Dr Marcus Thompson
Strategic Advisor at ParaFlare.
March 31, 2022
2 min read.
The Government’s budget investment of $9.9bn in Australia’s cyber capabilities should silence any doubts about the critical link between cyber security and national security.
For years, the cyber threats have increased in both scale and frequency, and the warning bells have sounded each time. Hospitals, telcos, logistics operators, mining companies, and universities have fallen victim to cyber-attacks, often crudely simplistic, that have crippled their ability to operate and exposed their customer’s information to the criminal world.
The threats are real, they’re active and they seek to do us real harm every day. There can no longer be any doubting that, or the potential for a large-scale cyber-attack against our growing critical infrastructure network.
To anyone in the game, especially the cyber operators who see the fight up close every day, the government’s investment has been a long wait. While too many businesses, organisations and everyday citizens are still waking up to the reality of the threats we face in cyberspace, our cyber operators have been fighting on the digital frontline without enough reinforcements. The government’s 10-year investment in our defensive and offensive cyber capabilities will include an extra 1900 jobs that will double the workforce of the Australian Signals Directorate. Great news, but it begs the question. Where will our cyber workforce come from?
No one goes into a cyber operations role to have an easy ride. It’s long hours, gruelling work and the potential for burnout is high. As the cyber-attacks increase, so does the burden on our already overstretched workforce.
The Australian Cyber Security Centre has worked tirelessly to stay ahead of the threats, and work with businesses and organisations to boost their cyber defences. Doubling their size is a sensible and appropriate recognition of their important role. However, the experts at the Australian Cyber Security Centre can’t, and shouldn’t, be expected to do everything. Every organisation in Australia has a responsibility to address their own cyber security, and the more astute leaders in the Australian economy have already recognised this and commenced the development of their own capabilities.
This has led to the current severe shortage of trained cyber security professionals in Australia, that will be exacerbated by the forecast growth in the Australia Cyber Security Centre. Finding the people will be hard. It’s hard now. If we want to grow the workforce that’s required to fortify and defend the nation in cyberspace, we need to train our way to success now.
As a reference model, we could do a lot worse than look to the mature and extremely effective training provided by our military. At its heart, the Australian Defence Force is an exceptional training organisation, with a core skill of recruiting new entrants and training them to be something, such as a pilot, an infantryman, or a cyber specialist. And of course, the Australian Defence Force is designed to scale when needed.
The character of conflict has changed. We only need to look to Russia and the Ukraine to see how that has been borne out on an integrated battlefield. Russia, long hailed as masters of information warfare – where cyber-attacks are a key part of the playbook – was outclassed early in the information fight by a Ukrainian opponent they underestimated. History can’t teach what it doesn’t know, and the lessons we need to learn are happening in real time.
When I assumed the role of Australia’s First Head of Information Warfare for the Australian Defence Force in 2017, cyber was an unpopular and poorly understood word. I remarked at the time that I looked forward to the day when Australian Commanders would think about kinetic and non-kinetic effects in the same breath. The situation in Russia and the Ukraine tells me that day has arrived, whether our commanders like it or not.
In cyberspace, everyday citizens are part of the modern battlefield which extends beyond all borders. That makes us all vulnerable, particularly when state-based cyber threat actors are particularly adept at retaliatory cyber-attacks against businesses and individuals to undermine our democratic way of life and fund their criminal enterprises.
This is the world in which we now fight, and we need to quickly grow our cyber workforce if we are to have any chance of success.
It’s now up to all of us to make that happen – from schools, to training organisations and academic institutions. We need to act now to recruit and train our cyber operators to fight and win in the cyber domain. Our nation’s security depends on it.
Marcus Thompson, AM, PhD is a retired Australian Army Major General, whose final appointment was the inaugural Head of Information Warfare for the Australian Defence Force. His current appointments include Chief Strategy Adviser at cyber security company ParaFlare.
If you have a cyber security concern, or think you’ve been breached, call us on 1300 292 946.
Have a comment? Join the conversation on LinkedIn