The importance of building trust to guarantee Australia’s cyber-secure future

Cisco's Gary Hale.

Opinion | The increasing digitisation of the Australian economy promises exponential economic growth opportunities and societal advances for our nations, with investments like the NBN dramatically enhancing our working environment and living standards.

To maximise the opportunity these investments and initiatives offer, Australia must become cyber enabled, which means cementing cyber security as a national priority.

Australia’s federal government understands the necessity of establishing a robust national cyber security strategy; that includes a review of our current practices.

By contributing significantly to the team that delivered Cisco’s eight recommendations to the Australian Government, through our requested participation in the Prime Minister & Cabinet’s Cyber Security Review, it was demonstrably clear that building and maintaining trust at multiple levels is critical in winning the arms race against cyber attackers, whilst promoting cyber security as a national priority.

As we look forward five to 10 years, there are four trends we will see that define the need for trust:

• The exponential addition of new internet connected devices, through the Internet of Things (IoT)/Internet of Everything (IoE), will increase the risk of cyber security incidents.
• The focus on the resiliency of information technology (IT) services and infrastructure, including the recovery to/from cyber security incidents, incorporating analytics and intelligence in detecting anomalous behaviour will increase.
• The cost and complexity of managing disparate cyber security systems will increase the urgency for consolidation, automation, simplification and multivendor interworking of security systems.
• ‘Machine-speed’ systems and ‘real-time’ decision-making will explode, becoming an integrated element of any future cyber security service or solution.

Enhancing trust across national, multinational, corporation and citizen boundaries will be a key element to addressing any trends or issues.

Common policy and legislation, real-time information sharing, national scale cyber resilience, consistent behaviours by governments, improved attribution due to IPv6, and prosecution of cyber adversaries will be crucial to supporting greater trust.

Preventing the erosion of trust

The future landscape will be heavily influenced on whether trust is sustained or diminished in the Internet and growth of IoT/IoE, with the leaking of government and intelligence documents against governments leading to a breakdown in trust between nations.

This occurs through the detailing of espionage activities by technology companies, which weaken relationships, result in mistrust in technology and challenge the integrity of these companies.

We are informed daily by the media about new security breaches, with the constant erosion of trust having serious implications for the digital economy and the free flow of goods, data, and services across borders. This raises several questions as to whether national regulations are designed to protect our privacy or control digital trade and cross-border data flows.

The importance of trust in a digitised economy

To build and maintain trust, strategies and incentives must be enacted that encourage multi-sector intelligence sharing, in addition to the establishments of bilateral and multilateral frameworks; at regional, national and international levels. This will also require greater co-operation between governments and the private sector.

Equally as vital, there must be support for machine-speed solutions guided by underlying principles, which include: bidirectional and voluntary information sharing, increasing trust and compliance with other regulations. It is crucial that this system offers privacy protection, data protection and corporate reporting compliance.

For initiatives of this nature to successfully safeguard our cyber future, collaboration is fundamental from all tiers of government to the everyday citizen.

At Cisco our focus is based on having the people, processes and technology to ensure the security and trustworthiness of the products and services we produce.

These elements must be enabled by transparency to customers, which afford explicit and verifiable trust. Additionally, they must be holistic and cover the entire lifecycle from development, manufacturing, delivery, through to operation and end of life.

Companies also have the responsibility of securing their customers’ data in a custodial way, whilst protecting themselves with robust mechanisms. This includes providing prompt and customer centric responses when adverse situations arise, to ensure accountability and learnings are absorbed.

These critical components must be included with any approach to ensure the existence of security and trust, with transparency and validity crucial in establishing implicit and explicit trust with our customers.

Therefore, for Australia to create and maintain confidence in our government and industries, in addition to the technology partners we choose, establishing and enacting security and trust measures are crucial as we transition to a digitally-powered and cyber-enabled economy.