The 2016 Defence Whitepaper from the Australian government is now available online. It discusses a broad range of defence topics, of which cyber defence is just one. Computer-based attacks are identified as threats to entities in both the public and the private sector.
Presumably the increase in defence spending (2% of Australia’s GDP by 2021) will cover improvements in countering and responding to cyber threats too.
But the whitepaper does not offer information about which improvements or how they will be implemented.
Is this because the government has yet to make these plans, or is this non-information a smart strategy in its own right?
Critics of the whitepaper such as the ACCS (Australian Centre for Cyber Security) point to a lack of information on the approach to be taken to combat cyber attacks, the absence of a plan to increase cyber skills, and the silence about how the country might handle a sustained attack.
However, in a document of 191 pages that covers the whole defence spectrum, from submarines to space, more extensive plans might need to be presented elsewhere.
Australian prime minister Malcolm Turnbull is quoted as saying about cyber defence that “It’s an area where you need to have the smartest people that you can employ using the latest technologies.” And maybe after all, that is the plan.
While it may make sense to identify major risks and attack vectors (the whitepaper stops short of this), it might not be a good idea to lay out all the details of precautions to be taken.
Neither is it reasonable to expect that the risks and threats will remain fixed. Solutions and the approaches of the people who define them will need to remain flexible and adaptable.
There is already one measure however that will indicate how well the government is doing on cyber defence, and that is the rate of employment and training of new cyber defenders. Without enough of these people, any strategy risks failure anyway