Cybersecurity discussion paper: one industry view

Cybersecurity company Tesserent has responded to the federal government’s 2023–2030 Australian Cyber Security Strategy Discussion Paper, with CEO Kurt Hansen applauding the initiative.

“Tesserent welcomes the Australian Government initiative to develop a 2023–2030 Australian Cyber Security Strategy. For the last 20 years, Australia’s approach to cybersecurity has been responsive, based on emerging incidents and risks,” Hansen said.

“Unlike our military and civil defence, which has an overarching set of goals and strategies, cybersecurity is littered with complex legislation and a diverse range of recommendations and standards. For example, while the SOCI Act and Essential Eight are both excellent, there is a lack of coherence that makes the cybersecurity regulatory environment extremely complex.

“Legislation and government advice is fractured. While the quality of information is high, there is a lack of integration and coherence with different compliance and regulatory regimes. Greater coordination that is unified under a strong strategic intent, like that of the civil and military defence force, is imperative,” he said.

Tesserent’s submission raises concerns about the rapid pace of development and access to artificial intelligence (AI), and supports calls for a more considered approach to its development and availability until shared safety protocols and robust AI governance frameworks are implemented.

“We believe an Australian Government-funded initiative in partnership with industry is needed to develop and test algorithms that protect applied AI models from existing vulnerabilities. The initiative should focus on researching how AI algorithms can be protected from cyber attacks. Development of governance frameworks and enhanced regulations to benefit society and human rights are needed to ensure this emerging technology is appropriately used,” Hansen said.

According to Tesserent, skill development is a major area of concern. Even with a world-leading strategy, the company says, our national capacity to execute will be limited unless we make significant investments and change our approach to how we encourage people to take up a career in cybersecurity, train them and support their ongoing education. Tesserent believes our future cybersecurity workforce requires national investment in education, skilled immigration and a new approach to accreditation. The company recommends the following priorities for action:

• Jump start Australia’s talent pool by working in partnership with Year 11 and 12 subject educators to embed cybersecurity fundamentals in the curriculum.
• Create industry pathways through apprenticeship programs and supported industry placements.
• Uplift cyber skills and support more specialised career pathways through nuanced skills development.
• Expand from tertiary degrees to micro certifications and recognition of prior learning, work and life experience.
   

The submission also highlights the company’s success in improving diversity in the industry and encouraging higher rates of female participation in cybersecurity. Women currently represent only 16% of the Australian cybersecurity industry workforce.

“Through Tesserent’s partnerships with the Australian Women in Security Network and OxCC (a cybersecurity training conference for women by women), and engagement with industry and technical partners, Tesserent is accelerating the support, enablement and training of women in cybersecurity. We take great pride in our commitment to inclusivity and diversity as demonstrated by our business having 20% of our skilled cybersecurity workforce being women, compared to the national cybersecurity female industry participation rate of 16%,” Hansen said.

These changes would inject more skilled resources to the cybersecurity ecosystem. The Australian Government should also consider tax and/or grant incentives for Australian cybersecurity companies to support new hires and upskilling programs, Tesserent said — and a change in how education and certification is offered could encourage career moves through a combination of subsidies, training and mentoring programs, as well as streamlined immigration policies.

“We share the vision to be the world’s most cyber secure country by 2025 and continue momentum after that to remain a world leader. We need the unified effort of government, industry and the community to achieve this,” Hansen said.

The company believes proactive support and investment across all tiers of government is critical to achieve broader and consistent outcomes that minimise risk. Priorities recommended to action include:

• Mobilise public–private partnerships to leverage staff expertise, accelerate cross-agency security clearance and portability to improve onboarding times.
• Shift towards outcome-focused contracting to prioritise objectives over time-based methods.
• Leverage federal purchasing power by sourcing tools and automation for best-practice outcomes.
   

This approach will enable the government to identify common services to be secured across all tiers of government and give senior leadership a sharp focus on consequences of risk and to better understand mitigation approaches.

“We believe a broader cyber uplift program could include coordination and investment across federal, state and local government and match the REDSPICE investment. Home Affairs recently received no new funding to set up a national office for cybersecurity. In contrast, the federal government invested heavily in centralised capability in the REDSPICE program,” Hansen said.

To uplift local data and capability and bolster Australia’s sovereign cyber capability, Tesserent supports increased collaboration with allies and investment in homegrown capabilities and intellectual property as key to maintaining control over our own data to counter interference.

The organisation recommends that the Australian Government commences a risk assessment of foreign services to ensure long-term support and relationships established with partner countries such as AUKUS and the Five Eyes alliance. Australia should leverage existing research in the UK, US and via Five Eyes to design new technologies and invest in Australian intellectual property to support national intelligence and defence communities to counter rising threats from overseas and criminal actors.

Image credit: iStock.com/Dmytro Yarmolin