Labor not the only party clueless about its cybers
Security is not often seen as a driver for innovation. More often than not, it's seen as the uncomfortable problem that needs to be solved in order to meet regulatory requirements, if there is regulation for it at all.
It's been seen time and time again as one of the biggest roadblocks to new technologies. Cloud? The biggest concerns are privacy and security. Big data? Again, how our information is scraped and stored. BYOD? Security and data loss prevention. The list goes on.
Both major political parties in Australia have decided that yes, a National Broadband Network (NBN) is necessary, and yes, the future is going to be about the digital economy. But if this virtual economy is meant to be the next big thing for saving our country since digging up rocks, why is it that no one is debating about what has been a historically huge roadblock?
When the Labor government released its update to the National Digital Economy Strategy (NDES), I wondered whether it even knew what it was doing when it came to securing the online space and making it a suitable place for business.
Most of what was in the strategy failed to inspire me, given that it spoke mostly of education, neglected to include any actual executable plans or strategies for businesses or government, and generally rehashed what we have been doing as a country for the past five years or so.
But if I found Labor's performance lacklustre, the Coalition's plan leaves me wanting to flip some tables.
In referring to the NDES, the Coalition's policy attempts to shelve the "aspirations" of its opposition's paper as issues to be dealt with at a state and territory level, specifically using the National Plan to Fight Cybercrime as an example.
What part of "national" indicates that this was intended to be approached at the state level?
Online crime does not know any boundaries. The idea that you need to consider security differently because you live in New South Wales instead of Queensland is archaic and misses the point. By contrast, information security companies are calling for international coordination, a harmonisation of legislation to break down country-level silos that enable criminals to jump jurisdiction.
I wouldn't be so upset with such backward thinking, except for the fact that security is only mentioned one other time in the entire policy.
The sliver of promise comes as the Coalition notes that what we've being doing as a country for the past five years or so has been about trying, fruitlessly, to digitise everything. Its policy states that "the traditional focus of public sector effort in this area has been on online enforcement of laws and property rights, cybersafety education, digital literacy, and similar attempts to translate the traditional tasks of government into a digital context".
Thank goodness someone has realised that concepts in the offline world don't always work online, especially for security.
In the real world, if a robber tries your car door and finds that it's locked, they then proceed to try another. Online criminals send out their minions to try all of the cars on the street at the one time, and if the doors are locked, they check in all the right places for weaknesses or a spare set of keys.
The good news in the Coalition's policy is that it states that under its stewardship, it will move resources to where they are most effective.
So far, so good.
But the proposed solution for this is to get the private sector involved by encouraging it, of course, all while ensuring that a Coalition government does not "pick winners or lay down inflexible rules".
I can't help but feel that just as security has been lumped into a problem for the states and territories, so too again has it become the private sector's issue.
A watch-from-afar approach is not what the private sector needs. It is looking to the government to get its act together so that the Australian Federal Police isn't waiting months for overseas law enforcement agencies to come back with information. Businesses are innovative enough to adopt cloud technology and accept the use of BYOD, but when a breach occurs because of a hacker in another country, there's nothing on a national scale for them. They turn to state-level resources, but they don't see it as their job to hunt down someone in Russia, China, or wherever the hip place to hack from these days is.
The current plan of thinking about talking to other countries or one day getting involved with the United Nations Charter is slow, and could have been a great point of differentiation between the two biggest political parties, but it hasn't happened. If anything, the focus by both major parties on making sure we're "innovative" enough as a country is almost a backhanded insult to the current startups and research hubs.
Both parties had the opportunity to show how they would really enable the digital economy by removing the largest concerns around security. Sadly, it seems that neither of them actually have a clue.