Former Prime Minister Malcolm Turnbull has said there's an opportunity to boost Australian talent, if government and large businesses alike moved away from the big end of tech town when procuring services.
"There's clearly a big opportunity for innovation and we have outstanding cybersecurity professionals in Australia … we should be developing a world-leading cybersecurity industry," Turnbull said on Wednesday. "The stronger your cybersecurity industry is in Australia, the better your cybersecurity will be."
He said one of Australia's biggest weaknesses is a lack of confidence in its own technological skills and a failure on the part of government "despite encouragement from politicians like myself to invest in and with Australian companies".
"This is where governments I think often slip up -- governments and big companies feel comfortable dealing with other big companies, often big systems integrators, foreign-owned. You've got to develop a culture where you are prepared to engage with, testbed, try out, do proof of concepts with smaller, younger, Australian companies," he said.
Both Turnbull and MacGibbon in 2016 were faced with the failure of tech kit procured from IBM by the Australian Bureau of Statistics (ABS). On Census night, ABS experienced a series of small denial-of-service (DDoS) attacks, suffered a hardware router failure, and baulked at a false positive report of data being exfiltrated, which resulted in the Census website being shut down and citizens unable to complete their online submissions.
"That was a complete failure by IBM … whose face did all the egg end up on? It ended up on mine as the prime minister," Turnbull said. "That was a classic case of an Australian agency … thinking that if they go with IBM, everything will be all right. You know, no one got fired for buying IBM and insert name of any other one of these big companies."
He said it speaks to not having enough technical skills inside government, and also "just being complacent about the big foreign companies".
"We need to have more confidence in our own capabilities," he added.
Acknowledging the need for more female representation in the cyber field, he also said anecdotally if the men in cybersecurity were more "congenial", more women would get involved.
"There is a theory, I honestly -- I'm not warranting this -- but there is a theory that if the men were more sort of congenial there'd be more women doing cyber subjects. I don't know. I think it's a commentary rather than the solution," he said.
Touching on the federal government's newly released 2020 Cyber Security Strategy, and the level to which government should be involved with the cybersecurity of businesses, Turnbull said he was hesitant to get behind any legislative direction to govern board responsibilities.
"One thing that could be useful is to require companies to formally address it in their annual report," he said, accepting that such an approach is more of a "box ticking" exercise than a valid metric.
"That is the problem, because with self-regulation, the only way to look at this is that you can't -- the government's not in a position to do a security audit on every company in Australia. So the only thing you can do is keep talking about it and keep raising awareness of it."
"What would make a difference was if somebody got sued for not doing a good enough job on their cybersecurity …. and companies need to be very careful about that because if you're not paying attention to it and your customers incur, also your company incurs, a loss, you might find yourself at the wrong end of a shareholder action."
End-to-end encryption, Australia vs the US
While the former PM covered 5G and the banning of Huawei, Chelsea Manning and Edward Snowden, and Australia's relationship with the overseas-based monarchy, he also touched on the subtle differences between Australia and the United States where end-to-end encryption is concerned.
"The arguments about end-to-end encryption are very cogent ones, because if you give, or if you say to WhatsApp or Signal or whatever, 'you must have a backdoor key to allow lawful interception', then the fact that that backdoor key exists, means that somebody else sees a vulnerability," he said.
"Therein lies the risk."
But further, Turnbull said the "cultural scene" where end-to-end encryption is concerned, differs in Australia to the likes of the US.
"My sense is Australians generally think the government is trying to do the right thing ... they sort of feel the government, by and large, has tried to do the right thing. You know, run by stumblebums and incompetence at any given time," he said.
"But in America, there is both on the right and the left, a really extreme libertarian tendency which sees the government as the enemy."
He said this culminates in Silicon Valley as a determination to maintain end-to-end encryption.
"It's quite ideological and baked into it today. It's baked into their DNA and it's connected with things like the second amendment and the right to bear arms," Turnbull said. "It's a very different mindset."
- The disappointment of Australia's new cybersecurity strategy
- Australian government pledges 10-year, AU$1.35 billion cyber kitty
- Scott Morrison cries 'Cyber wolf!' to deniably blame China
- Committee hits roadblock in probing Commonwealth cybersecurity performance
- Home Affairs proposes cyber regulations and legal immunities to respond to threats