When the Department of Foreign Affairs and Trade (DFAT) called for submissions on the development of Australia’s Cyber and Critical Technology International Engagement Strategy (CCTIES) Huawei was delighted to have the chance to lodge our submission, we feel this is a critically important issue.
There is much talk in media and political circles right now about Australia exerting its influence as a ‘middle power’ and there is a huge opportunity to do that in the field of cyber-security.
In our view, Australia should be putting cybersecurity at the heart of everything it does – ensuring Confidentiality, Integrity and Availability (CIA) of information across the board of government and commercial activities in the country.
As we have seen in the last year with several major cyber-security breaches at high-profile Australian businesses that have caused huge damage there is clearly a growing threat from the cyber environment and it is one that must be met head on.
To get the ball rolling DFAT should be taking the following actions at the earliest opportunity.
A) Increase cybersecurity capabilities and international cooperation by raising Australia’s cyber-security competences to the same level of development as other countries leading in this field and ensuring efficient exchanges of information and cooperation at cross-border level.
B) Make Australia a strong international player in cybersecurity and ensure that consumers, enterprises (including SMEs), and public administrations have access to the latest digital security technology, which is interoperable, competitive and trustworthy; ensures resilience, transparency; and respects fundamental human rights including the right to privacy, taking advantage of the booming global cybersecurity market.
C) Pursue a collaborative and information sharing, risk-management framework that provides an objective and transparent basis for knowing which products and services are worthy of trust, in particular with regard to new 5G technologies and emerging sectors such as Artificial Intelligence (AI), Cellular Vehicle to X (C2X), Internet of Things (loT), Industrial IoT (IIoT) and Consumer IoT (CIoT).
In addition, Australia should adhere to the principle of “openness and transparency” and explore strategic and fundamental solutions based on facts with international stakeholders.
A more connected world
The reality that we are facing as a country is that everything that we do across business and industry is becoming more connected and as more devices connect to the Internet, cyber security of Consumer IoT becomes a growing concern.
From a government point of view the reality is that citizens are entrusting their personal data to an increasing number of online devices and services and products and appliances that have traditionally been offline are now connected to the Internet and need to be designed to withstand cyber threats.
A new world has emerged, a world that new technologies like Artificial Intelligence (AI) will help evolve even faster, so governments need to help prepare their citizens for this.
Risks and Opportunities
This new world is not all about risks and danger – far from it – there are enormous opportunities to be exploited as well but we have to start thinking differently about how we deal with that risk.
For example, we need to start thinking about how we share responsibility for risk management between information and communication service providers, on the one hand, and equipment and third-party suppliers, on the other.
We need to start working out how we leverage market forces to drive greater assurance and transparency; develop risk informed procurement requirements for buyers of ICT; encourage telecom equipment suppliers to develop minimum industry standards for assurance and transparency; and how we really support conformance programs and independent testing.
The reality is that effective risk mitigation plans are necessary to address current and new emerging threats as much as possible, as there is no such thing as 100% assurance event for other essential services besides telecommunications.
To address the challenges to enhance cyber security, the European Union Agency for Network and Information Security (ENISA) published the analysis of the incident reports that the organization has been collecting from all Member States and consolidating since 2012.
System failures are the most common root cause, roughly two thirds every year. In total, system failures account for 636 of incident reports (68% of the total).
For this root cause category, over the last 7 years, the most common causes were hardware failures (36%) and software bugs (29%).
The second most common root cause over the 7 years of reporting is human errors with nearly a fifth of total incidents (17%, 162 incidents in total).
Getting co-operation right
In our view, DFAT should ensure cooperation with the European Commission (EC) and other Member States, their partner cybersecurity agencies – such as ENISA, the Federal Cyber Security Authority in Germany (BSI) and the National Cybersecurity Agency of France (ANSSI).
There should also be a closer collaboration with international industry partners such as 3GPP and GSMA – on 5G security specifications and network equipment security assurance scheme.
This could be achieved by setting up an international “Collaboration Group”, in order to support and facilitate strategic collaboration and exchange of information between partners and promote a swift and effective operational cooperation on specific cybersecurity incidents and sharing information about identified threats and vulnerabilities.
We are not alone
One of the most important tasks that we face as a country is ensuring cybersecurity throughout international collaboration and finding a balance between technology integration, human capital investments and innovation ecosystem will be critical to enhancing productivity in the next decade.
Since the telecom sector today is an enabler for the entire digital economy and society, Australia needs to act quickly with new policies and regularity frameworks to secure its global competitiveness and prosperity in the near future.
In numerous countries, such as Europe, China, South Korea, Singapore and Japan, significant changes have taken place within the ICT field, and patterns of consumption and needs have been radically shifting, demanding access to an ever-increasing array of digital services, which place an ever-increasing demand on the ICT infrastructure across which they are provided.
What’s more, even more is needed in the years to come, as service applications based on the IoT, distributed computing and Extended Reality (ER) will further develop and grow.
Where to now?
As outlined above DFAT and Australia really need to start forming relationships across the spectrum of international bodies to start establishing the required collaboration framework with the right partners – this will make it possible to…
1. Promote market forces, risk informed procurement requirements for assurance and transparency and development of supplier-focused minimal industry practices to meet those requirements.
2. Deliver a consistent set of regulations and additional recommended practices to address 5G security that allow the corresponding stakeholders to take responsibility and action for its overall implementation, and adhere to the principle of openness and transparency.
3. Show willingness to explore strategic and fundamental solutions with all relevant stakeholders and establish flagship projects aimed at attesting how 5G commercial products can leverage cybersecurity standards and recommended practices for relevant 5G use cases and scenarios, as well as showcase how 5G security features can be properly utilized.
The Australian Government should be a major player in the cyberspace, globally, and support the continuous evolution of the 3GPP 5G technical specifications with evolving usage scenarios and related conformance and testing programs.
For our part, Huawei is willing to collaborate with governments, security agencies, regulators and other relevant public and private organizations to embed trust in all business processes, telecoms supply chain, and enhance cybersecurity through research and innovation at global scale.
David Soldani is Chief Technology Officer and Cyber Security Officer at Huawei Australia
Please see link below for full copy of the Huawei submission to DFAT