Defence lacks the “skills, capabilities or innovations required to fight and win in a networked domain” where threats posed by offensive cyber are increasing, the Australian arm of US vendor SoftIron says.
In a submission to an inquiry into Defence industry capability, SoftIron said the emergence of offensive cyber, together with other “disruptive new technologies”, had “upended… strategic certainties of the past” or “changed the nature of conflict itself.”
“Just as the advent of the missile age eliminated Australia’s natural geographic advantage, so too has the development of offensive cyber warfare,” the vendor said. [pdf]
“Defence simply does not have the skills, capabilities or innovations required to fight and win in a networked domain.
“At the same time, simply adopting commercial-off-the-shelf (COTS) IT technologies will be insufficient in delivering the levels of protection required.
“Now, more than ever, Defence planners must collaborate with industry.”
SoftIron has an Australian manufacturing operation that is producing high-end data centre hardware – and it unsurprisingly sees a growing need for such hardware in Australia, particularly in a Defence context.
Covert hardware and firmware implants, the vendor said, remain “the vector of choice for malicious state actors for their ability to bypass controls focused on data sovereignty by infecting the platforms on which that data resides.”
“A typical cloud computing rack comprises more than 85,000 component parts,” SoftIron said.
“The supply chain for these components can span dozens of countries, many of which have opaque governance structures and in some cases are actively hostile to Australia’s national interest.
“As the AUKUS agreement matures and information-sharing between the partner countries deepens, SoftIron believes the need for this kind of high-security ICT platform will only increase.”
AUKUS is a pact between the US, UK and Australia, covering nuclear-powered submarines (known as ‘pillar one’) as well as a range of other developments in areas such as cyber security, quantum and AI (known as ‘pillar two’).
“As AUKUS becomes a priority target for foreign espionage services one focus of attack will be the ICT supply chain and infrastructure built from it to deliver pillar one, as well as to circumvent or compromise technologies and projects within pillar two,” SoftIron wrote.
“As the junior partner in the AUKUS partnership Australia is likely to be a net importer of information and capabilities.
“Any breach will be disastrous for the future of the agreement.”
No post-grant visit, audit
SoftIron also used its submission to implore Defence personnel to visit its manufacturing facility in Sydney.
The vendor said the facility was established in part with a $1.5 million sovereign industrial capability grant from Defence, yet had not heard from the department since.
The scheme was meant to “enable Australian small and medium sized enterprises to increase their capacity to support strategically critical Defence capabilities.”
“Since receiving the… grant, SoftIron has received no follow up from Defence. No Defence official has visited the factory or audited the efficacy of the money spent,” the vendor said.
“SoftIron has not had to produce a comprehensive report to Defence or account for its work in any way.
“This, we respectfully submit, constitutes a missed opportunity.”
“By investing in new ventures, but not following up on their development, Defence is not reaping the full benefit from its own investment.”