Claire Taylor 08 May 2020
Australia, like the rest of the world, is becoming more technologically integrated than ever before. This can be seen in the expansion of online banking, medical records and utilities, as well as the increased capacity to work at home which has been vital in this time during the corona pandemic. This advancement brings with it greater access to services and information and is largely a benefit to the general public. However, with this expansion there is a greater risk of cyber security threats, and because of the growing reliance on information and communications technology (ICT), the fall out of any attack is greater than ever before and this will only continue to increase. This is also true for the defence industry, which is arguably of greater importance.
The Department of Defence, Defence Science and Technology Organisation (DSTO) recently released the 'Future Cyber Security Landscape' paper which discussed the growing reliance on ICT in the context of government, health, and energy industries and the vulnerabilities that are left open to them as a result of this growing dependence. These include:
- Increasing digitisation;
- Increasing complexity;
- Increasing outsourcing;
- Lagging security posture; and
- Increasing interconnectedness.
In the context of defence, these are issues that will impact the security of information. The DSTO also released ‘Cyber 2020 Vision’ which touches on the steps being taken to equip the Australian Defence Force with strategies to address these vulnerabilities. The emphasis in this paper is to conduct and invest in research as well as an integrated cyber science and technology program. While these are positive actions to take towards good cyber hygiene, an area of concern that wasn’t addressed substantially was the cyber risk of contractors.
Taking into account the cyber attack on Visser Precision this year, which resulted in the leak of military-related documents belonging to Boeing, it’s clear that defence cyber security cannot be isolated to government agencies and instead a greater focus needs to be on the cyber security of contractors big and small. This is particularly relevant because Boeing, amongst others, is one of the Australian Defence Force’s largest contractors.
To address this threat, the United States announced it would implement the Cyber Maturity Model Certificate (CMMC). This is a tiered cyber security accreditation that all contractors must meet in order to be involved with their Department of Defense. All contractors must meet the minimum first tier and then any subsequent tiers based on the type of information to which they would have access. This ensures that every contractor would have a base standard of cybersecurity literacy and is taking affirmative action to address their cyber security vulnerabilities. It would be wise for Australia to adopt similar requirements for its defence contractors because should there be a breach in cybersecurity, as we become more reliant on it, the more catastrophic it will be on the everyday functioning of the military, let alone the privacy and security ramifications that would surely follow.