June 13, 2023
Good evening and thankyou for hosting me here at this Meet the Chiefs event.
I’d like to acknowledge my colleague and close collaboration partner, Andrew Wallace, who leads the Coalition members on the PJCIS as our Deputy Chair. He may argue herding of stray cats is a more accurate description, but I’m grateful for his service and friendship.
I am pleased to bespeaking tonight about the challenges and opportunities Australia faces as we navigate the most perilous strategic circumstances we have faced since the Second World War.
First, the challenges.
Cyber and critical technology risks
You will all be familiar now with ASIO’s assessment that the threat of espionage and foreign interference our principal security concern.
Director-General Mike Burgess has warned us that this threat is greater today than it has been at anytime in our history, including the height of the Cold War.
The Australian Signals Directorate is constantly warding off cyber-attacks on our government networks and critical infrastructure operators.
Just last month, they joined Five Eyes partners in calling out a Chinese state-backed hacking group for a stealth surveillance campaign responsible for a series of attacks on US critical infrastructure.
We can safely assume that if US infrastructure was being attacked, it is also happening here in Australia.
This is the backdrop against which I have been relentlessly pressuring the Albanese Government to rid our departments and agencies of high-risk authoritarian technologies that, in aggregate, present a systemic threat to our national security.
These technologies have so far included the social media app TikTok, surveillance cameras manufactured by Dahua and HikVision, and drones manufactured by DJI – riddle Commonwealth Departments and Agencies.
They are all produced by ostensibly ‘private’ companies based in China, but in reality, are functionally arms of the Chinese state which are subject to the extra judicial direction of the Chinese Communist Party.
As a consequence, any one of these products could easily be weaponised to conduct cyber disruptions, surveillance, and large-scale foreign interference.
If the worst eventuates and we witness a regional conflict at some point in the future, we will lookback with regret that we had not acted to address these vulnerabilities sooner.
We need to seize the initiative in times of relative stability to purge our systems of potential back doors that foreign adversaries could use to infiltrate or disrupt our systems.
We have already made good progress to this end.
Earlier this year, the Government finally took the decision to ban TikTok from government-issued devices.
They have also committed to removing more than 1,000 cameras made by Hikvision and Dahua from Commonwealth sites, 435 of which were located on Defence sites.
Many agencies – including the Australian Border Force and Defence – have grounded their fleet of hundreds of drones made by DJI.
But all these actions only came after I called on the Government to address these vulnerabilities, after I had revealed them through a series of audits conducted via questions on notice, and after our allies had already done so.
This is not a robust or sustainable approach to addressing issues that are core to our national security.
Earlier this month, I called on the Government to take a more proactive approach to mitigating the cyber security risks posed by vendors headquartered in authoritarian countries.
We need to move beyond the whack-a-mole approach towards something more systemic and forward-leaning.
Specifically, I recommended the Government establish a new office within the Department of Home Affairs to assess the security risks presented by software and hardware used by the Commonwealth Government.
This Office would map and remove problematic technology already embedded in government systems, while also assessing emerging technologies before they are deployed to ensure appropriate mitigations are in place.
Coincidentally, a week after I suggested the Australian Government establish this construct, the UK Government tabled amendments to a Procurement Bill currently before Parliament which would establish a National Security Unit for Procurement in the UK Cabinet Office.
This UK government Procurement Office would investigate suppliers who may pose a risk to national security, and assess whether companies should be barred from public procurements.
This process would inevitably reveal structural vulnerabilities created by untrusted vendors that need remedying.
The reason I am sharing this idea with this forum is because I want to see Australian vendors filling these gaps.
There is a real opportunity for business of all sizes – startups, small and medium enterprises, and large businesses – to position themselves as preferred suppliers of technology and software both in Australia and offshore.
Businesses can do this by leveraging trust and transparency as areas of competitive advantage compared to suppliers offshore, which may be cheaper but present more risks due to opaque supply chains and the risk of being compelled by authoritarian governments whose interests are inimical to Australia’s.
And if you are a critical infrastructure provider, or a defence contractor hoping to win more work, my advice to you is you should be already conducting your own audits of your exposure to these high-risk authoritarian technologies.
Because while you are not yet required under the Security of Critical Infrastructure Act or the Defence Industry Security Program to remove or mitigate the risks posed by TikTok, Hikvision, Dahua or DJI, my view is that you should be.
If it is not safe to have these technologies in government departments because of the espionage risk they represent, it’s hard to see why they should be permitted on a system of national significance or an AUKUS supplier.
The government clearly has the regulatory power to act – and I hope the Albanese Government does so swiftly.
AUKUS Pillar 2
Now, the opportunities.
The recently released Defence Strategic Review tells us the ten-year warning time for conflict in our region no longer exists, which “necessitates an urgent call to action, including higher levels of military preparedness and accelerated capability development.”
The DSR also acknowledges that, “as a consequence of the risk that Australia now faces, our nation and its leaders must take a much more whole-of-government and whole-of-nation approach to security.”
