Australia's Minister Assisting the Prime Minister for Cyber Security, Dan Tehan, closed out the round of opening keynotes at this years RSA Conference for the Australia Pacific and Japan region. During his address Tehan painted a gloomy picture of our region. But in that doom and gloom he suggested Australia could be a leader in helping the region become stronger while giving the Australian economy a boost as we take the challenges of the region and turn them into opportunities. But the speech and the follow up interview we scored were light on for details.
Tehan's speech sprouted some of the usual data we've come to expect. Connectivity is up but user knowledge when it comes to securing systems is low. Cyber-crime is on the rise and the bad guys are targeting critical sectors such as finance, construction, engineering and infrastructure. Eight of the ten countries most affected by cyber-crime are in our region he said.
The threats, said Tehan, are not just to Australia but are regional. With countries so tightly connected, a weakness that is exploited in one country could have serious repercussions in another. This is why, he said, countries need to work together as we are only as a strong as the weakest link.
"Our cyber-security will only be as good as the weakest link in the chain," he said.
While Silicon Valley gets a lot of attention, Tehan noted that the majority of the world's technology is made in the region. "We are the world's technology region," said Tehan.
These key points were reiterated several times in Tehan's speech.
But from the ashes of this comes great opportunity according to Tehan. According to Tehan, there are about 19,000 people working in the field of cyber-security in Australia. He suggested organic growth would add a few thousand but the establishment of the Australian Cyber Security Growth Network, being run by former Cochlear and Atlassian CISO Craig Davies, is expected to boost number by a further 13,000 over current levels.
And the skills we develop should hold us in good stead to not only weather the storm locally but offers services within the region and globally.
Following the speech, Tehan said discussions with other countries in the region have been progressing with regards to establishing regional partnerships. All the relevant ASEAN ministers have been invited to a meeting that is planned to take place during Singapore's cyber-security week events in September this year.
"A committed framework for best practice would be a good start. But if we could take it into the behavioural space that would be very good as well," he said. "If you look globally when it comes to traditional warfare, you've got UN Security Council Resolutions, the Geneva Convention - you've got very formal structures in place. At this stage, cyberspace is fairly much ungoverned when it comes to rules and norms. it's something we've got to get on top of".
However, most of those conventions have come about following a major event. But Tehan thinks the world should be mature enough to do something that isn't "crisis driven".
So, is Australia ready to defend against a committed and well-resourced nation-state adversary?
Tehan said the collaboration between the government and industry is key to developing a defensive capability. He said this is "one of he great advantages of western, liberal democracies".
When pushed into whether we could defend, Tehan said he wouldn't engage in hypotheticals but that the government is working very hard with industry and academia to make sure we are cyber-secure as we possibly can be.
"We are well placed but we need to continue our efforts".
Encryption is a hot button issue. I suggested to Tehan that there is a very low level of trust when it comes to government's circumventing encryption is some way.
"It isn't just the Australian government that has these concerns. it comes from the fundamental premise that every government has an absolute obligation to do everything it can to keep its citizens safe," said Tehan.
Tehan reiterated the Prime Minister's stated objective to work with technology companies to resolve the challenge of giving government agencies access to encrypted data without compromising personal privacy. He thinks it can be done but added no clarity on how it might happen.
As for trust, Tehan said there is "a good level of trust from the Australian people". He cited the introduction of metadata retention laws that were passed a couple of years ago and how those laws were passed with bipartisan support although there was "some noise around the edges".
Anthony Caruana attended RSA Conference in Singapore as a guest of RSA