We see the problems that we are facing within an increasingly digital society and economy. We cannot go backwards; the only way forward is to ensure that this new digital environment is made as safe as possible from a personal, social, political and economic perspective. We are currently struggling on these fronts.
Unfortunately, we have now clearly entered a situation of cyber warfare. Digital technologies are now used by states to impose and undermine ideologies. We see totalitarian regimes using it to interfere with elections as well as using it to control and suppress their own population.
This is buttressed within countries by digital control and manipulation of news and information. Internationally, they also use other tactics to force countries to succumb to their totalitarian ideology through trade wars and other economic means.
With cyber-attacks on the increase, utility providers and consumers are turning to private wireless networks to mitigate risks.
Cyberwarfare is more of a threat to democratic nations than to the countries under totalitarian regimes. While totalitarian regimes ultimately often fail, they need to be transformed from within and that could take a long time.
Such regimes, especially when they are powerful, can create a lot of international damage and indeed seriously undermine democratic nations.
Global and political problems linked to cyberwarfare are more important than the personal cyber problems we face, including the commercial surveillance systems from digital companies such as Facebook and Google. That is not to say that we should not do anything on this.
But if we need to set priorities on cybersecurity, international cyberwarfare is the most serious issue.
We can manage personal cybersecurity issues, to a large extent, through regulations. Clearly, there is now a global focus on reigning in the excessive powers of the digital giants.
Obviously, it is far more difficult to regulate international cyberwarfare. It is not totally impossible, as nations on both sides of the ideological divide in the past have been able to do this in relation to nuclear warfare.
We will need to be prepared to strengthen our democratic principles to withstand the onslaught of cyber warfare. However, this will mean that some personal freedoms might be affected. This is not unlike situations in real warfare.
Peter Coroneos, the International Vice President of CyAN, the Cybersecurity Advisors Network and Australia’s top cyber legal and regulatory expert, Professor Patrick Fair, recently conducted lectures on these pressing issues.
Is the Government’s cybersecurity advice following Russian trolling activity sufficient or are deeper protections required?
Professor Fair listed a range of initiatives taken by the Australian Government over recent years. They include:
- Changes to foreign investment rules;
- New online safety legislation;
- Surveillance Legislation Amendment (Identify and Disrupt) Bill;
- New framework for Security of Critical Infrastructure;
- Review of the Privacy Act.
- Digital identity framework;
Inquiry into extremist movements and radicalism in Australia; and
Telecommunications security sector reform review.
On top of this, there are other regulations in the financial sector but especially also in the telecommunications sector. The key elements of the initiatives are broadly supported by the experts in the industry, but they do encounter problems.
A key issue is, and has been time and time again, the rushing through of legislation, without proper industry consultation.
This is more important than ever when the Government is wanting to gain access to the latest communications and data storage platforms for law enforcement and security purposes, including where it will disrupt, take over, modify functionality or install its own software. These aggressive new powers need to be used carefully, with appropriate transparency and supervision provisions that are often absent from the first drafts of the law.
The second area of concern is that rather than taking a holistic approach to the issue, we have a hopscotch of rules, legislation and regulations. This creates confusion, leads to mistakes and waters down the overall robustness of cybersecurity.
An extension of this issues is that it is unclear where it overlaps, replaces, or supersedes similar sorts of regulation in this industry.
While there is no doubt that cybersecurity is one of the most important issues that democratic nations need to address, it is equally important that this is done in a comprehensive and sensible way to ensure that we do get the best possible outcomes of this legislation.