Gary Blair CEO and Executive Director
Corporate Partners
Accelerating your career by leveraging opportunities in Australian cyber security research and post grad education Gary Blair, CEO and Executive Director Australian Cyber Security Research Institute AISA Sydney Chapter 17 March 2016
Corporate Partners
Cyber is increasing in value in national security, economic, social and environmental terms •
No longer relevant to talk about a separate digital economy - digital technologies and services now firmly embedded across all industry sectors
•
In the 2014 financial year, digital technologies and services contributed $79 billion or 5.1% to Australia’s GDP
•
By 2020 digital’s contribution could be worth as much as $139 billion or 7.3% of GDP
•
Currently, some 451,000 ICT specialists are employed in Australia making up around 4% of the workforce
•
Using OECD’s broader definition of ICT workers, they now number about 2.5 million and make up 22% of Australia’s workforce
Source: The Connected Continent II: How digital technology is transforming the Australian economy, Deloitte Access Economics, 2015
Corporate Partners
Cyber security – one of nine national science and research priorities as defined by the Commonwealth Science Council and endorsed by the government in May 2015 Cyber security is a cross-cutting concern … 1. 2. 3. 4. 5. 6. 7. 8. 9.
Food* Soil and water* Transport* Cyber security Energy* Resources* Advanced manufacturing* Environmental change* Health*
* = Dependency on cyber security
Corporate Partners
Priority 4. Cyber security Departments and agencies should give priority to research that will lead to: •
highly-secure and resilient communications and data acquisition, storage, retention and analysis for government, defence, business, transport systems, emergency and health services
•
secure, trustworthy and fault-tolerant technologies for software applications, mobile devices, cloud computing and critical infrastructure
•
new technologies and approaches to support the nation’s cybersecurity: discovery and understanding of vulnerabilities, threats and their impacts, enabling improved risk-based decision making, resilience and effective responses to cyber intrusions and attacks
•
understanding the scale of the cyber security challenge for Australia, including the social factors informing individual, organisational, and national attitudes towards cyber security Corporate Partners
Cyber Security Growth Centre – announced in December 2015 Innovation Statement
Corporate Partners
2016 Defence White Paper and Defence Industry Policy Statement •
Outlines a new approach to defence innovation, including four key initiatives: – Next Generation Technologies Fund—around $730 million (over the decade to FY 2025–26) will be invested in strategic next generation technologies that have the potential to deliver game-changing capabilities – Defence Innovation Hub—around $640 million (over the decade to FY 2025–26) will be invested in a new virtual Defence Innovation Hub to enable industry and Defence to undertake collaborative innovation activities throughout the Defence capability life cycle from initial concept, through prototyping and testing to introduction into service – Defence Innovation Portal—as part of the Centre for Defence Industry Capability (CDIC), the Portal will facilitate engagement between Defence and innovation activities across Australia – Changed culture and processes—Defence will change its culture and business processes to systematically remove barriers to innovation
•
Also 1,700 new intelligence, space and cyber security positions - 900 in ADF and 800 in APS
Corporate Partners
Cyber security research challenges in Australia •
Lack of public cyber security research funding (until recent times)
•
Declining R&D investment in Australia by ICT multinationals
•
Australian cyber security industry lacks critical mass
•
Australian academic research in cyber security: – generally of a high standard but limited in quantity – has contributed little in terms of intellectual property as measured by patent applications and grants
•
Australian involvement in international academic collaboration in cyber security has been limited – there are notable exceptions: – European FP7 Program – UK’s Cyber Security Capacity Building Centre at Oxford University – Strategy and Statecraft in Cyberspace Program led by ANU’s National Security College
•
Cyber security – still (incorrectly) regarded as essentially only a STEM issue – requires broader research collaboration across the humanities, social and political sciences as well as engineering and computer science
Corporate Partners
Industry and academic collaboration in Australia in perspective
Source: OECD, based o n E urostat (CIS-2010) a nd national d ata sources, June 2 013
Corporate Partners
Corporate Partners
Corporate Partners
Source: http://www.oecd.org/sti/rds
A diversion into research alternatives – cyber security requires all What is Transdisciplinary Research? Transdisciplinary research is, essentially, team science. In a transdisciplinary research endeavour, scientists contribute their unique expertise but work entirely outside their own discipline. They strive to understand the complexities of the whole project, rather than one part of it. Transdisciplinary research allows investigators to transcend their own disciplines to inform one another’s work, capture complexity, and create new intellectual spaces.
What’s the difference? Transdisciplinary Research
Multidisciplinary Research
Interdisciplinary Research
Collaboration in which exchanging information, altering discipline-specific approaches, sharing resources and integrating disciplines achieves a common scientific goal (Rosenfield 1992).
Researchers from a variety of disciplines work together at some point during a project, but have separate questions, separate conclusions, and disseminate in different journals.
Researchers interact with the goal of transferring knowledge from one discipline to another. Allows researchers to inform each other’s work and compare individual findings.
Source: Washington University S chool o f Medicine in S t. L ouis Corporate Partners
An example of transdisciplinary cyber security research in practice
Corporate Partners
Now turning to Australia’s cyber security marketplace A critical assessment based on the Cybersecurity Capability Maturity Model* D5-3: Cyber Security Marketplace Categories
Start-up
Formative
Established
Strategic
Dynamic
Cyber s ecurity technologies
Few or no cyber security technologies are produced domestically, international offerings may be r estricted or sold at a premium.
