significantly globally competitive smarts” when it comes to component manufacture, and has the ability to regenerate a componentry manufacturing industry.
“Once upon a time we really did have a thriving industry, it’s just that we didn’t know about it. And all of those companies were only engaged in exporting and then they got acquired. We can reshore that, we can bring that back onshore again, and I think that now there’s the economics available to us to make that work, we’ve just got to do it from a seed funding perspective to kick it off, and then everyone will pile in,” she said.
“When we imagine this world that we’re currently in where we’re not able to access different parts of the supply chain because it is literally cut off by air and sea, we can use these circumstances to demonstrate that even if we didn’t have a pandemic on our hands cutting off those supply lines, we can compete globally in some of that componentry manufacture.”