Australia’s deal with the US and UK (AUKUS) to buy and build a fleet of nuclear submarines is a “fantastic opportunity” for the local cyber security sector but may cause a squeeze on an already tight skills market, according to a defence and security expert.
The tripartite agreement is estimated to cost in the realm of $368 billion over the coming decades and will be a boon for defence suppliers across the supply chain as early as this year when ground is broken on new South Australian shipyards.
But the ability to securely share information between international parties – especially when nuclear technology is involved – will be a significant challenge as AUKUS develops, according to Tony Howell, Global Chief Architect of Defence and Intelligence with cyber firm archTIS.
Howell has had two decades of experience as a consultant and contractor for the Australian Public Service and he sees skills shortages as a “significant block” for getting the AUKUS project up and running.
“We know this was one of the big challenges with the previous submarine deal in terms of being to share sensitive information with the French and vice versa,” he told Information Age.
“Ultimately, a lot of this comes to cyber hygiene and being able to actually establish trustworthy platforms to host information.
“Imagine you’ve got a company that makes really excellent pumps, pumps that could serve a specific purpose on these submarines.
“That company probably hasn’t been set up to implement the type of information security required for the contract.”
On the one hand, this problem creates an opportunity for local firms who specialise in exactly the kind of security processes needed to work in defence supply chains.
But it also comes at a cost to businesses – potentially giving a competitive advantage to multinationals that can afford to play in this space – and to an Australian cyber security sector that is already struggling to keep up with demand.
“Even if your pump company just wanted to set up a Microsoft 365 implementation to meet defence requirements, you’re talking about a significant cost,” Howell said.
“That’s the setup of the environment, with the expertise of how to secure and harden it, and then paying for the accreditation on top of that to say it meets those requirements.”
Cyber security expertise is regularly featured among Australia’s most-needed technical skillsets, even if employers can at times be reticent to hire emerging professionals in the field.
AustCyber has warned the country is at risk of falling behind its needed number of cyber security professionals and is facing a shortfall of at least 3,000 workers by 2026.
Lack of cyber could slow AUKUS
Howell suggested the lack of cyber security professionals could have downstream ramifications for the construction of Australia’s nuclear submarines.
“My experience is that its primary impact is speed of delivery,” he told Information Age.
“A lack of cyber security professionals slows everything down because everyone is obviously quite hesitant to take risk and cyber security professionals provide a way to quantify and manage that risk.”
AustCyber said in its November report the shortfall was exacerbated by migration backlogs which triggered reform work that is still underway.
Yet even with an estimated 2,400 skilled cyber security migrants expected to arrive over the next few years, the nature of defence sector contracts sees the US International Traffic in Arms Regulations (ITAR) become a barrier for citizens who migrated from certain listed countries.
As the ABC noted late last week, defence contractors have previously been granted exemptions to anti-discrimination laws allowing them to refuse staff based on their country of birth, including an Iranian-born software engineer.
Howell said he expects some of the ITAR rules to change as the agreement matures because of the “uniqueness” of the situation, though not necessarily the restrictions on who can interact with controlled data.
“We’ve got provision of a nuclear-powered capability to a non-nuclear nation which is something that’s never really been done before,” he said.
“This is going to make the rules dynamic. They’re going to change pretty quickly and I think they’ll change for a period of time until they settle down into a state where everyone’s comfortable with how this is being done.”
Universities have already responded to the opportunities afforded by AUKUS with Flinders University in South Australia signing agreements with two universities in the US and UK to lean on their nuclear education specialisations.
