Labor not the only party clueless about its cybers

Labor not the only party clueless about its cybers

Summary: The incumbent Australian government might be clueless about its cybers when it crows on about the digital economy, but it turns out the Coalition isn't much to look at, either.

SHARE:

Security is not often seen as a driver for innovation. More often than not, it's seen as the uncomfortable problem that needs to be solved in order to meet regulatory requirements, if there is regulation for it at all.

It's been seen time and time again as one of the biggest roadblocks to new technologies. Cloud? The biggest concerns are privacy and security. Big data? Again, how our information is scraped and stored. BYOD? Security and data loss prevention. The list goes on.

Both major political parties in Australia have decided that yes, a National Broadband Network (NBN) is necessary, and yes, the future is going to be about the digital economy. But if this virtual economy is meant to be the next big thing for saving our country since digging up rocks, why is it that no one is debating about what has been a historically huge roadblock?

When the Labor government released its update to the National Digital Economy Strategy (NDES), I wondered whether it even knew what it was doing when it came to securing the online space and making it a suitable place for business.

Most of what was in the strategy failed to inspire me, given that it spoke mostly of education, neglected to include any actual executable plans or strategies for businesses or government, and generally rehashed what we have been doing as a country for the past five years or so.

But if I found Labor's performance lacklustre, the Coalition's plan leaves me wanting to flip some tables.

In referring to the NDES, the Coalition's policy attempts to shelve the "aspirations" of its opposition's paper as issues to be dealt with at a state and territory level, specifically using the National Plan to Fight Cybercrime as an example.

What part of "national" indicates that this was intended to be approached at the state level?

Online crime does not know any boundaries. The idea that you need to consider security differently because you live in New South Wales instead of Queensland is archaic and misses the point. By contrast, information security companies are calling for international coordination, a harmonisation of legislation to break down country-level silos that enable criminals to jump jurisdiction.

I wouldn't be so upset with such backward thinking, except for the fact that security is only mentioned one other time in the entire policy.

The sliver of promise comes as the Coalition notes that what we've being doing as a country for the past five years or so has been about trying, fruitlessly, to digitise everything. Its policy states that "the traditional focus of public sector effort in this area has been on online enforcement of laws and property rights, cybersafety education, digital literacy, and similar attempts to translate the traditional tasks of government into a digital context".

Thank goodness someone has realised that concepts in the offline world don't always work online, especially for security.

In the real world, if a robber tries your car door and finds that it's locked, they then proceed to try another. Online criminals send out their minions to try all of the cars on the street at the one time, and if the doors are locked, they check in all the right places for weaknesses or a spare set of keys.

The good news in the Coalition's policy is that it states that under its stewardship, it will move resources to where they are most effective.

So far, so good.

But the proposed solution for this is to get the private sector involved by encouraging it, of course, all while ensuring that a Coalition government does not "pick winners or lay down inflexible rules".

I can't help but feel that just as security has been lumped into a problem for the states and territories, so too again has it become the private sector's issue.

A watch-from-afar approach is not what the private sector needs. It is looking to the government to get its act together so that the Australian Federal Police isn't waiting months for overseas law enforcement agencies to come back with information. Businesses are innovative enough to adopt cloud technology and accept the use of BYOD, but when a breach occurs because of a hacker in another country, there's nothing on a national scale for them. They turn to state-level resources, but they don't see it as their job to hunt down someone in Russia, China, or wherever the hip place to hack from these days is.

The current plan of thinking about talking to other countries or one day getting involved with the United Nations Charter is slow, and could have been a great point of differentiation between the two biggest political parties, but it hasn't happened. If anything, the focus by both major parties on making sure we're "innovative" enough as a country is almost a backhanded insult to the current startups and research hubs.

Both parties had the opportunity to show how they would really enable the digital economy by removing the largest concerns around security. Sadly, it seems that neither of them actually have a clue.

Topics: Security, Government, Government AU, NBN

Michael Lee

About Michael Lee

A Sydney, Australia-based journalist, Michael Lee covers a gamut of news in the technology space including information security, state Government initiatives, and local startups.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

5 comments
Log in or register to join the discussion
  • Recommendations?

    "Both parties had the opportunity to show how they would really enable the digital economy by removing the largest concerns around security. Sadly, it seems that neither of them actually have a clue."

    What should they be doing? Most cybercriminal activity is based outside their legislative jurisdiction.

    Whilst nice to say "we should be better protected" I'm left wondering what can realistically be achieved.
    Richard Flude
    • Thats kinda the point of the article

      "Whilst nice to say "we should be better protected" I'm left wondering what can realistically be achieved."

      We elect politicians to work that out, not journalists, journalists are supposed to point out the problems. You must read "The Australian" a lot, they have a lot of "journalists" with "solutions"...
      Tinman_au
      • Yet the article is about them not offering solutions

        Don't see the irony;-)

        One write vacuous reports, the other complains without "belittling" whilst offering no solutions. I'm glad subscribe to The Australian if this is the aternative.
        Richard Flude
  • Sort of.

    The parties are just clueless as you'd expect, but the Attorney General's Department does actually know what they are doing (at least, the people who actually do things as opposed to the ones who talk about doing things).
    The stupid thing is, whilst any federal IT projects/systems are mandated to implement the PSPF, ISM etc, the states can do whatever they want. You'd hope the states would follow the federal guidelines, but they introduce a cost element they're often not willing to pay.
    That and the fact that many outsourcers are not even aware of these rules.
    Pachanga-4184c
    • Private sector is supported by Fedral Gov

      Private sector can engage with ASD on events or seek advice just like the other 3 levels of government can now. ASD publish advice which is freely available to the public, and I don't think it is overly heavy towards federal gov readership.

      The other thing is ASD has the 35 strategies and the mandatory top 4. These strategies are independent of who you are. No matter who you are, doing the top 4 alone goes a long way to protecting your systems from external malicious threats.

      Not sure state/local gov not being forced to follow PSPF/ISM is a big concern, given thier threats are not the same as federal gov e.g. less likely to be attacked from state actors in the same way federal gov is. Most if not all are trying to follow PSPF anyway.

      But the idea that can be one big IT security department for public and private sector is fanciful.
      NZO893