Australia must lead from the centre in order to effectively address cyber security challenges, according to one of Australia’s top cyber security experts, Michelle Price.
At a National Press Club address on Wednesday, Australian National University national security college head Rory Medcalf and Price, CEO of AustCyber, reflected on the security lessons of 2020 and put forward their proposals for overcoming the challenges ahead.
Medcalf called for the government to develop a national security strategy, or “national interest strategy”. The plan would look at how to integrate security with other vital areas of policy related to the national interest, prosperity, and social cohesion.
“If we are playing a long game, and I believe we must, then we need a vision for a confident, resilient, inclusive, Australia that explains how it all fits together — sustainability, energy, infrastructure, health, education, technology and innovation,” he said.
Medcalf said state and territory governments must be equipped to secure Australia, arguing that it’s “absurd” that they don’t have personnel with the security clearances to connect them with intelligence and security advice from the commonwealth.
“I would argue that all states and territories should set up a dedicated national security unit within the department of premier or chief minister. This would involve a small team of officials with high level security clearances allowing them to access classified information and intelligence,” he said.
“This would allow at last for a genuine national security conversation and give states and territories a greater chance to affect national security policy. It would be a modest, but powerful investment; maybe five or six officials per jurisdiction.
“Commonwealth agencies for their part would need to be forward leaning in their willingness to share security information with those state and territory units.”
When asked if the Australian Signals Directorate should be moved from the Defence portfolio into Home Affairs — or if any other structural changes should occur to tackle the current nature of cyber attacks — Price reflected on her time delivering the 2016 Cyber Security Strategy.
“One of the things that I was not successful in doing as part of the 2016 Cyber Security Strategy… was actually convincing Malcolm [Turnbull] that … like other nations, we needed to recognise just how important cyber security is to every endeavour, and that to lead effectively on cyber security, we need to lead from the centre,” she said.
Price said the ASD should be placed at the centre, to combat the silos in Australia’s cyber defences which are often leveraged by “malicious actors”.
“In Australia we obviously are very wedded to that 1950s conception of what are our sectors in the economy. And so we look at it in these verticals. We don’t look at the horizontals. And increasingly the activity that is happening within the economy is at the horizontal level, and the engagement between sectors is happening in a horizontal kind of way,” she said.
“And so the value chains that are being created out of that means that increasingly there will be pressure applied to the same siloing that happens within the constructs of government.
“I think that ASD benefits from being in the Defence portfolio. I wouldn’t put it in the Home Affairs portfolio myself, because I think it ignores the point of why ASD exists in the first place and how it works with its counterparts in the Five Eyes and elsewhere. But I do think it could be placed in the centre. And that’s actually what I have put forward, many times.”