Security technology and processes in government and private s ector are available and deployed.
Information technology c ontrol systems are c reated and managed.
Cyber s ecurity technologies, including s oftware, abide by s ecure coding guidelines, best practices and adhere to internationally accepted s tandards.
Security features in software are continuously updated as r equired.
The domestic market may provide generic, non-specialised products;; offerings are not market drive. Security considerations are now embedded in software and infrastructure.
Domestic c yber security products are now being produced by local providers. Technologies are deployed in c ountry to detect and r ecord cyber-incidents including sophisticated attacks. Advanced s ecurity technology and processes in sensitive enterprise networks are deployed to enable information exchange.
Source: Global Cyber S ecurity Capacity B uilding Centre, Oxford Martin S chool https://www.sbs.ox.ac.uk/cybersecurity-capacity/content/gcscc-cyber-security-capability-maturity-model-cmm
Corporate Partners
Security technologies and processes across the government and private s ectors are kept up-to-date, based on s trategic risk assessment. This r isk assessment also informs the application of market incentives toward prioritised products to mitigate identified risks.
Security functions in software and computer s ystem configurations are automated in the development and deployment of security s olutions. National dependence on foreign technologies is increasingly mitigated through enhanced domestic c apacity. Domestic c yber security products are exported to other nations and are considered s uperior products.
Future cyber security research - framework options Framework option
Addresses national science and research priority 4
Support for industry growth centres
Addresses trans- disciplinary nature of cyber security
Independent, physically distributed
No
No
No
Partial
Partial
Yes
Yes
Centre of excellence, single s ite
Collaborative, networked (e.g. UK TIC’s, Catapults, Aust CRC’s)
Corporate Partners
Promotes cyber security research in STEM and non-STEM sciences
Addresses scale requirements of cyber security research and education
Addresses industry collaboration and commerciali- sation
No
No
Partial (random, opportunistic)
No
No
No
Yes (limited)
Yes
Yes
Yes
Yes (at s cale)
The Australian Cyber Security Research Institute •
ACSRI was established Q1, 2015 as a company limited by guarantee
•
Corporate structure and governance based on: – Cooperative Research Centre Programme best practice standards – ASX Corporate Governance Principles and Recommendations
•
Mr David Irvine AO is chairman, other directors are the Hon. Kate Lundy, Dr Darrell Williamson, Mr Brett Biddington AM, Mr Gary Hale, Professor Craig Valli and Mr Gary Blair (CEO)
•
Academic partners - ANU, Deakin and Edith Cowan
•
Founding government partner - CERT Australia
•
Founding industry partner - Cisco Corporate Partners
The Australian Cyber Security Research Institute ACSRI’s goals •
•
•
•
•
Goal 1 To conduct high quality transdisciplinary, multi-institutional research into cyber security that will contribute solutions to threats posed to the social, economic and environmental fabrics of our society and communities Goal 2 To train and mentor the current and next generation of cyber security researchers and professionals Goal 3 To translate the results of research into new or improved policies, products and practices Goal 4 To foster dynamic collaboration and inform Government, Industry and wider Communities about cyber security threats and the solutions to those problems Goal 5 To support and strengthen Australia’s sovereign research capability and capacity
Corporate Partners
Cyber Security CRC 2016 – potential consortium partners
Corporate Partners
Cyber Security CRC 2016 research themes Theme 1: Systems resilience in a rapidly expanding and increasingly hostile cyber domain
Theme 2: Identity, authentication and authorisation in the cyber domain
Theme 3:Political, legal and socio- economic impacts of, and responses to evolving cyber security risks
Cyber security simulation, test and evaluation at scale (a common research platform across all three research themes), using a variety of tools: • Complex systems theory and agent based modelling • Federated cyber range
Corporate Partners
Measuring the future success of cybersecurity research in Australia ACSRI’s critical success metrics Key input metrics
Key output metrics
•
•
•
• •
Value of cash and in-kind investment in cyber research Creation ( and dollar value) of essential shared research infrastructure such as a planned federated cyber range which we anticipate could be one of the largest ranges in the world Number of Australian research partners across government, academia and industry, including critically, SME’s Number of international partners and strength of relationships
• • • • • •
Corporate Partners
Number and quality of research papers – especially co-sponsored by academia and industry partners Number of postdocs, PhD’s, Masters and Honours graduates embedded across industry sectors Number of patents secured Commercial value of the IP portfolio Size and value of Australia’s cyber s ecurity industry and value of exports Number and impact of evidence-based cyber policy decisions derived from associated cyber research programmes Proportion of Australia’s overall cyber resilience achieved through our own sovereign cyber technologies and services
Discussion on post grad research opportunities in cyber security •
What are the personal barriers and disincentives and how can they be overcome?
•
“Scientists on the job” – bringing cyber security research out of the labs and into the office – or turning offices into labs
•
Employer sponsored post grad research opportunities
•
Opportunities to do both unclassified and classified research (classified available to Australian citizens)
•
Access to unique data sets and test environments at scale
•
Cyber security relevant disciplines
•
Developing T-shaped cyber security professionals – are you T- shaped? Web: www.acsri.org.au Email: g
[email protected]
Corporate Partners