The deteriorating cyber threat environment of 2020 hasn’t gotten any better in 2021. Indeed, it just might be getting worse.
In Australia, the federal response has been muscular. Important amendments to the Security of Critical Infrastructure Act are wending their way through parliament to harden cyber security resilience obligations for a broader swathe of Australian businesses.
What about the states? In NSW, the state government committed to updating its 2018 Cyber Security Strategy. It also allocated $240 million to opening a cybersecurity vulnerability management centre in Bathurst.
The biggest news yet has been the announcement of the $1.6 billion Digital Restart Fund. The state government initiative is an ambitious attempt to make NSW the digital capital of the southern hemisphere, and it is being touted as the single largest cybersecurity investment in the nation’s (let alone the state’s) history. For local IT vendors, that initiative is bearing fruit today.
What’s going on? The funding pool is earmarked for protecting existing systems, deploying new technology, and building out the state’s cyber workforce, with the aim to boost service access and improve service delivery.
Nor has resilience been neglected. In particular, the state is making a big bet on Australian small and medium enterprises (SME).
First, a state government taskforce looked into the question of ramping up SME participation in government procurement. The ICT/Digital Sovereign Procurement Taskforce was explicitly set up to find ways to diversify the state’s ecosystem of IT suppliers — perhaps even creating “measurable targets” for sovereign IT. Well now, we have those targets. Just a few months ago, the state announced that it had set an aspirational spending target of 30% of the annual $2.5 billion IT procurement budget with local SMEs. In addition, the state government has also set an expectation that procurements valued over $3 million will redirect 25% of indirect IT spending to SMEs.
It’s hard to overstate the importance of such “buy local” measures. Clearly, part of their intent is to accelerate the growth and recovery of the country’s SMEs. Primary drivers of economic growth, the nation’s SMEs have been battered by the pandemic. Therefore, revving up that economic engine is critical for the country’s long-term financial health.
That’s not all, though. Both state and federal governments are working on solutions that enhance critical sovereignty and data security of vulnerable assets.
Proposals for achieving technology sovereignty aren’t new. Nevertheless, the COVID-19 crisis has given that important drive much needed momentum.
It was clear to all that during the pandemic, digital technologies helped the country’s citizens immeasurably. Diverse technologies kept schools and businesses open, ensured groceries were delivered, kept us seeing medical professionals, and facilitated payments.
The increased reliance on digital technology systems didn’t go unnoticed by state and private actors — hence the sharp spike in cyber threats.
In NSW, the local IT sector provides an important measure of cyber resilience against these very threats. Used to competing against bigger, entrenched Enterprise Resource Planning (ERP) vendors, we must innovate for our daily bread.
Some of the big, bureaucratic incumbents can often be complacent, reliant on legacy architecture. That reliance can lead to inefficient, costlier solutions that take longer to build and test.
On the other hand, we can’t afford to be big, complacent, and more costly, like many other local vendors. We have to solve problems quicker, using truly agile development approaches that enable us to add new capabilities to respond to unexpected customer needs — like novel pandemics. We have greater risk tolerance, which makes us better able to innovate with each new product and release.
In turn, those innovations, especially in data security, privacy, and availability, then get passed on to our customers in the state and private sectors, redounding to the benefit of the nation’s citizens and critical sovereignty objectives.
Since we put in the hard work, now it’s the governments turn to put their money where their mouth is, by starting to look for truly innovative solutions. Although there hasn’t been a lot of procurement during the pandemic, lazy ERP purchasing was previously more the rule than the exception. Smaller players were fighting an uphill battle for consideration and opportunities.
Don’t just take my word for it. Early last year, Gartner analysts did a write-up on buyer preferences. The report indicated most buyers preferred known vendors, with only 13% open to any vendor with an interesting solution that meets their needs.
In contrast, 22% of buyers admitted they would only consider approved or known vendors for new purchases, while 25% would only consider approved or known vendors for replacement purchases.
Around two-thirds of buyers have preference for approved or known vendors, either for new purchases (65%) or replacements (63%). If that’s not bad, the reasoning is worse. Buyers don’t want to buck the lazy purchasing trend, because of “tech debt” and “sunk costs”.
When it comes to innovation that protects critical infrastructure and enhances community resilience, tech debt and sunk costs just won’t cut it.
So that’s why, as the CEO of a local tech SME, Noggin, I’m pleased to the see the NSW state government acknowledge all the great digital technology in its own backyard.
Putting a metric on local IT procurement is an important first step. However, it still needs to be matched with a proactive procurement approach that ensures the best critical infrastructure protecting innovations get a fair shake so that our people, places, and key assets remain safe.