Cecily Rawlinson, Director WA AustCyber Innovation Hub
First published in the WA Defence Review 2021 - 2022 Edition
We face shortages that affect our daily lives, in everything from cars to computer chips. The current global situation has highlighted challenges to our ability to rely on ourselves in times of crisis – this can be viewed as one of the negative consequences of entrenched globalisation. It’s no wonder that over the last 18 months the term ‘supply chains’ has entered our daily vernacular.
In 2020, the Australian Government issued a defence strategy update acknowledging national vulnerabilities stemming from a reliance on global supply chains. It called for greater security, including in sovereign industrial capability supporting Defence. The importance of being able to sufficiently meet our own needs has arguably never been more critical.
There is no doubt cyber security sovereignty will shape our future security and resilience. Cyber security was a notable inclusion in the announcement of the AUKUS partnership, highlighting its importance domestically and with Australia’s allies, who have placed faith in its capabilities. This represents an opportunity for Defence, industry and related supply chains in Western Australia. Businesses of all sizes must be ready to demonstrate their cyber-resilience to key customers.
It is the role of the WA AustCyber Innovation Hub (WAACIH) to raise awareness of local and national cyber commercial capabilities and promote job creation in the sector. There is an immediate opportunity for contractors and third-party providers to WA, and Australian defence contracts, to benefit from the Hub’s expertise and connections. Research has found SMEs are the most vulnerable to cyber security attacks and cybercrime. About one quarter of cyber incidents reported to the Australian Cyber Security Centre in the last 12 months were associated with Australia’s critical infrastructure or essential services. WA’s risk is heightened by the increasing use of, and connectivity to, systems like Operational Technology. This vulnerability leads to an increase in attacks on OT assets that impact critical infrastructure.
Supply chains – particularly software and services – continue to be targeted by malicious actors to gain access to vendors’ customers. A significant cyber risk threat arises from the inability to control security measures adopted by supply chain partners. A global study found two-thirds of IT decision-makers say their organisations have experienced a software supply chain attack. Virus insertion can arise at any stage in the supply chain. Supply chain management, at the hardware or software or communications level, must be a priority.
SMEs are the most vulnerable sector of Australian businesses to cyber attack. Supply chains are of strategic value to, and therefore targeted by, malicious actors. Current policy settings and legislation do not adequately address cyber risk in supply chains. Urgent action is needed to help SMEs and all businesses involved in the defence industry supply chain to protect themselves.
This is where WAACIH comes in. As the only neutral and impartial West Australian adviser on, and connector of, experts in the cyber risk and security landscape, AustCyber believes a strong domestic or sovereign cyber security industry can and should play a vital role in protecting the economy and industries. This will enable growth through informed uptake of trusted digital technologies. Having a national capability as a prominent and strategic part of the cyber security sector overall is fundamental to Australia's interests.
There is no reason to consider Australian software suppliers fundamentally more exposed or riskier than overseas suppliers. From an ongoing supply chain and sovereignty perspective, local suppliers may be less risky - particularly in critical infrastructure and defence industry supply chains. The NSW government’s example of committing to a target of 30% of its total ICT spend on SMEs is a public policy example to be commended. It disrupts ‘business as usual’ and gives local Australian SMEs a chance to develop their customer and knowledge base, and human capital. It fosters local innovation in ICT and cyber security.
Australian-owned businesses are also clear of external influences that might fetter the ADF’s access to supply during times of need. Through use of sovereign cyber security solutions, and by upskilling SMEs, Australia can limit cyber risks in strategic industries. WAACIH offers expert advice on how best to mitigate, minimise and defend against these risks in an evolving landscape.
Cyber security sovereignty will shape our future security and resilience. The question is, will your business and supply chain be ready, and will you able to demonstrate cyber resilience to key customers?