Opening and keynote address
Australian Centre for Cyber Security Conference
Australian Defence Force Academy
9am, 16 November 2015
Thank you and good morning everyone.
I would like to acknowledge the Ngunnawal people, traditional owners of this land.
I am pleased to be here this morning in my capacity as Minister for Defence Materiel and Science, as I appreciate the challenges that are before our nation both from a defence, a security, a business, and a personal perspective when it comes to defence science and security.
I would particularly like to acknowledge the Australian Centre for Cyber Security, the Australian Defence Force Academy and the Defence Science and Technology Group for organising the conference – the first of its kind.
To Professor Jill Slay, the Director of the Australian Centre for Cyber Security, thank you for the Centre’s role in bringing together experts leading the way on cyber security across commercial, policy and research fields.
I look out here and consider the significance of your individual roles and what it means collectively, because it is only with cooperation and coordination of our efforts that we ensure that the risks to our sovereignty are improved through the research and development area of cyber security.
One of the challenges that we were talking about just briefly now outside, is the need for recognition of the scale of the problem.
When you are deliberating today, the first thing is that we seek to understand the national scale of the challenge – and perhaps international too – and very large scale business links.
But you are only as good as your weakest link.
So how do we actually educate future leaders – both defence leaders, government leaders, and business leaders – that their role is significant, if not critical, not just today but in the future? And what do they do to educate themselves to make sure that their organisations are at the forefront?
No one should be under any illusion. We are under attack. We are under attack today. As we speak.
Only last week I was over at the Canberra Convention Centre for the annual Military Communication and Information Systems Conference where Lockheed Martin had a piece of equipment. Part of it was a mobile screen, and on that screen were cyber attacks happening around the world in real time. They could identify the originator and the location. But to me I guess, as a lay person, it is pretty extraordinary to see the capacity we have to not only see these attacks, but to see them at any one time.
I think understanding how real and how immediate that threat is to every level of government and every level of business is the starting point.
If I could go back a moment and look at what is now happening at ADFA, it is ensuring that young Defence personnel are understanding that their role, no matter which corp or service they may go into, that they have a leadership role in not only ensuring that their organisation is safe, but that in future that they continue to educate themselves and remain cutting edge.
The challenges are not new, they have been with us for 20 years – and you will have known that for even longer than perhaps the general public.
But when we look at the breadth, and the scope of what has happened in Paris over the weekend, that is something that everyone can relate too. The death, the destruction, the terrorism.
But are they as equally aware, or can they be without those graphic images, of the capacity of cyber intrusions to wreck havoc in their civil world? After all, we rely on our power grid, our transport system, our financial services, and our water.
Basically everything we say and do in our economy is able to be subjected to cyber attack, and the potential outcome of an attack could be quite catastrophic if we were not able to protect against such.
So as I was saying, businesses today are under attack and we only saw reports last week about how the three competing interests for our submarines are also under attack.
I use the term quite openly, because that’s what it is, it’s an attack on your sovereignty by trying to understand and get a strategic advantage.
So let’s not underplay what it is and let’s not underplay what the risks are. They are very real.
Let’s turn to international law now – one of the areas perhaps which you will address today. If you go back to international law of the sea and the skies, particularly the skies, it is relatively new because of course there was no air movements before World War One largely. The world has come to a place where we protect that space and we have international norms and laws that we operate within. And of course there are those who transgress them, but at least they are there.
We are still in the formative stages of how that can work in the cyber space, but I think that it is imperative we ensure that the laws adapted and adopted internationally give us the chance of being able to have some sort of basis on which to move forward in this area of cyber knowledge.
You will be aware that the Government is considering a Cyber Security Review and I can assure you that the Defence White Paper will also cover off on the issues of cyber strategy in some detail.
The Government’s commitment is in a number of phases. Let’s just quickly cover off on them.
First of all it is to share information to enable us to respond to cyber threats. That is, to share information with businesses and with our international partners, but just as importantly within government.
There is no point in having silos within this area. There are many organisations where it is their responsibility to garnish that information in order to protect us. But it is how we share this information and work collaboratively that will give us the greatest security. We must raise the bar for cyber security operations across the spectrum and that’s where the challenge comes in for people in just understanding the threat.
If you go into a board room, people may understand profit and loss, they may understand a balance sheet, but if you start talking in tactical terms in such a way these are people who glaze over, then what happens is that we lose them. And therefore they turn their mind away from it.
Only over the weekend I was talking to a mid-level legal firm that said to me, “Beyond keeping the personal information of my clients, what’s that got to do with me? How do I manage that?”
They are the challenges. How do they come to the forefront of our thinking so people understand what their role is and what the risk is to this information?
Fostering information on cyber security to help grow our Australian businesses is also important and of course the Prime Minister’s focus on innovation means that cyber a key area of growth.
Defence is of course very vulnerable. There are 100,000 people working in and across the Department of Defence. I am told that on each and every day there is in order of 10 and 60 million internet hits. Each one of those is a vulnerability, or potential vulnerability, that we need to be aware of.
What an individual does, whether on operations or back home, can compromise or add a chink in our armour that we need to be aware of. This comes down to training.
So the future of Defence science research and development is going to depend of the people who sit in front of me and our capacity to build better people and grow the talent pool. Hopefully there will be some comments on that in the innovation paper coming out soon on how it is that we as Australian’s get our fair share of the best and brightest so that we can remain at the forefront of this area.
The training that delivers ‘tomorrow’, as ADFA is doing through the University of New South Wales, is absolutely critical. Computer Science, international politics, risk management and law are all critical in people development.
Also I want to acknowledge the Defence Science and Technology Group today and their role in collaborating with universities, signing Memorandums of Understanding with some 26 different universities around the country, and working with businesses is critical in redefining the research and development needs.
The role of our academics and our tertiary sector is very important. The role of Government is very important. The role of business is very important. But it is only when we bring the three together that we are going to get the multiplier effect that we need to ensure that collaboration delivers the outcomes that protect us and give us the offensive capacity that we need as a nation.
International partnerships are equally as important. As you all know the risk does not just come from sovereign nations or from the corporate sector, it also comes from individuals. And perhaps the person I am about to refer to is sitting in the room.
Not so long ago a Defence person was telling me about how their family was in a hotel and whilst they went down to check in, the son upstairs hacked into the computer system of the hotel. He said, “Well dad, why shouldn’t I? The door was open”. He wasn’t being malicious. He was just entertaining himself, he wasn’t doing any harm. When they brought this to the attention of the management of the hotel, they didn’t want to know.
We can not have that attitude within Government or within Defence – of recognising potential loop holes but not acting on them. We need to know if the threat is real, that we are under attacked today and will into the future. And that those attacks will continue to grow.
So today’s conference is a critical one. I know it is the first, but maybe it should have happened a long time ago. But it is a start. And from here we need to grow the significance of what you are about to achieve.
Collaborate, cooperate and in doing so grow with strength for Australia’s defence in the cyber space so that we have the defensive and offensive capacity to remain at the forefront of what the world needs us to be, and that is a safe and secure nation.
Congratulations to all those involved in establishing the conference today. I wish you well with your deliberations and I look forward to seeing the responses of today’s discussions.