ASPI’s Anthony Bergin, Donald Williams and Rhys de Wilde have released a report arguing that Australia’s national security planning should also include important companies and their supply chains.
The report, titled From Boardroom to Situation Room, draws on the premise that economic security is national security. Although companies are putting a lot of thought into protecting their own assets, their concerns should be shared by national security agencies as well as commercial shareholders.
Yet there is still a ‘void’ between business and Australia’s national security organisations. Neither side is sufficiently aware of the other’s capabilities and limitations, and both are guilty of ‘intentionally or needlessly’ withholding information whilst expecting too much from the other.
To get around this, the report’s authors argue that both sides should adopt a ‘dare to share’ culture, which allows for the relatively free flow of timely information useful to both public and private security personnel.
“A key message of this Strategic Insights paper for national security agencies is that coordinating and cooperating with the private sector on national security may be inconvenient at times, but it’s a lot less inconvenient than being exposed to a range of security threats and challenges unprepared,” the authors argue. “Today, corporate security is national security.”
The report contains an interesting anecdote to illustrate the point. A company called Codan, which manufactures metal detectors, noticed it was receiving faulty detectors for repair that had ‘unfamiliar wiring’. The detectors had been reverse-engineered – the company was the victim of industrial espionage.
ASIO got involved and found out what had happened. A Codan executive was on a business trip to China and logged into hotel Wi-Fi with a company computer. Hackers were able to insert malware that went on to infect Codan’s networks in Australia, steal the IP, build their own detectors and steal significant market share from the company in the lucrative African gold sector. Codan’s overall value dropped from $45 million to $9 million and staff were laid off.
Codan, however, also sold end-to-end encrypted radios used by Australian forces in operational war zones. The link between corporate and national security there is obvious.
“It’s tempting for government to just rely on the cybersecurity systems that companies already have in place, but attacks on business and exploitations of cyber weaknesses greatly affect national security,” the authors state.
“The threats we face don’t recognise the walls that exist between Australian businesses and national security agencies. To safeguard Australia, we need to put more doors in those walls.”