The Coalition Government recognised this in 2021, when the AUKUS trilateral security pact was established with two of our closest allies to protect our shared values and promote security and prosperity in the Indo-Pacific.
This agreement recognised the need for us to collectively share and accelerate the development of game changing technological capabilities, and simultaneously confront how we will defend against these same technologies under a new conflict paradigm.
The first pillar of AUKUS will provide Australia with a conventionally armed, nuclear-powered submarine capability, and I welcome the path forward announced at the Joint Leaders Summit earlier this year.
The second pillar of AUKUS relates to lines of effort to further develop a number of other advanced capabilities, and includes quantum, advanced cyber, AI, hypersonics, electronic warfare, and advanced undersea technologies.
We have heard less about the progress being made under this pillar, in part because of the highly sensitive nature of these capabilities.
But this is not the full story.
In the last 18 months I have visited the United States five times. AUKUS was an element of each trip.
On those visits I met with intelligence agencies, members of congress, the Administration, defence industry, think tanks and academics.
It was clear from these conversations that the successful delivery of AUKUS depends on removing the regulatory barriers that currently stand in the way of seamlessly sharing information and technology between the three partners.
I became increasingly concerned on each trip about our progress towards that goal.
While the submarines are big enough to generate their own momentum, I am worried that Pillar 2 simply won’t get off the ground if we don’t get our act together on regulatory reform.
It was also clear that the Australian Government needs to be more proactive in its advocacy with the US Government to remove these barriers and maintain momentum on the delivery of additional capabilities under AUKUS beyond the most immediate priority of nuclear submarines.
There are three key issues to overcome to achieve this.
First, we need a specific ask. Washington D.C. is a competitive town. There are lots of people who come there from all over the US and the world with problems.
The ones who leave successfully having resolved their issues are those that also turn up with a solution.
Right now, we do not have a publicly articulated solution we are asking Congress and the Administration to move forward with.
Perhaps there is a secret plan. But if it stays secret forever it is not going to break through the bureaucratic barriers, we all know are holding up progress.
Second, as a result of this, there is no consensus in the US system about how to resolve this. Some voices in Washington favour a regulatory approach through Executive Orders issued by the President.
Others think only legislative reform will fix it. Encouragingly, there are already two bills before Congress, including the imaginatively titled TORPEDO Act from the Republican minority on the Senate Foreign Relations Committee.
But draft bills like these only progress when consensus forms around them, and in a divided government, across the aisle too.
We need to take the lead on helping to forge that consensus.
Third, while we hope that all the technologies under Pillar 2 will bear fruit over time, some fields are more advanced than others. And some will have more impact than others.
As much as we can do so publicly, we should identify which technologies we are prioritising for quick wins.
We need these to demonstrate progress and maintain momentum.
We also need them to test whether the new AUKUS regulatory architecture is fit for purpose, hopefully long before the big-ticket items like a nuclear submarine is ever forced to navigate what our own Embassy officials are calling a “permafrost” of bureaucracy.
Why it matters
Why is this important? There is no room for complacency on these issues if Australia and its allies are to come out ahead in the contest to secure next generation of defining technologies.
Last week the Australian Strategic Policy Institute released an update to its Critical Technology Tracker to capture 23 technologies that will likely be integral to achieving technological advantage under AUKUS Pillar 2.
It ranks the top 10countries for each technology according to their proportion of high-impact research output to determine who has competitive advantage.
A quick scan of the results reveals we have a lot of ground to make up.
The ASPI report states, “China is leading in high-impact research in 20 of the 23 technologies and has a commanding lead in hypersonics, electronic warfare and in key undersea capabilities. But in other key technologies such as autonomous systems operation technology, advanced robotics, adversarial AI-reverse engineering, protective cyber and quantum sensors, the collective strength of the AUKUS countries shifts this picture, and they take the global lead.”
While China’s technological advantage is disconcerting, it also affords Australian industry with a truly transformative opportunity to be a part of the race to regain the lead.
AUKUS represents a tectonic shift in what sovereign access means for Australia, but it is also ground-breaking because of the access it provides Australian vendors to the markets of our closest allies.
The Australian Government and industry need to work closely together to position Australian suppliers at the forefront of new technology partnerships.
The ASPI tracker reveals we are already punching above our weight in areas such as protective cybersecurity, adversarial AI, advanced data analytics, and autonomous systems operation technology.
Conclusion
The current strategic environment should serve as a call to action to government and industry to double down on these efforts and work together to position Australia as a global leader for cutting edge technologies over the coming decades.
Failure is not an option. Not only will that jeopardise the liberal democracy we hope to hand over to our children and grandchildren, it also sells short our incredible talent and capability and will see Australia lose out to larger incumbent international players.
Conversely, if we get this right, we can position Australia as a world leader in more ways than one, and reap outsized economic rewards that go far beyond national security applications as Australia becomes the partner of choice in a new era of technological advancement.
Thank you for hosting me here tonight, and I look forward to discussing these ideas with you in further detail.
