Digital Transformation Agency wants its cybersecurity team back
The DTA's CEO Gavin Slater has told Senate Estimates he 'absolutely' wants the capability back in-house, after a machinery of government change removed the cybersecurity team from his agency last year.
The Digital Transformation Agency (DTA) is in the process of helping the government move towards a more 21st Century approach to service delivery, one that is citizen-focused, centred on innovation, and making use of technology.
The DTA recently had its cybersecurity functions removed in a machinery of government change and as a result, the agency has to now head outside its walls when cross-checking even the most basic cyber-related concerns.
Facing Senate Estimates on Tuesday, DTA CEO Gavin Slater was asked what the cybersecurity capability now looked like within the agency.
"I would have described it as being strong," he said. "We had a small cybersecurity team embedded within the DTA ... the role of that team was that when agencies were thinking about transforming the way their services are delivered digitally was to really ensure they were thinking about security not as an afterthought but part of the key design criterion -- that was the primary role of that team.
"But recently under a machinery of government change, with the centralisation of the cybersecurity function under Alastair MacGibbon, that team has been mogged out from the DTA."
While Slater and his agency still have access to cyber-focused staff through the new model, it's on a "collaboration" basis.
"I wouldn't say it's weakened government's cybersecurity capability, and questions around that are for Alastair, but certainly in terms of what are the skills and capabilities we have within the DTA -- we no longer have them," Slater said.
When asked if would prefer to have kept the cyber team, Slater said "absolutely".
"It goes to the point around efficiency. A lot of the work we do with agencies around transforming the way their services are delivered, you need cross-functional teams in order to be effective in that," he explained.
"So we need people that understand how to do discovery work, we need people that understand how to do service design, how to present content, and quite frankly it's just much easier having people right there that understand the security aspects of it."
Slater joined the federal government from the National Australia Bank where he held a number of roles including CFO, COO, and group executive across a range of business areas.
Having worked on a handful of digital transformation-related work, Slater said having cross-functional teams co-located and working on things together breeds better outcomes.
"That's what agile is," he explained. "What I'm not saying, though, is ... that every single agency creates its own separate functions for security, IT, and everything else.
"So now we see an increased capacity inside the DTA -- and that's important because baking in security architecturally and philosophically is way better than bolting it on afterwards," he told ZDNet last May.
Similarly, former Minister Assisting the Prime Minister on Cyber Security Dan Tehan said in 2016 that a centralised approach by government to cybersecurity is dangerous, and it is preferable for departments to take care of themselves instead.
Now shifted over to Human Services, Tehan said at the time he wanted to see each individual department and agency take responsibility themselves.
"What we want to develop is a culture with all departments and agencies within government that they have the mechanisms in place to make sure they are as cyber-secure as they possibly can be, and if there is capability shortfalls, that they reach out to see how they can get them addressed by other agencies who can help in this regard," Tehan added.
The shadow minister who would become responsible for digital transformation if Labor were to take power in the short-term has voiced his concerns over the evolution of the Digital Transformation Agency, asking for more accountability for transformation from ministers.
Rather than including banks, the DTA has selected a pair of government departments, one responsible for the robo-debt debacle and the other dealing with consistent IT outages, and a postal service that wants voting to occur via the blockchain.