A secure cyberspace is about strategy, policy and culture, and failing to engage with the breadth and depth of cybersecurity will have impacts for economic growth, social prosperity and national security, Michelle Price writes.
Not so long ago, cyberspace was almost exclusively considered a strange and dark virtual place represented by Matrix-green ones and zeros and, of course, the ubiquitous hoodie. Much of the public consciousness still relies on these images as the go-to, but a more mature understanding of the burgeoning online world has emerged.
The stereotypes are necessarily making way for an increasingly professionalised ecosystem of governments, boardrooms, small businesses, innovators and users taking advantage of ever-evolving, connected technology. Trillions of dollars in economic value have been added to the global economy as a result and we can no longer imagine a time without ‘smart’ mobile devices. Beyond devices, billions of things are being connected to the Internet and to each other—the Internet of Things is in many ways the Internet of Everything.
From the global economy through to an entrepreneur working from home, from pre-schoolers to blue sky research and every circumstance in between, we are all are now deeply dependent on being connected. Even for the four billion people not yet plugged in, the societal systems on which they rely are connected in some way to and through cyberspace.
Cyberspace is a now a heady mix of the virtual and physical, a domain in which economic prosperity and security are colliding at a rapid pace. This is having disruptive impacts on strategy, statecraft and—unlike most other global domains—individuals. It enables nations, organisations and people to skip geography and instantly form relationships, rapidly create and access information and generate new ways of improving their economic standing.
Digital forces for good are deftly met by forces for bad. Cyber threats and risks are ever-evolving and the myriad malicious cyber actors operate effectively, efficiently and without much restraint—and increasingly with real world consequences.
By way of example, an Internet connection offers an entrepreneur comparatively inexpensive infrastructure to access international markets for their cutting edge innovation. This is the same infrastructure used by criminals to access unsecured networks and steal information. That information can be purchased by a perpetrator of domestic violence to control their victim’s identity and finances—and if physically separated, locate them to potentially devastating effect. Here, unpacking the issues even at the highest level go to matters of law, privacy, safety, ethics, risk, security, technology, societal behaviour and, importantly, capability and capacity to prevent and respond to malicious cyber incidents.
There are of course extrapolations of this example that extend to matters of statecraft and national security. That’s why we are seeing global debate on what is considered appropriate behaviour of nations in cyberspace and NATO’s recent announcement to recognise cyberspace as a ‘domain’ of war like land, sea and air. Then there are many other matters such as maliciously changing online data rather than simply stealing it (information manipulation) and appetite and tolerance for risk in cyberspace. Australians are one of the highest targets internationally for malicious software that holds information for ransom (ransomware) and we frequently click on malicious links in emails (phishing and spearphishing). Both often result in stolen data and financial loss. Equally concerning, they involve malicious cyber actors gaining access to networks—which could include networks beyond those of the first point of entry.
Trust online and confidence in cyberspace itself is critical. Herein lies the role of cybersecurity and why for most people, a secure cyberspace is far less about ones and zeros and far more about strategy, policy and culture. Not engaging with the breadth and depth of cyber security has impacts for economic growth, social prosperity and ultimately national security.
The technical aspects of cybersecurity are crucial in tackling the opportunities and challenges of cyberspace. Though it is also about how we organise ourselves to tackle the challenges and pursue opportunities. To keep pace, let alone be ahead, we need innovative solutions and a significant cultural shift in how we conceive of being secure online and the intersections of cyberspace with the physical world.
This is why there is a growing focus on cybersecurity. It is dynamic, fast paced and, despite prevailing senses of doom, there are many upsides. It uniquely delivers a double benefit—the broader economic and social benefits of being connected as well as a global market for things that make cyberspace secure (which is growing at around eight per cent a year, twice as fast as the global economy).
It also offers opportunities for local and international leadership as well as dynamic partnerships between the public sector, private sectors and the research community. The recent announcement of a cyber security capability development collaboration between the Australian National University and the Australian Signals Directorate is one of many examples.
Australia is on the cusp of being a significant player across the spectrum of defence, innovation, education and international debates. The Australian Government’s recently released Cyber Security Strategy seeks to propel Australia’s standing in this regard and develop a mature approach to the evolving relationship between prosperity and security.
Much is underway across Australia that will support the achievement of the Strategy’s objectives. However, focused energy must go to addressing cultural barriers to succeeding on improved cybersecurity.
The Strategy signals that cybersecurity is a strategic issue for Australia and puts in place a leadership structure to support this, one which includes the Prime Minister. This should encourage all organisations, large or small, public or private, to challenge internal cultures and think about cybersecurity as more than an IT issue. This will challenge myriad policy and at least initially, likely raise more questions than available answers. But taking a step forward on cultural shift is like most other things in cyberspace—it does not need to be done alone and will probably have more impact if done in partnership.
The breadth and depth of strategic challenges in cyberspace are yet to be fully realised but right now the opportunities are begging.