As Australia prepares to release its next White Paper on defense policy, expert eyes are waiting to see whether it will match the declaration by Malcolm Turnbull, the country’s new prime minister, that his government is one fit for the 21st century. Turnbull has set out a vision, in broad terms only so far, that he wants Australia to move more quickly to become a country of digital innovation. As an indication of intentions, he moved the responsibility for digital policy to his own Department of Prime Minister and Cabinet and convened an innovation round table just a week ago. What will the new White Paper say about the country’s cyber war planning and capabilities?
The need for 21st century innovation in the defense portfolio is urgent, as a number of submissions to the 2015 White Paper through this year argued, not least those from specialists with direct experience in Australia’s intelligence and security services or its armed forces. One of these submissions, by the author, was revised and published under the title “Australia’s Digital Skills for War and Peace” in an Australian peer-reviewed journal in December 2014.
As part of its case, the article developed arguments and data provided by others, including the Australian Computer Society (ACS), that our universities were doing badly in educating Australians for the cyber age. Between 1999 and 2013, statistics of the Australian Department of Education show that our annual corpus of new domestic student graduates in information technology (IT) fell by 46 percent, though there was an upturn in 2012 and 2013. (This reference to IT graduates does not include electrical engineers, which saw an increase.)
According to the ACS, we were able to compensate for the sharp decline in IT graduates in part by temporary ICT migrants to Australia, which in 2009-10 numbered 8,530 – double the number of our own IT graduates for that year (ACS 2011: 27-28). (Data for later years does not allow a similarly granular comparison.)
In terms of student satisfaction with our IT tertiary offerings, Education Department data for 2005 to 2012, the latest available as of December 2014, showed that the completion rate for students enrolled in information technology over the period was only 61 percent, significantly lower than for any other of the ten general categories of study.
The article argued that any country “cannot hope to have cyber talents for war if it does not develop them in peacetime and if it does not have a strategy for transitioning these skills from the civil economy to military uses when emergencies dictate.” It also highlighted what it called a “virtuous circle of innovation” ─ the fact that “enhanced development of military cyber skills and strategies has flow-on effects to civil economy.”
The picture of weakness in our university-based IT education is matched in university-based research. While there are pockets of expertise and excellence in research, a review of research performance show high performance only in selected aspects of IT.
The results of the 2012 Excellence in Research analysis for the discipline of Information and Computing Sciences by the Australian Research Council reported out of 41 eligible universities, only two — the Australian National University (ANU) and the University of Melbourne) — were graded at 5 (on a sliding scale of 1-5) in the overall field. This is given a two-digit code (08) for the field of research (FOR). Only three other universities — Adelaide, the University of New South Wales (UNSW), and Queensland — received a ranking of 5 in any single four-digit sub-codes.
More concerning is the fact no single university received more than one 5 in any of the eight possible sub-codes. Even more worrying is the fact that out of a hypothetically possible 328 sub-code assessments (41 universities x 8 sub-codes), over 230 (or 70 percent) were “not assessed.” It seems that Australia is not even researching the bulk of the field of information technology!
In the same 2012 report, the situation Australia-wide in the Mathematic Sciences, another core discipline for cyber security, was even worse, though ANU, UNSW, and the University of Queensland scored comparatively well, and Monash and the University of Western Australia figured more prominently than in Information and Computing Sciences.
There is a direct link between the weak research position of the bulk of our universities and the collapse of undergraduate education in information technology (IT) in Australia.
Australia also has a weak information technology (IT) industry base, notwithstanding clear internationally competitive achievements, such as contributions to some key aspects of WiFi technology. We need to attract more venture capitalists, regardless of nationality, and get their money into university-based and industry-based R&D for IT.
Weaknesses in Australia’s cybersecurity situation in the civil sector (vulnerabilities everywhere) are not unique to Australia, but our inability to provide the skills base we need to overcome them, and a lack of industrial options to address them, must translate into great military dangers for the country.
There is recognition in the government and the university sector of the need for urgent reform. This has been evident through a government consultation on cyber security led by the Department of Prime Minister and Cabinet, the results of which are expected soon. The private sector is mobilizing in this sub-field as well and bringing new funds to the university sector. In the past two years, new centers for cybersecurity have been set up in several Australian universities.
So far, the leading university in the field of cybersecurity broadly defined (including cyber war) is probably the University of New South Wales, which set up its cybersecurity center in 2014. Among similar centers in Australian universities, it has the broadest remit and largest cohort of associated scholars (some 53). It should be noted that UNSW showed scores (all 3 or above) in more of the eight sub-fields (the sub-codes) of IT mentioned above than any other university.
One important feature of the Australian Center for Cyber Security (ACCS) at UNSW Canberra is its location at the Australian Defense Force Academy, the main officer cadet tertiary education facility in the country.
ACCS was tasked by UNSW Canberra with setting up in 2015 the first course in cybersecurity compulsory for all undergraduates in any Australian university. In 2016, ACCS and its partner schools (Humanities and Social Sciences and Engineering and IT) will deliver the first course in any Australian university in cyber war and diplomacy. The course has few peers in universities in the English speaking world.
In November 2015, ACCS will partner with the country’s Defense Science and Technology Group in the Department of Defense in a one-day conference that will take a critical, if informal or unofficial look, at the country’s R&D priorities for national cybersecurity.
There are many departure points for this conference. On the one hand, there are developing capabilities in countries like the United States, China, Russia, and Japan. Australia therefore needs its own sovereign capabilities. On the other hand, there is the important consideration that cybersecurity is bigger than each of us, either at the national level or the international level.
Just where a country like Australia needs to position itself in this highly dynamic and complex environment (the “infosphere”) is something that only the collective wisdom of the country’s best minds can answer, working in partnership. We need first of all an open and public debate on our military, security, and civil needs in cyberspace and how well our emerging capabilities match those needs. We would have to admit, as so many specialists have argued, that we are badly lagging.