The new head of one of Australia’s top cybersecurity research bodies is ready for cyber attacks from all angles.
The Australian National University has appointed Dr Lesley Seebeck as the CEO of its Cyber Institute, which was established to conduct research in cybersecurity and innovation.
The institute’s interdisciplinary approach will draw on not just science and engineering, but also encompass human, economic, and societal behaviours and systems from the public and private sectors, as well as internationally.
“What I’d like to build is the means of looking at and understanding cyber that does not focus simply on the threats, but identifies and creates opportunities,” Seebeck said.
“Cyber is 80 per cent about people, and we cannot divorce technology and its construction from humans.”
Seebeck said the greatest challenge for Australia’s cybersecurity is building the understanding, frameworks, skills and tools.
Another challenge includes working on structural divisions between the Commonwealth, state and local governments, and between government, industry and civil society.
“We need to understand that we each, at each level and in each sector, have responsibilities and that we cannot simply rely on someone else to do all the heavy lifting,” she said.
“We cannot rely simply on the Federal Government — taxpayers — to bear the full burden.”
Aftermath of an attack
Seebeck spent three years as head of the Bureau of Meteorology, leading the response to a 2015 cyber intrusion where a foreign power installed malware on the organisation’s computer system. Some of the key lessons she learnt from the experience included stepping up and owning it.
“You may not be thanked for it, at least in the short term when people are trying to deal with the shock, but there is nothing to be gained from denial or trying to minimise what it means for your people and your organisation,” she said.
She also highlights the need to seek help, as there are few, if any, organisations that have the necessary expertise internally to deal with these issues.
Seebeck said it’s also key to know what needs to be protected and prioritising, as well as not forgetting about the people.
Building a digital society
Compared to five years ago, Seebeck said the cybersecurity situation has improved. But because the problem has been co-evolving and digital systems are increasingly embedded in our lives, she said it can be easy to fall behind.
Like the United States, which has been hit by numerous hacking attempts, Australia has had its fair share of international hacking.
For example, in April 2018, then Defence Minister Marise Payne revealed up to 400 Australian businesses might have been targeted in suspected Russian state-sponsored attacks.
Over the next couple of years, Seebeck wants to see an operational concept of cybersecurity that protects and strengthens the liberal democratic norms and freedoms of society and a free market economy.
“In our everyday lives and our work, how we interact increasingly is through data, software and the infrastructure,” Seebeck said.
“We cannot have a functioning digital society and economy — one that is sympathetic to our human nature, that supports our aspirations, that assures Australia of its place in the world — without ensuring both are also resilient.
“Good security and system design — social and technology — are integral to that.”
This article originally appeared as “Threat status” in the February 2019 issue of create magazine.