On Wednesday, former Australian Prime Minister Malcolm Turnbull expressed regrets he had not done a better job encouraging Australian governments and businesses to purchase Australian cybersecurity products.
The comments, encouraging the country to build an Australia able to secure itself, put a cyber industry spin on growing international efforts for countries to decouple themselves from the U.S. and China.
“We should be developing a world-leading cybersecurity industry," Turnbull said.
Turnbull made the comments on stage with Alastair “Almac” MacGibbon, the Chief Strategy Officer of CyberCX, a corporation, and executive emblematic of Australia’s reimagining of its cybersecurity industry.
MacGibbon was Turnbull’s chief cybersecurity adviser until early 2019. By the end of the year, he had joined CyberCX, a venture-backed company merging 12 leading Australian cybersecurity firms. CyberCX has continued to expand, this week announcing its first New Zealand offices. It’s been touted as a mechanism to fend off the big industry players from absorbing the region without a local fight.
Both Turnbull and MacGibbon had been embroiled in a series of cybersecurity fiascos affecting the 2016 census that Turnbull pins on faulty services provided by IBM – a prototypically big international firm of the type Turnbull wishes to replace with homegrown talent.
“That was a classic case of an Australian agency... thinking that if they go with IBM, everything will be all right,” Turnbull said Wednesday.
CyberCX and the Australian government have both stressed that the lack of a domestic cybersecurity industry that can keep step with North America, Europe, and Asia ultimately weakens domestic security.
That’s an argument shared around the world, even in several of the cyber superpowers.
“What we're seeing now is a move toward digital sovereignty,” said Sarah Kreps, John L. Wetherill Professor of Government at Cornell University.
The global supply chain, ranging from Huawei’s telephony equipment to Kaspersky’s antivirus to operating systems from Microsoft and Google were long a part of a complex global supply chain, where products could be designed and assembled in multiple countries.
But in 2017, the U.S. banned Moscow-based Kaspersky software from federal computers, citing security concerns. Russia responded by threatening to ban Microsoft products.
And in an ongoing series of disputes covering a smorgasbord of grievances, the United States has run Huawei and ZTE through the wringer, threatening to withhold critical U.S. technology like semiconductors, trade wars, and to ban domestic use of the foreign firm’s equipment. The U.S. has globally cajoled other nations to do the same.
While China and the U.S. battle over their own digital sovereignty, the countries that use their products are caught choosing sides.
“The EU has said that rising tensions between the U.S. and China, plus COVID-19 have made those reliances less tenable and is now aspiring to be more independent – a ‘tech superpower’ rather than what they refer to as a ‘referee,’” said Kreps. “They're trying to decouple from the U.S. and China while providing an alternative to each.”
Australia’s approach seems geared not only to extend security but to expand economic reach.
“In larger economies, it’s not uncommon to see countries find ways to backing their own citizens,” said Scott Crawford, research director of 451 Research, a division of S&P Global Market Intelligence.
Australia lacks some of the homegrown cyber industry seen in other countries, because it doesn’t have the same military focus on the field. Many of the dominant countries in the cybersecurity industry benefit from massive military spending and military-trained personnel providing expertise to the market, including the U.S., U.K., Israel, China, and Russia.
To a broader security consumer base, Australia fostering a more formidable cybersecurity industry can offer distinct advantages. Regionalism can benefit security everywhere, said Crawford. Local cybersecurity firms are often quickest to adapt to region-specific threats and trends – Latin America, for example, has unique banking challenges – and as those threats expand globally, that expertise can be exported.
“I’d say any country finding ways to build a more experienced cybersecurity workforce benefits everybody,” said Crawford. “The workforce isn’t big enough without it.”