Why the government needs to invest heavily in the OAIC

One May 18, Australians will vote on which political party they believe will be shape this country’s future.

But this federal election, more than any other, should also be about securing this country in a new world that has only just begun to expose its ugly side.

Senior execs and board members are finally seeing cybercrime as a serious threat, a problem that is starting to get out of control. In fact, the number of data breaches grew by more than 480 per cent from 2017 to 2018. Australia is now the fifth most breached country in the world with an estimated 20 million records exposed.

It’s no secret I have been a staunch and outspoken critic of the OAIC and its hierarchy for some time and for very good reason. The OAIC’s inability to deliver on its mandate is simply a failed exercise and a wasted resource.

The OAIC was established by the Coalition government to be a watchdog in a sector that required extensive scrutiny and monitoring, where its perceived powers would allow it to enforce a standard of expectation which would guarantee the protection of our data and privacy. That hasn’t happened. As a watchdog, it has proven to be a toothless tiger paralysed by the fear of its own shadow.

Whether it be a re-elected Morrison or a newly elected Shorten government, whoever takes power must be prepared to commit to investing heavily in the OAIC, redefine its powers, strengthen its hierarchy and establish new guidelines of expectations it must adhere to.

The time has come for both parties to look towards securing Australia’s borders beyond the physical, and understand the new paradigm of the digital world and how it poses an even greater threat than intercepting boats that travel across distant waters to seek refuge on Australia’s shores.

Cybersecurity brings with it, implications far more sinister and destructive than innocent boat people trying to flee persecution.

If Australia as a nation through either a Morrison or Shorten Government fails to heed the warnings of 2018 and what has been brewing, then 2019 could unfold as a point of no return for this country.

No clearer a demonstration of what the cyberworld holds and the insidious nature in which it can behave, is amplified through the foreign attacks on Parliament House – a haven Australians would think difficult to breach – and yet foreign interest groups did so easily.

This federal election should be seen by both Morrison and Shorten as an opportunity to be better and raise the bar of how we protect our virtual borders – as a point to wipe the slate clean and rethink strategy with the OAIC. This issue now becomes an imperative.

Now more than ever, our national security is a no longer a single focus platform. It cannot be seen as a silo to only strengthening our physical borders – the world has changed.

Technology continues to deliver us many great opportunities. It opens the doors to a world of unimaginable discovery and just as it has done that. It has also created more complex world, a greater threat far more difficult to guard and protect against without the right investment, strategy or resources.

As an election policy, both parties must canvass the issue of investing in cybersecurity. Both must show leadership in an area that may not prove popular as a vote winner, but is crucial to protecting every Australian.

What might appear to be the least popular political policy announcements carry a significant weight of purpose. This is where genuine leadership is shown and needed.

The OAIC should be an integral part in the administration and protection of our cybersecurity initiatives along with the Department of Homeland Security, Telecommunications and Information Technology, DSD and ASIO.

Whoever takes charge of our telecommunications and information technology and homeland security portfolios must ensure a greater level of protection for every Australian.

The government must accept its role in failing to rein in the OAIC. It has to invest in greater security standards and measures, or its failure to address what is a dire issue will become a reckoning of disaster that will prove fateful.

If the issues around the OAIC and cybersecurity continue to be of little focus, then the OAIC must be disbanded and a new model to protecting our data be rethought and adopted.

Michael Connory is the CEO of Security In Depth.