Australia’s mandatory breach disclosure legislation has leapfrogged that in other countries and reflects the government’s world-beating cybersecurity posture, Cisco Systems’ most senior security executive has advised while warning that Australian security innovators must not be afraid to “go for it” to help the country dominate the region’s cybersecurity agenda.
That agenda was rapidly taking shape and Australia’s top-down commitment – backed by real funding – was a demonstration that the country had what it takes to dominate the region’s development, John Stewart, head of Cisco’s Security and Trust Organization, told the audience during a panel discussion on the Security Innovation Day at the company’s Cisco Live! conference in Melbourne this month.
Stewart, who is a regular visitor to Australia and other countries, said the Commonwealth government’s decision to link its cybersecurity agenda to other stimulus programs was unique in the world and reflected “actually taking it very, very seriously up at the top. You tied [cybersecurity] to economics and innovation simultaneously, and I have not seen any country do those at the same time except Australia.”
“You’ve essentially said the economic agenda of the country downrange has got to be services led, and IT led,” he continued. “You’ve said ‘cyber is going to play a very critical role in this, so we’re going to put a name post in this spot and put money behind it to deliver’.”
Yet despite its promise, many Australian companies were still struggling to shift to a more front-footed mindset: the general perception was that Australian innovators need to be successful overseas before they will be seriously looked at by many Australian businesses.
Craig Davies, the recently appointed head of the Australian Cyber Security Growth Network (ACSGN), calls this the ‘boomerang strategy’ and noted that such movements were often part of an effort by 3-to-5-person security startups to scale to achieve critical mass.
“At the moment, if an Australian firm decides that it wants to give the US market a go, they need to literally pack up shop and go,” he told the panel. “This is great for them but terrible for us, because we lose any economic benefit from them being over there.”
“We need to feel good about models and organisations that can have a degree of resilience built into them, that let them experiment and move back and forth between markets. In Silicon Valley the most important thing you hear is ‘fail fast’ because you rapidly iterate – but Australian companies don’t get that critical feedback. So they plod along for a long time, and when they fail, it is catastrophic.”
Davies, who joined the fledgling ACSGN at the beginning of this year and last month led an Austrade delegation including Brisbane-based FunCaptcha and 25 other Australian cybersecurity startups to the RSA conference in Australia, is no stranger to the startup culture, having worked for years at Australian success story Atlassian.
“We need to make it OK to try things,” he said. “I came from an environment where we would experiment on everything, and I’m trying to bring that mindset into the ACSGN. We need to measure success and how we can quickly find out whether something is working.”
Large overseas companies were setting the pace in turning this around, with significant Australian investments in capabilities development from the likes of IBM and Cisco reflecting growing confidence in Australia’s potential leadership role.
Yet several persistent factors were compromising the efficacy of cybersecurity innovators’ efforts – including local businesses’ frequent reluctance to even consider locally-developed solutions.
“It’s good for us to sit there and say in a strategy that Australia has to grow its own capability, but are we buying it ourselves?” said Alastair MacGibbon, who as cyber security special adviser to the prime minister is anchoring another of the government’s prime cybersecurity initiatives and also believes the industry and government need to work together to cement Australia’s leadership role in the space.
“For me, that means talking to the CISOs and CIOs of major Commonwealth organisations and companies to say ‘you’ve got to be trialling this stuff at least’. You deal with companies all the time that are really impressive, that sell into the defence and intelligence agencies of other countries.”
If Davies and MacGibbon are approaching the industry-development problem from a government-led perspective, Data61 CEO Adrian Turner is heading the effort from an R&D angle – and he was pulling no punches in his assessment of the biggest issues preventing Australia’s innovators from greater success.
“The thing holding us back right now is entrepreneurship,” he said. “It’s as simple as that. When this group [of entrepreneurs] self selects, we need a support infrastructure around them to really help them grow and develop. A really good entrepreneur is going to do everything they can within the bounds of the law to stack the odds in favour of success.”
Breaking through these cultural barriers remained a significant challenge for Australian companies but was going to be critical to moving the industry forward, Stewart said while noting that “it doesn’t matter” where companies are headquartered “so why not headquarter it down here?”
“The thing I can’t figure out is why Australia aren’t just willing to go for it right now,” he said. “It just baffles me. You have the capacity to be a really influential country in this region in a really unique way that no other Western country can influence. Australia should take a great deal of pride in this.”