Australia needs to urgently develop a national security cloud, a strategic think thank argues.
If it doesn’t, the nation risks being tied to legacy software that will put it at a major disadvantage against potential adversaries.
The Australian Strategic Policy Institute says the security community is dragging its feet in taking advantage of cloud based ICT and calls for a major investment in cloud infrastructure and services by intelligence agencies.
“Australian national security agencies are years behind the curve on cloud computing,” the report says.
“For agencies that rely on cutting-edge high technology for their capability edge, this is disastrous.
“Unless it’s addressed rapidly and comprehensively, Australia will quite simply be at a major disadvantage against potential adversaries who are using this effective new technology.”
In a report released on May 27 ASPI says budgetary restraints, organisational and cultural obstacles and a national STEM skills deficit are all standing in the way of the national security community moving to cloud infrastructure.
Writing for the ASPI analysis site The Strategist, defence and strategist program director Shoebridge Michael who co-authored the report, says a move to secure cloud infrastructure is needed if Australia’s national security agencies are to remain at first-world capability.
“The overwhelming advantages national security agencies will get from the capabilities provided by a secure cloud infrastructure, compared with traditional computing power allocated to specific agencies and functions within them, are clear,” he writes.
“A high-technology fifth-generation military with the intelligence capabilities it will need, as proposed in the 2016 defence white paper, requires cloud infrastructure to work effectively.”
The report also highlights trust issues, and concerns about the sovereignty of data under a cloud system, as a barrier that needs to be overcome.
Some of those concerns are centred on the risk of data being provided to foreign authorities should it be hosted by international cloud giants like Amazon Web Services, which already has a commercial relationship with the federal government.
But the report says while cloud computing has a “bad name” in national security circles, and is associated with “risk and lack of control”, this mindset has to change.
The government will need to address the issue of data sovereignty, and questions about who has control of that data and the systems on which is held, in a transparent way, the report says.
ASPI also takes aim at the Digital Transformation Agency’s could “non-strategy” and “balkanized approach” to ICT investment decisions.
“The intelligence community needs to make this shift as a community, not as a rag-tag band of loosely coordinated agencies with agency heads making separate risk-based decisions,” it says.
It says the DTA’s cloud strategy needs to be revisited taking into account the federal government’s market power in procuring cloud solutions.
The institute says the Australian Public Service, including the national security community, needs to be able to leverage the full benefits of cloud computing.
To do this, decision making can’t be left to individual agency heads.
Instead, the government needs to take a “coherent and coordinated approach”, with intelligence at its core.
“The government needs to rebuild the capacity to assess and accredit cloud service providers against an Australian Government framework,” it says.
“Delegating this function to diverse agency heads simply disperses and grows the risks, as well as undercutting public-sector cohesion and interoperability.”
Comment below to have your say on this story.
If you have a news story or tip-off, get in touch at firstname.lastname@example.org.
Sign up to the Government News newsletter