Former PM Turnbull suggests Australia boosts its cyber capability by buying local

Former prime minister said there is a need to be a 'megaphone' for domestic capabilities and for large organisations and agencies to stop simply buying from the tech giants.

malcolm-turnbull.png

Former Prime Minister Malcolm Turnbull

Screenshot: Asha Barbaschow/ZDNet

Former Prime Minister Malcolm Turnbull has said there's an opportunity to boost Australian talent, if government and large businesses alike moved away from the big end of tech town when procuring services.

"There's clearly a big opportunity for innovation and we have outstanding cybersecurity professionals in Australia … we should be developing a world-leading cybersecurity industry," Turnbull said on Wednesday. "The stronger your cybersecurity industry is in Australia, the better your cybersecurity will be."

He said one of Australia's biggest weaknesses is a lack of confidence in its own technological skills and a failure on the part of government "despite encouragement from politicians like myself to invest in and with Australian companies".

"This is where governments I think often slip up -- governments and big companies feel comfortable dealing with other big companies, often big systems integrators, foreign-owned. You've got to develop a culture where you are prepared to engage with, testbed, try out, do proof of concepts with smaller, younger, Australian companies," he said.

The country's 29th Prime Minister spoke alongside Alastair MacGibbon, who prior to heading up his own Australian cybersecurity megamix, CyberCX, was Turnbull's special advisor on cyber.

Both Turnbull and MacGibbon in 2016 were faced with the failure of tech kit procured from IBM by the Australian Bureau of Statistics (ABS). On Census night, ABS experienced a series of small denial-of-service (DDoS) attacks, suffered a hardware router failure, and baulked at a false positive report of data being exfiltrated, which resulted in the Census website being shut down and citizens unable to complete their online submissions.

"That was a complete failure by IBM … whose face did all the egg end up on? It ended up on mine as the prime minister," Turnbull said. "That was a classic case of an Australian agency … thinking that if they go with IBM, everything will be all right. You know, no one got fired for buying IBM and insert name of any other one of these big companies."

See also: Australian government is currently juggling 62 high-cost IT projects

He said it speaks to not having enough technical skills inside government, and also "just being complacent about the big foreign companies".

"We need to have more confidence in our own capabilities," he added.

Acknowledging the need for more female representation in the cyber field, he also said anecdotally if the men in cybersecurity were more "congenial", more women would get involved.

"There is a theory, I honestly -- I'm not warranting this -- but there is a theory that if the men were more sort of congenial there'd be more women doing cyber subjects. I don't know. I think it's a commentary rather than the solution," he said.

Must read: Revisiting the conversation about tech diversity and inclusion in Australia

Touching on the federal government's newly released 2020 Cyber Security Strategy, and the level to which government should be involved with the cybersecurity of businesses, Turnbull said he was hesitant to get behind any legislative direction to govern board responsibilities.

"One thing that could be useful is to require companies to formally address it in their annual report," he said, accepting that such an approach is more of a "box ticking" exercise than a valid metric.

"That is the problem, because with self-regulation, the only way to look at this is that you can't -- the government's not in a position to do a security audit on every company in Australia. So the only thing you can do is keep talking about it and keep raising awareness of it."

"What would make a difference was if somebody got sued for not doing a good enough job on their cybersecurity …. and companies need to be very careful about that because if you're not paying attention to it and your customers incur, also your company incurs, a loss, you might find yourself at the wrong end of a shareholder action."

End-to-end encryption, Australia vs the US

Free PDF

Australia’s encryption laws: An insider’s guide

Australia now has world-first encryption laws. This guide explains what the laws can do, what they cannot do, and how Australia ended up here.

Read More

While the former PM covered 5G and the banning of Huawei, Chelsea Manning and Edward Snowden, and Australia's relationship with the overseas-based monarchy, he also touched on the subtle differences between Australia and the United States where end-to-end encryption is concerned.

"The arguments about end-to-end encryption are very cogent ones, because if you give, or if you say to WhatsApp or Signal or whatever, 'you must have a backdoor key to allow lawful interception', then the fact that that backdoor key exists, means that somebody else sees a vulnerability," he said.

"Therein lies the risk."

But further, Turnbull said the "cultural scene" where end-to-end encryption is concerned, differs in Australia to the likes of the US.

"My sense is Australians generally think the government is trying to do the right thing ... they sort of feel the government, by and large, has tried to do the right thing. You know, run by stumblebums and incompetence at any given time," he said.

"But in America, there is both on the right and the left, a really extreme libertarian tendency which sees the government as the enemy."

He said this culminates in Silicon Valley as a determination to maintain end-to-end encryption.

"It's quite ideological and baked into it today. It's baked into their DNA and it's connected with things like the second amendment and the right to bear arms," Turnbull said. "It's a very different mindset."

RELATED COVERAGE