The AUKUS-focused Australian Defence Force (ADF) risks inheriting unmanaged cyber security vulnerabilities unless it engages with skilful Australian innovators whose capabilities are routinely overlooked in favour of “big foreign primes”, a new report has warned.

As Australian policy is increasingly shaped by AUKUS and similar partnerships with Japan, South Korea, Pacific island nations and European giants, those massive contractors – global defence giants such as Lockheed Martin, BAE Systems, and Thales Group – will extend their dominance of Australia’s military spend.

Yet for all the innovation that Australian firms have, the new report, entitled Developing Australia’s Defence Industrial Base, warns, the skew towards overseas giants – who routinely beat out smaller local innovators for major supply deals – risks excluding local innovators or relegating them to passengers as Australia, the UK and US work to plan and implement Pillar 2 of the AUKUS arrangement.

“Two years on from AUKUS’s birth, Phase 2 remains three government bureaucracies designing solutions for companies that they are not engaging with,” it argues.

“Australia is intended to be a technology and capability contributor to AUKUS, not simply a price and technology taker.”

Yet selection bias has created image problems for Australian firms that are often dismissed as being small and medium enterprises (SMEs), the new report – jointly developed by Australian defence and space innovators NIOA Group, Gilmour Space Technologies, Austal, Macquarie Technology Group, and the Australian Industry & Defence Network – notes, arguing that the correct terminology should be ‘medium and small enterprises’ (MSEs) because Australian innovators are far more capable than they are given credit for.

“There is some world-leading technology resident in Australian medium and small companies that should be brought into the AUKUS conversation,” the report notes, arguing that “the term SME gives rise to a misperception that Australian defence industry is comprised primarily of many small companies.”

“That underestimates the size, scale, and capability of our industry base.”

The ADF must actively work to bolster Australian industry, the report argues, by reducing barriers to entry and funding a “radical lift” in investment that should pump $1 billion annually into local innovators that already “operate with high levels of sophistication in many different sectors.”

Inheriting too many risks?

Overreliance on overseas providers risks more than just industry growth, however: with countries such as China, North Korea and Russia actively researching and probing strategic US military systems, the report warns that Australia risks becoming collateral damage if rival nation-states attack those systems – or supporting information infrastructure such as cloud computing platforms and cryptocurrency systems – during times of conflict.

A new report from Recorded Future’s Insikt Group, for example, found that North Korean cyber criminals, in particular, have stolen more than $4.5 billion ($US3 billion) in cryptocurrency since 2017 – including nearly half of all cryptocurrency stolen last year, much of which funds the country’s own military.

Nation-state cyber criminals are also actively working to identify and exploit vulnerabilities in critical infrastructure systems – creating new risks for Australia from what the report calls ‘needle-sharing’ – the increasing standardisation of key defence capabilities across a range of countries.

By committing to buy and deploy foreign-made technologies and services, the report warns that Australia also inherits their intrinsic risks – including potential cyber security vulnerabilities and technological weaknesses in code that Australia can’t see and doesn’t control.

If these systems are attacked during overseas conflicts, foreign suppliers will be forced to focus on supporting their own governments’ work – leaving Australia exposed and the government reliant on domestic firms that, the report argues, need to be engaged and supported much more proactively than even initiatives such as the new Buy Australia Plan will enable.

A recent Australian Strategic Policy Institute analysis showed that while China dominates most AUKUS-related capabilities, Australia has retained significant capabilities in areas including protective cyber security technologies, adversarial AI, advanced robotics, sonar and acoustic sensors, autonomous systems operation technology, drones, machine learning, advanced data analytics, and quantum computing.

And while our ability to develop domestic alternatives is limited – Australian firms are unlikely to develop “exquisite and expensive” systems such as F-35 fighter jets, Aegis combat systems, nuclear submarines and massive cloud computing services like Microsoft Azure – the report notes that “we can work on security and other protective measures to reduce the risk of system or weapon compromise.”

Coming amidst ADF navel-gazing and a Defence Strategic Review that earlier this year found the ADF is “not fit for purpose”, the report – whose eight recommendations include the formation of a formal defence and industry Government Australian Defence Industry Steering Council – warns that “for too long, Defence has driven industry policy in isolation from its commercial partners.”

“Too much defence industry policy has been made in Australia for defence industry and not with defence industry.

“That must change.”