Tim Watts (Gellibrand, Australian Labor Party, Shadow Assistant Minister for Communications) Share this | Hansard source

We are now deep in a national recession, but the Morrison government still don't have a plan for getting Australia out of it. The Morrison government expect another 400,000 Australians to lose their jobs between now and Christmas, but they won't tell us what they're going to do about it. They've got a political plan for whom they're going to blame, and we've seen that throughout the television networks this morning, but they don't yet have a proper plan for jobs for the Australian people.

Defence industry could play an important role in a national jobs plan for Australia's post-COVID-19 recovery if the government showed some vision. In my portfolio, the domestic capability of Australia's cybersecurity industry is now a crucial part of Australia's ability to defend itself, and it could be a major source of jobs in Australia's economic recovery. Both the 2020 Defence Strategic Update and the 2020 Force Structure Plan recognised the importance of cyber capabilities for Australia's Defence Force. The defence mobilisation review found in that, in the cyberfronts of modern unconventional warfare, 'many of the targets will be civilian businesses and individuals' and that, similarly, 'the resources needed to respond will be mostly privately held'. Responding in this context will be 'a whole of nation endeavour'. But, while our cyber defence planners have a growing appreciation of the role of cyber in Australia's war-fighting capacity, the Australian government's understanding of Australia's cybersecurity sector as a crucial sovereign capability in Australia's defence industry is stuck in the last century.

Cybersecurity capabilities are slightly different from other defence capabilities. Offensive and defensive cybersecurity capabilities are two sides of the same coin. You can't understand one without understanding the other. At the same time, the terrain of these offensive and defensive cybersecurity capabilities traverses defence and civilian networks, public and privately owned infrastructure and OT networks, decades-old legacy systems and rapidly innovating new systems. Cybersecurity capabilities can't exist in isolation. They can't be built in a lab cut off from the world. They need to be embedded in a diverse, interconnected and rapidly evolving sector to be effective. They need a thriving ecosystem in which to develop—not just well resourced security agencies and defence forces but also a network of cybersecurity firms, big and small, local and international, as well as independent researchers, academics and savvy journalists.

A division having been called in the House of Representatives—

Sitting suspended from 12:27 to 12:37

The Australian private sector cybersecurity companies in particular have a significant role to play in helping to defend Australia from cyberattacks and in building the necessary resilience to protect Australians from the near constant cyberattacks that we experience today. We already have a number of world-class cybersecurity companies providing key capabilities, like Sapien's OT security monitoring, Red Piranha's threat management platform, UpGuard's supply chain risk management framework and Senetas's post-quantum cryptography. The local cybersecurity industry isn't just a part of our national cyberdefence; they are also a source of high-wage jobs in a sector that's only going to grow in coming years. Business analysis firm Canalys forecast that cybersecurity spending will increase by between 2.5 per cent and 5.6 per cent globally this year despite the wider budget pressures on companies during and after the COVID-19 pandemic.

AustCyber has forecast that Australia will require an extra 17,000 additional cybersecurity workers by 2026 to meet this security challenge, but, despite the pressing need for local capability and the job creation opportunity that it represents, we're missing the opportunity. The Morrison government's recently released Australia's Cyber Security Strategy 2020 set no objectives for domestic cybersecurity industry development and supported no policies to grow the local industry. Similarly, there was little urgency to scale up investment and technological innovation in the recent Defence Strategic Update. We're investing more and more in the cybercapabilities of our security and defence agencies—well and good—but we're not matching this in the local ecosystem needed to support, grow and develop our national cybercapabilities.

Given the security and economic imperative, it's time for government to consider an Australian strategic technology industry policy. A strategic industry policy for the information age would align research and development, government procurement rules on local and SME participation, defence spending, higher education and industry policies to the development of strategically important sovereign capabilities and growth opportunities in a cybersecurity sector, a framework for the Australian government to back Australian companies to meet Australian security needs and create jobs for other Australians in the process. In the midst of a global pandemic and a national recession, this is just what the doctor ordered. Australia's changing strategic circumstances could be an opportunity as well as a challenge for Australia. If the government has the vision and foresight to lead this change, we can develop world-leading cybersecurity capabilities right here in Australia. We should grasp these opportunities and address the challenges that we're facing on the global stage.

See this speech in context