Ransomware shows why we need a bipartisan federal cybersecurity policy
It is no surprise that cybersecurity reform is on the minds of business leaders and government decision-makers. Ransomware headlines such as Solar Winds and Colonial Pipelines show the folly of outdated systems, as private businesses are pitted against (alleged) nation-state attackers. However, these high-profile breaches will pale in comparison to the cyber-threat represented by quantum computing.
As things currently stand, governments worldwide will be left reeling from the chaos that will occur when quantum computing is unleashed as a tool for cyber-attacks. Regarded as the greatest threat in cybersecurity history, quantum computing will render today's classical encryption redundant.
So, here we have an immediate threat (ransomware) and a looming catastrophe (quantum computing). Both call for the same thing: massively increasing cyber-resilience. It's hard to see us actually doing this in the current framework with nobody truly ‘owning' cybersecurity. Getting disparate government agencies and critical infrastructure businesses organised in time seems unlikely. The world has become incredibly connected. Even traditionally siloed systems like CCTV networks or SCADA networks for critical national infrastructure have become cloud services, exposing them to various cyber-attacks.
Today's most sensitive data, such as citizen identities and commercial intellectual property, have a long shelf-life of 10, 20 or 50 years. This demands long-term data protection now for a quantum-safe future. It falls to governments to change this current situation. Unfortunately, no single currently-existing body can secure all these critical and connected systems and look towards keeping them secure in the medium to long term.
We must therefore build that institution. It needs to be government-led and bipartisan, possibly through the Australian Signals Directorate (ASD), but crucially involving industry and our best research institutions.
The federal government can create a robust cybersecurity regulatory environment. It can heighten the enforcement of data security regulations and policies. But it can only be truly effective with a well-resourced bipartisan ministry that is actively collaborating with world-class cybersecurity companies. With that kind of framework in place, we can start working on tomorrow's cybersecurity challenges, as well as catching up on today's.
Make no mistake; the Australian cybersecurity sector is at the forefront of cyber-resilience. We punch well above our weight, with local innovators leading the fight against ransomware. Mass adoption of zero trust strategies by enterprise and government agencies will help propel these ‘prevention' technologies into the mainstream.
And the sleeping giant of quantum computing? Aussie researchers and industry leaders are currently creating quantum-resistant cybersecurity. Our high-speed network data encryption engineers have already assisted global quantum-readiness by providing the University of Waterloo a software engine for evaluating NIST candidate quantum-resistant encryption algorithms.
We have the components sitting here for cyber-resilience. We must combine sovereign Australian capabilities with bipartisan government support so that we can start putting the puzzle together before it's too late.