Australia's bold plan for cybersecurity growth

Australian Cyber Security Growth Network has set its goals, fleshed out its board, and announced a detailed plan for success.
Written by Stilgherrian , Contributor

Key elements of the Australian Cyber Security Growth Network's Sector Competitiveness Plan

(Image: Australian Cyber Security Growth Network)

The Australian Cyber Security Growth Network (ACSGN) aims to triple the size of the nation's cybersecurity industry sector, from just over AU$2 billion in revenues today, to AU$6 billion.

The goal was announced in Sydney on Thursday at the launch of the ACSGN's Cyber Security Sector Competitiveness Plan (SCP), their roadmap for reaching that goal.

The SCP is intended to "identify the challenges Australian organisations face when competing in local and international cyber security markets".

"The SCP provides a roadmap to strengthen Australia's cyber security industry and pave the way for a vibrant and innovative ecosystem. It articulates the steps and actions required to help Australia become a global leader in cyber security solutions, with the aim of generating increased investment and jobs for the Australian economy," it says.

The SCP was launched by Senator Arthur Sinodinos, Minister for Minister for Industry, Innovation and Science.

"The aspiration, and it's set out here in this plan so clearly, is to be a global leader in this space," Sinodinos said.

"It's fantastic, the talent we have in Australia, the skills that we have in Australia, the systems we have in Australia, to be a world leader in so many aspects of cybersecurity... Now I know that can be a big call, but we have the capability to do it."

Australia's attempt to build the cybersecurity sector will have three country-specific challenges, according to the ACSGN:

Firstly, while Australia demonstrates excellent and world-leading cyber security research capability, there are signs the current system of research and commercialisation is inefficient. Scattered public funding for cyber security research and development weakens the country's ability to lead on innovation. Limited collaboration between the research community and the private sector further undermines the commercialisation of basic research ideas into marketable solutions.

Secondly, insights gained from expert interviews undertaken to develop this Plan and public tender data signal that the current market environment constrains the growth prospects of smaller Australian cyber security businesses and startups. While these companies may have the capability to develop innovative and novel product and service offerings, they often lack the business acumen, established credibility and scale to win key contracts with large industry or government customers in Australia and abroad. Barriers to export are particularly noticeable for providers of cyber security services.

Thirdly, a serious skills shortage is limiting the growth of the Australian cyber security industry. Several industry surveys confirm the drought in job-ready cyber security professionals is among the worst in the world. While universities have recently begun to introduce several new study courses, they will unlikely produce enough graduates to meet industry demand in the near future. It is also questionable whether the industry will be able to draw workers with related skills from areas outside of cyber, as pathways for professional and transitional training are not currently sufficient. It is estimated that the domestic cyber security industry will need to employ at least 11,000 additional workers over the next decade.

The CSP runs for 98 pages, with the front cover as the only non-content graphics. It's intended to provide a thorough economic narrative to back up the strategy.

The ACSGN also announced two members to its board, bringing total to five, and the creation of a second cyber security innovation node in Canberra, joining the first node established in Melbourne.

The new names on the board are Heather Ridout AO, a former long-term chief executive of the Australian Industry Group, and chair of numerous business and community organisations; and Mike Burgess, most recently chief information securing officer of Telstra, and previously holding senior roles with the Australian Signals Directorate (ASD).

They join co-chairs Adrian Turner, chief executive officer of Data61; Doug Elix, who retired from IBM in July 2008 as senior vice president and group executive for IBM's worldwide sales and distribution operations; and ACSGN's chief executive officer Craig Davies.

Davies continues to be bullish about the potential for Australia's cybersecurity sector, but once again he emphasised the need for speed.

"This is the time we need to do this," he said. "Deloitte are forecasting 60,000 jobs over the next 13 years [if Australia takes a 'cyber smart' growth strategy]. Is that all? Surely we can do better than that."

Davies' team took 20 Australian cybersecurity startups to the RSA information security conference in February this year. His goal is to take 50 companies in 2018.

Davies said he's been told that the ACSGN is looking for the next Atlassian, referring to the company most often cited as an Australian startup success, and also to his previous role as Atlassian's head of security. "No," Davies said. "We're looking for the next 50 Atlassians."

Also announced were two cybersecurity hardware products, both developed in Australia.

From Penten comes the AltoCrypt Stik, a "highly portable, easy to use, secure mobility solution which provides a government user wireless access to sensitive networks both inside and outside the office," according to the promotional material.

The Stik bundles routers, security appliances, and cryptographic tools confirming to the UK PRIME standard for High Grade, into a single USB stick. It has the potential to replace the suitcase-sized devices currently in use.

The other device is the Cog Systems D4 secure smartphone, which aims to produce a secure Android device at consumer price points, rather than the usual hardened phone price that can often exceed $10,000.

Cog's reference design is based on an HTC One A9 smartphone, with a heavily modified version of Android. Its features include a virtualised key store, which means the key store doesn't touch the operating system; nested VPNs, enabling two separate and distinct VPN clients on the device; and a D4 Secure layer running on a separation kernel to provide added OS protection from common exploits and malware."

The ACSGN was established at the beginning of 2017 as part of Australia's National Innovation and Science Agenda in December 2015, and is a key part of the Australian Cyber Security Strategy released in April 2016.

Editorial standards