#65 Securing the Cyberscape Down Under: Australia’s New Cybersecurity Strategy
Sprinting Across The ‘Horizon’s: Australia’s New Cybersecurity Strategy, Exploring The State's Role in Advancing the Path of AI
Today, Anushka Saxena dissects Australia’s new cybersecurity strategy while Bharath Reddy explores state interventions in the AI ecosystem.
Course Advertisement: Admissions for the Jan 2023 cohort of Takshashila’s Graduate Certificate in Public Policy (Technology and Policy) programme are now open! Visit this link to apply.
Sprinting Across The ‘Horizon’s: Australia’s New Cybersecurity Strategy
— Anushka Saxena
**Jade Donney, Counsellor at the Australian High Commission in New Delhi highlighted the key aspects of this strategy in an All Things Policy podcast episode with Anushka Saxena and Bharath Reddy.**
On November 22, 2023, Australia’s Home Affairs Department released an elaborate Cybersecurity Strategy with implementation timelines refreshingly divided across ‘horizons’. The first Horizon, between 2023 and 2025, focuses on “strengthening foundations” by building cyber hygiene amongst vulnerable citizens and businesses. The second Horizon, between 2026 and 2023, focuses on building “cyber maturity” across the whole economy, instigating investments in the cyber ecosystem. And, the third Horizon, between 2029-30, aims to “advance the global frontier of cybersecurity,” i.e by shaping Australia into a global leader on emerging and critical technologies.
The agenda items listed in the Strategy are divided across 6 ‘Shields’, focusing on ‘strong businesses and citizens’, ‘safe technology’, ‘world-class threat sharing and blocking’, ‘protected critical infrastructure’, ‘sovereign capabilities’, and ‘resilient region and global leadership’. Under these shields are 20 points of action that first discuss the problems faced by Australia in areas such as data privacy, cross-sector threat intelligence sharing, building resilience against disruptions in telecommunications and financial services, etc. The ambit of challenges acknowledged and mini-strategies developed under the Shields range from the economic and social interests of consumers and businesses to advancing national security interests and safeguarding democratic institutions in the face of sophisticated cyber threats from Artificial Intelligence and threat actors.
Like with any other ambitious policy document, even this one can be asked a simple question with a much more complex answer – “But how do we do all this?” In many ways, this Strategy has answers. Not only does it get down to brass tacks first to ensure the cyber health of grassroots actors like enterprises and consumers, it also assigns timelines to the achievement of this step-by-step process towards holistic cybersecurity. The reasonability of the timelines is another question altogether and one that only time shall unravel. But the fact that this Strategy also adopts a multistakeholder approach upfront and aims to involve actors from every socio-economic level builds up some confidence.
Multistakeholderism is key when acting in a space like cybersecurity, given the highly privatized nature of critical infrastructure in Australia and many other countries – and it’s something India can learn from in its own approach to cybersecurity. The Strategy also does well to alleviate some of the concerns of businesses vis-a-vis reporting of cyber attacks by providing for a “no-fault, no-liability ransomware reporting obligation.” This could encourage businesses to adopt hardline measures for ensuring the safety of their IT infrastructure, while also actively reporting any previously unrecognized threat activity.
In its press release on the Strategy, the Home Affairs Department has also provided for a Consultation Paper to be released soon, and which shall invite comments from industry and academia to strengthen domestic laws and consider amendments to the Security of Critical Infrastructure Act 2018 to strengthen protections for critical infrastructure. This consultation, which shall last up till March 2024, shall create an iterative process that may reap immense benefits for Australia’s cyber posture.
Exploring The State's Role in Advancing the Path of AI
— Bharath Reddy
Globally, companies are investing hundreds of billions of dollars into AI research and development. Is there a need for the State to intervene and play a role in advancing the path of AI? Are there any market failures that private firms would not effectively address? Or is there a case for governments to proactively shape innovation with long-term positive outcomes for humanity?
We look below at the testimony of Caleb Watney, Co-CEO, of the Institute for Progress, before the US House Committee on Science, Space, and Technology with recommendations for what the US federal government should fund in AI and how it should be funded. Here is a summary of the recommendations:
The US federal government has played a vital role in guiding technology development through R&D funding in the past. For example, it has driven progress in clean energy tech, early internet, and genomics.
In AI, though we've seen impressive capabilities, issues like bias and transparency persist as they might not be market priorities. Private companies prioritise commercial applications over understanding model decision-making, and AI labs often emphasise selective benchmarking. To ensure trust and standardised benchmarks, Watney recommends that the public sector must shape AI development in line with public interests. In summary, he recommends the below key areas where federal investment is essential:
Interpretability: We need a better understanding of how advanced AI systems like Large Language Models (LLMs) make decisions, especially as AI is integrated into various sectors like healthcare, finance, and transportation.
Defensive Cybersecurity: AI can change the balance of power in cybersecurity, and there's a need for technologies like "confidential computing" to protect attacks from malicious actors.
Benchmarking and Evaluations: Current benchmarks for AI performance are inadequate, and there's a need for standardised and real-world benchmarks, especially in assessing bias and accuracy.
Privacy-Preserving Machine Learning: As AI uses sensitive data, privacy concerns are rising. Federal investment can advance technologies like differential privacy, homomorphic encryption, federated learning, and model assurance to protect privacy while using AI.
To realise these objectives, he suggests that funders should employ a multifaceted approach, including providing academic researchers with access to computational resources like the National AI Research Resource (NAIRR) and establishing frameworks for AI model sharing.
Other recommendations include collaboration with philanthropies and industry labs on public goods initiatives, involving technical experts in grant reviews, and fostering expertise development in underserved AI research areas. These strategies collectively empower democracies to navigate the dual-use nature of AI effectively and shape the AI landscape in line with national interests.
Government intervention should be prioritised towards addressing issues markets fail to address adequately. But it is interesting to note that these priorities might be different when we look at it from an Indian perspective. Given the increasing entanglement of technology and geopolitics and the market concentration across various stages of the AI supply chain, it is also necessary to look at government intervention from a national interest perspective. Takshashila’s recently published discussion document titled - A Pathway to AI Governance is an attempt at this. Do let us know what you think of this and how we can improve on it in the comments section.
What We're Reading (or Listening to)
[Article] Tech War or Phony War? China’s Response to America’s Controls on Semiconductor Fabrication Equipment, by Douglas Fuller
[Analysis] ‘Plot to kill Pannun’: Why did Nikhil Gupta want to ‘finish the job’ before June 30? , by Nirupama Subramanian