Cyber security brain drain must be plugged by big business, government bravery, expert says

CERT-LatestNews Malware Security News SocialEngineering ThreatsActivists ThreatsCybercrime ThreatsEconomic ThreatsStrategic

Posted June 17, 2017 07:30:00

Australia’s cyber security brain drain could be slowed if big business and governments were less afraid to embrace local start-ups and new technology, an expert says.

Too many companies are moving abroad after struggling to secure contracts at home, according to Professor Greg Austin, from the Centre for Cyber Security at the University of New South Wales.

“The industry groups here complain that they can’t sell anything made in Australia to the Australian government unless a foreign corporation or government has bought it first,” he said.

Cog Systems, a promising start-up operating out of an unassuming office among the cafes and restaurants of Newtown in Sydney, has every reason to leave the country.

The company has developed the technology underpinning what is marketed as the world’s most secure smartphone, and so far the bulk of its customers are based in the United States.

They include the US Department of Defense, Department of Homeland Security, and other government agencies.

“We’ve been focusing on government users largely because they drive the high ground,” chief executive officer Dr Daniel Potts said.

“They set a lot of the certification standards to try to make things better.

“That then trickles into the large enterprises and then the rest of the consumer market.”

Cog Systems’ technology, known as D4 Secure, uses two distinct layers of enhanced encryption to protect mobile data from being stolen by hackers.

HTC phones modified to use the software are considered so invulnerable to attack that America’s spy agency, the NSA, recently certified the devices, effectively endorsing the product for the handling and storage of classified information.

This will increase its appeal to a lucrative and privacy-minded clientele.

“It’s kind of the bar that you need to cross to demonstrate that your device is suitable for use in government entities,” Cog Systems’ chief marketing officer, Carl Nerup said.

Government procurement lack skills to assess quality

Despite making significant inroads in the US market, Cog Systems remains proudly Australian-based, even though it means senior staff frequently travel overseas.

The fact that companies like Cog Systems receive much less interest at home is symptomatic of a worsening cyber security skills shortage, according to Professor Austin.

He believes Australia simply does not have enough expertise with which to judge the merits of emerging products and ideas, and steers clear of them.

“There’s a lack of confidence in Australian government procurement of inventions and products made in Australia unless they’ve been purchased by governments like the United States who can validate them,” he said.

“That speaks to the skills shortage because … we have people in government who haven’t been educated to assess correctly the quality of these inventions and the impact they might have on efficiency and security.”

The man who has the ear of Prime Minister Malcolm Turnbull on these matters has acknowledged the problem.

“You hear this story time and time again,” Alastair MacGibbon, the Prime Minister’s special advisor on cyber security, said.

“Smart technology, developed in Australia, had to go offshore to sell it.”

Mr MacGibbon, who has previously worked for the Australian Federal Police and eBay, said the Federal Government should be doing business with homegrown start-ups.

“Australia has to eat its own dog food, so to speak,” he said.

A plan to break the cycle

In April, 2016, Prime Minister Malcolm Turnbull launched the Federal Government’s cyber security strategy, which included $230 million over four years to fund education, training and research.

Some of that funding was used to establish the Australian Cyber Security Growth Network, which aims to develop a thriving industry at home.

The network is being run by Craig Davies, formerly the chief security information officer with Atlassian, an Australian software company that earned “unicorn status” when it was valued at more than $1 billion in 2015.

Mr Davies said while he understood why local start-ups chase international success, he would like to see fewer of them leaving the country.

“The job of the network is to break that cycle,” he said.

The network is developing a program, called Gov Pitch, to help bring together the heads of government departments and promising start-ups offering innovative products, Mr Davies said.

“We’re going to take … six Australian firms and we’re going to put them in front of the decision makers of a number of big Federal Government departments, and we’re literally going to showcase them as a pitch,” he said.

Mr Davies said there was a culture of “risk aversion” among Australian governments and businesses when it comes to embracing new technology, and it needed to change.

“Australian businesses want to see somebody else go first before they take it on,” he said.

“It’s almost like we don’t believe ourselves, we don’t believe that an Australian firm could have done that, and I think it’s crazy.”

Topics: information-and-communication, computers-and-technology, internet-technology, defence-and-national-security, australia