Over the last few years, cybersecurity has been a hotly debated issue in Australia.
There have been serious clashes over the heavy-handedness of the Australian Government and the industry and community fighting against the attacks on press freedom, demanding protection of journalists, protecting civil liberties and the openness and transparency of our democratic institutions.
Let’s hope that the coronavirus pandemic also provides a reset point for these issues. First of all, it is clear that there are far more serious problems at hand than just terrorism, so the Federal Government should start looking at the broader national security issues particularly following the recent climate disasters – drought, bushfires, floods – and now the COVID-19 pandemic.
With these disasters, it has also become clear how important the use of big data is in order to provide the all-important information in managing and solving these disasters. It is highly likely that a more relaxed use of big data will again see a clash between government surveillance and civil liberties, particularly privacy.
Of course, we should use big data wherever possible to assist us in these fights. But let’s not throw the baby out with the bathwater. Let’s make sure that what we are doing now is not going to be detrimental to our democratic and open society once these crises subside. We always see dangerous creep issues once such data is available. The recent grab by local councils for data available from mobile phone use is a clear example of this.
In the wake of the COVID-19 pandemic, Yuval Harari made some good observations on these issues in the Financial Times.
I recently made a submission for Australia’s 2020 Cyber Security Strategy that is relevant in this situation. I was involved and very much engaged in the initial industry discussions in 2016.
However, since that time, I am extremely disappointed with the Government’s handling of this very important issue. As with so many policies, there is a serious lack of vision from the current Federal Government and therefore also no clear strategy attached to this.
Decisions are made on the fly without proper process. So much of what passes for government cyber-security initiatives are knee-jerk reactions to external events, rushed through with no time for thoughtful inputs from experts in the field. Input from experts should be sought before policies are developed, not afterwards. There has not been any due process in the formulation of the policies. This is seriously undermining any trust in the Government’s ability or interest in working with the experts, industry and the community to put a solid policy framework in place.
The lack of consultation with independent experts, before proposals are opened to the public makes it extremely difficult to develop balanced policies. Most of the documents are written behind closed doors by the bureaucrats and presented as a fait accompli, more often linked to politics rather than the national interest. By the time the issues are well-researched and considered expert opinion and critique is received, there is very little room for the Government to backtrack without losing face.
Therefore, we end up with bad policy and poor legislation that gets pushed through anyway, to safe political face and avoid contradicting an earlier media release.
Without a clear strategy, the 2016 report ended up on the shelf and there is no reason to believe that the next report will not also end up there. The Federal Government is very selective in only asking the questions they are interested in, while at the same time ignoring the questions asked by industry, academia and the community.
As we can clearly see, the country is far more vulnerable to the effects of climate change and pandemics than it is to terrorism. The panicky behaviour the Coalition Government is showing on cybersecurity does not equate to the actions it should take on national security issues that are far more dangerous to the social and economic structure of the country.
It is shocking to see the lack of safeguards that the Government is willing to put in place in its cybersecurity policies regarding our individual autonomy, privacy, democratic rights and democratic institutions (especially the press). This Government has failed to show that it is willing to come up with a balanced approach to this issue.
Another major disaster has been Coalition Government’s the politicisation of the issue. Huawei is a case in point. Making Huawei a scapegoat is not going to change the issue of a totalitarian regime in China. This needs to be approached both on the cybersecurity front as well as on the diplomatic side. Mixing the two is a recipe for disaster. Global collaboration is essential if we really want to create a more secure society. The issues are not national but international.
Rather than bullying through its own views, the Government should develop a balanced policy that clearly shows that it does respect our democratic rights, privacy and so on. There need to be very clear safeguards in place before any policy will be taken seriously by the Australian people. Rather than focus on government detection, enforcement and punishment, a balanced policy should recognise and foster citizen and commercial vigilance, improve the non-government sector’s abilities to defend itself, with clearly spelt out limits on government intrusions against citizens’ rights.
Good cybersecurity proposals increase security for everyone; they do not seek to target criminals or terrorists, because by reducing security for criminals, they inevitably reduce security for everyone. We live in an open democratic society and we need to accept certain risks in order to protect it.
The government, industry and the community must come together. But there is no indication that this Government is genuinely interested in such a combined approach. It seems it is their way or the highway. Wasting another large amount of money on so-called community education is the wrong approach and won’t resolve anything. The Government should first develop a clear vision and create an informed strategy. This will allow all parties involved to build trust and facilitate a climate where we can genuinely work together with the broader community and then ask for their participation in the execution of the policy. The pandemic shows that individual people are prepared to work together with the government, let us learn from this.
Perhaps the current crisis will assist in a change in behaviour from the Morrison Government.
What is needed is a clear vision of the future for our country and national security obviously goes way beyond “cyber”. We need a comprehensive and holistic approach. This will take time, as we need to engage the best brains in the country and beyond in such a process. Rather than making it a quick next-election policy, these should be bipartisan issues, well researched with genuine input from experts as well as the community.
This is not about political point-scoring for the next election but about the national security of all Australians.
Paul Budde