The Defence Force has become increasingly reliant on digital tools, with new digital systems for military and civilian use increasingly becoming standardised over the last few years.
The Defence Trade Alliance (DTA), a group of organisations that have been working together for years to develop digital security and interoperability standards, released its latest Defence Digital Strategy this week.
It recommends the establishment of a Defence Digital Service, with a role for the Australian Defence Force to provide guidance to the private sector, and the Defence Digital Council (DDC) to provide advice to industry.
The DTA also recommends a national cyber security strategy.
“The Defence Force needs to take responsibility for its own digital security, to develop a digital defence capability that’s secure and secure from cyber threats, and to deliver that capability at a level of professionalism and integrity that’s consistent with its international responsibilities,” said DTA CEO Dr John Frew.
He said the DTA had been working with government to develop an operational strategy for digital security that would be implemented as a part of the Defence Force’s defence industrial strategy.
He also flagged the need for a new national cyber defence strategy, with the DDC to develop guidelines and a national cybersecurity strategy to support the implementation of cyber security policies and programs across the organisation.
“We are looking at a number of options, and we’ve got to work out the best way to go forward,” he said.
“But at the moment the best defence is a strong defence, and a strong Defence is our national security.
We need to do everything possible to ensure that that’s happening.”
He also acknowledged that the DFA’s cyber security and cyber defence processes had become complex, with several areas still under review.
“One of the challenges we have, in our cyber strategy, is that we have to deal with a whole host of issues, including cyber attacks, so that our defences are strong and secure,” he told 7.30.
“And that means making sure that our systems are secure against cyber attacks and cyber intrusion.”
“We need to ensure a high level of integrity of those systems, and there’s no doubt that cyber threats are a reality.
So we have been looking at those issues very carefully and we have a range of proposals in place to deal both with cyber attacks that are happening in the community, as well as cyber intrusion, which is what is happening with the breaches that have occurred over the past few months.”
The DDA also recommended the establishment and implementation of a Cyber Security Authority (CSA) to ensure the organisation was operating in accordance with relevant legislation, regulations and standards.
Cyber security issues “We’ve got the DCA working with the Defence Department on a range to deal in this area, and I think that will be an area of focus for the CSA,” Dr Frew said.
He pointed to a “very important” piece of legislation that would make it mandatory for companies to share information with government about cyber attacks.
The law has not been implemented yet, but a draft law was introduced by the Government in April.
“There’s a lot of things that are being put in place, and it’s important that they’re being enforced, and that information gets shared with the government,” he added.
The CSA will have a role to provide technical advice and support to the CDA.
“What we’re looking at, from the DDA point of view, is a number, and quite a significant, role for CSA, in relation to information sharing with the Government,” Dr Flrew said, adding that there was also a need for “further support for the information sharing process” with the private industry.