A turning point in approach to defence
By Aidan Tudehope
The importance of cyber security to Canberra’s and the Australian Defence Force’s capabilities has never been more clear-cut.
With the release of the public version of the Defence Strategic Review, which sets the agenda for ambitious, but necessary, reform to Defence’s posture and structure, the government has provided the strongest indication of its cyber defence focus to date.
Examples include highlighting the need for “substantial investments in cyber security” and “robust cyber security and data
networks”, identifying that while an invasion of Australia is unlikely, “any adversary could seek to coerce Australia through cyber attacks”, and that “cyber warfare is not bound by geography”.
Bringing attention to these areas is incredibly important and welcome given the evolving threats we face and the modern nature of warfare.
Cyber is a form of power projection which can be used in advance of kinetic attacks, or to cripple critical national infrastructure. It is also a tool of statecraft that is used for coercion, as the strategic review has rightly called out.
To unilaterally deter offensive military action against Australia’s forces, and to protect Australia’s social and economic interests, high-level cyber capability, and the digital infrastructure that supports it, must be fundamental to Defence capability.
Opportunity for sovereign industry expansion.
The Prime Minister called out in his strategic review speech the “need to have greater control over our national sovereignty”. In this context, it’s important to call out local industries directly supporting Defence, including cyber security, ICT and space.
When these sectors are strong, Australia is less vulnerable to global supply-chain challenges and less reliant on our allies and partners for enabling capabilities during conflict. The government has strongly indicated its commitment to grow Australia’s sovereign industrial capability through the review’s updated uplift programs.
This follows commitments from Minister for Cyber Security Clare O’Neil to develop and nurture a sovereign cyber security industry and calls from Home Affairs Secretary Mike Pezzullo for a data localisation strategy to benefit homegrown industry.
Cyber defence and sovereignty go hand in hand, particularly given the primary cyber threat in a conflict is nation-based or nation-sponsored cyber-attacks.
These attacks target data, and without sovereign control over where our data is stored and how it is accessed, we don’t have the ability to protect it.
Fostering local industry doesn’t mean shifting away from the influence and innovation that can come from multinational technology partners either, it means harnessing that power to uplift the local sector.
Generally, Defence has experience here, evidenced most recently by the agreement struck to build eight nuclear-powered submarines in Adelaide – a prime example of international partnership driving local innovation, jobs, and economic activity.
But with technology, Australia has developed an overreliance on multinational corporations, evidenced by the fact our $1.89 billion infrastructure-as-a-service (IaaS) market is dominated by international cloud providers. In other words, they’re at the helm of where and how most of our data is stored, managed and processed.
Now that the worlds of Defence, technology, and cyber security are so interwoven, as made clear by the strategic review, it’s time the same sovereign uplift capability mindset is injected into all sovereign industries essential to protecting the nation.
AUKUS is key in this regard – by putting Australia’s homegrown capabilities front and centre, we become a capability contributor, not just a capability consumer, and bring more value to this critical pact.
This shift will require changes in Defence procurement. In the strategic review, the government has recommended reform of Defence’s capability procurement; specifically, to focus on “delivering timely and relevant capability” and move away from “project management risk” towards “strategic risk management”.
This guidance will help Defence achieve the right balance of local-ally-partner capabilities to support the ADF warfighter. A balance that will ensure Australia contributes strongly to AUKUS.
The risk of status quo is now greater than the risk of change.
The strategic review presents a once-in-a century opportunity for the government and Defence to be bold in uplifting Australia’s sovereign industrial capability. Doing so will provide national resilience through robust cyber security, data networks, and space capabilities with capacity to scale as the review recommends.
We’re now at a point where the risk of not changing our defence force to meet Australia’s new geo-strategic environment
and protect the Australian warfighter, far outweighs the risks of retaining the status quo.
Further, time is against us if we want to persist in trying to uplift long-time incumbent providers instead of making a real
change in capability by adopting new-age providers who will provide the capability required by Defence.
The strategic review gives permission and demands that bold decisions are made by Defence. Incrementalism won’t provide the future Defence needs.
Both the threat and the opportunity have been articulated. Canberra can now foster the opportunity for Australian primes to grow and sovereign industries supporting Defence to thrive, which will bolster Australia’s security, create jobs, and ensure scientific and technological prowess that will improve knowledge, innovation, and expertise for decades to come.
This article appeared in the Canberra Times on 1 May 2023