The federal government released Australia’s Cyber Security Strategy 2020 to the usual bouquets and brickbats. The focus on critical infrastructure was welcomed but the strategy was also seen to lack precision. The clear message to all board members to take cyber seriously was applauded but the focus on policing and intelligence was queried.
Australia’s Cyber Security Strategy 2020 fixes national attention on cyber security. It does this at a time when doing the minimum, or looking the other way, is no longer an option. Nor is cyber security something that we can leave for policing and intelligence agencies to pursue on our behalf. We are all in this together.
Australia’s economy is digitally geared
The Australian Cyber Security Growth Network (AustCyber) and Synergy partnered to show that Australia’s digital infrastructure and data are core to the value and growth of Australia’s economy.
Australia has a critical economic dependency in the digital domain and therefore the trust and security of it.
The Australian Digital Trust Report 2020 shows the extent to which our economy is digitally geared, but also the extent to which the economy is digitally dependent. For example, digital activity:
- contributes $426 billion to the Australian economy
- generates $1 trillion in gross economic output
- equates to 1 in 6 jobs in the national economy.
The quality of digitisation and its trustworthiness is now under immense pressure as we respond to the COVID-19 pandemic. The Minister’s foreword to Australia’s Cyber Security Strategy 2020acknowledges the importance of building trust in the digital economy:
We will develop new government capabilities, incentivise industry to protect themselves and their customers, build trust in the digital economy, and support the community to be secure online.
The mass migration to online retail, remote working, and online education has disrupted our lives, tested our personal resilience, challenged traditional practices, and opened new opportunities. It has also significantly heightened the cyber security risk through malicious attacks and the careless actions of everyday users.
The economic and social cost of digital disruption
The Digital Trust Report shows that a four-week digital disruption resulting from a significant cyber incident could cost the economy $30 billion, the equivalent of around 1.5 per cent of GDP and an estimated direct loss of 163,000 jobs. These economic costs quickly compound when the often-overlooked social consequences of a loss of trust in digital infrastructure and data integrity is considered.
The Nobel Prize winning economist Kenneth Arrow observed that trust is an ‘invisible institution’ that makes economies work more effectively. The same is true in the digital economy. Digital trust is the level of confidence users have in the ability of technology to enable a high functioning cyber-physical world. It is earned by providing secure, private, safe, and reliable access to (and interaction with) technology, as well as the ways in which technology has been designed, constructed, and delivered. Cyber security is a core pillar of digital trust in the economy.
We are both dependent on, and distrustful of, digital technology. But we don’t behave as if we mistrust technology. Instead, we are using technology more intensively in every aspect of our lives.
For example, as 315 million downloads worldwide of TikTok between January and March 2020 shows we will happily give our data to gain access to a community and entertainment. At the same time, many governments around the world struggled to get their citizens to download COVID-19 contact tracing apps in response to a clear and immediate threat to public health.
How we place trust in a digital world is a complicated calculus of social, rational, and emotional considerations. We need to accelerate a culture and reputation for high digital trust and resilience. The cost of digital failure is too high.
Integration, fragility, and digital trust
Our deeply integrated digital economy brings great opportunity, but it is also more fragile.
Digital trust is critical to the resilience of the digital economy but losing the trust of business in digital infrastructure, or consumers in business, or citizens in government makes the digital economy frail.
As the British sociologist Anthony Giddens noted in 1990, technology-dependent societies demand that citizens place trust for their security and prosperity into technological networks whose operation they do not understand and cannot control.
Successful cyber-attacks strike directly at our trust in business, institutions, and increasingly, community where malicious attacks seek to undermine trust through misinformation, distortion, and disruption.
As we learn from our deepening interactions with digital technology, the problem of how we calculate and place trust in a digital world is also evolving. Questions of privacy, purpose and dependability come to the front of the public consciousness in trusting government, but those same questions are less stringently applied to social media and entertainment. What we trust, who we trust, and how we trust are becoming, and should continue to be, matters of debate and education in Australia.
Our economy is becoming more reliant on fast, reliable, and secure digital infrastructure. This brings tremendous opportunity and additional risk.
Malicious foreign actors and criminals are seeking to exploit technological and human weaknesses in our integrated systems. Investments in improving the resilience of our digital economy is important to deter malicious activity but also to attract investment to Australia as a trusted place to do business. This will require government, industry, business, and the community to work together.
The Cyber Security Strategy focuses on improving resilience of Australia’s critical infrastructure. This is an important foundation of digital trust. It is less forthright on bolstering the role of industry and businesses across the economy. It is also weaker on workforce (other than having more) and community as central to digital resilience. These oversights may reflect the constraints of seeing the digital economy through a national security lens.
What else might be considered as part of the Cyber Security Strategy?
- Focusing on the health of the digital economy. The Cyber Security Strategy might have taken a more expansive view of the digital economy to move beyond the defensive mindset of security to include investment in the health of Australia’s digital economy. The focus could have been on the systems and infrastructure for safe digital environments for consumers and business, setting the business and community benchmarks for secure digital practice, and the governance and performance of the physical infrastructures on which digital economy depends.
- Industry, business, and community at the centre. It is easy to overlook that much of Australia’s digital activity happens in the private sector between businesses and the community and from business to business. Our most mature and trusted systems are in banking where government, industry, business, and the community are all seen to contribute to security and resilience. What would a Cyber Security Strategy look like if industry, business, and community were at the centre of our strategy as well as national security.
- Digital culture is people and technology. There is a culture of practice that is embedded in the way we work in the digital economy. It has evolved organically, and best practice is unevenly distributed. The resilience of the digital economy requires government and business to work in partnership to ‘raise all the boats’ to higher levels of practice. This has happened in the banking and finance sector but needs to translate across the economy.
- From Compliance to Engagement. The language of compliance runs through all our conversations about digital security. Digital trust is core to the successful operation of the digital economy. Trust is a human activity. We need to move our language from the paternalism of compliance to engaging people as active participants in delivering security and resilience.
Overall, Australia’s Cyber Security Strategy 2020 is good start to a problem we have all been walking around. The investments will contribute to building trust in the foundations of the digital economy. However, these investments will only get us so far. There is a need for us all to take a more expansive view of the opportunities and challenges we will face as our digital dependence deepens.
About the Author
Dr David Schmidtchen is a Partner in Synergy’s creativeXpeople practice. His professional and academic focus is on the intersection between people, work, technology, and organisation. David is a Visiting Fellow at University of New South Wales School of Business in Canberra.