Last Friday (24 March) a small group of public and private sector leaders gathered at the Commonwealth Club in Yarralumla for an invitation-only luncheon hosted by the American Chamber of Commerce in Australia (AmCham).
They were there to listen to Chris Novak, a member of US President Joe Biden’s inaugural Cyber Safety Review Board.
Novak is the managing director of Verizon Cyber Security Consulting, and he knows his subject.
The subject, of course, was the ever-growing threat of cyberattacks.
Region was the only media invited to the event.
Mr Novak pulled no punches when describing the voracious appetite bad actors have for breaching secured systems, stealing data and demanding ransoms.
But sometimes, it’s not money the criminals are after.
Politically sensitive information, trade secrets, or just plain intimidation are the goals for some.
The endgame varies depending on who is doing the breaching and who is being breached, but in the public sector and government realms it can sometimes simply be bullying.
“In these cases, to some degree, it’s a little bit ego. A little bit playing around,” Novak said.
“It’s them trying to say, ‘hey I’ve got my fingers in your stuff just like I know you’ve got your fingers in mine’.
“And if anybody gets a little bit antsy, then everybody can kind of show each other that they’ve got the ability to influence a potential outcome.”
The New Yorker, who was named last year by the influential Security Magazine as a Top Cybersecurity Leader, says the threat cannot be underestimated.
“At the end of the day, cyber is one of the biggest threats we are going to face,” he said.
“As we look forward towards the future, everything in the world is cyber-connected.
“My view of it is that it’s going to be one of the biggest threats that we face. Even the militaries that we operate have a cyber component for the pure operations of them.
“If you could impact the ability of just a tank to roll forward or a plane to fly, you don’t even necessarily have to fight a war in the conventional sense because you can prevent someone else from being able to fight.
“So I think in that respect cyber is extraordinary. In terms of the things that we need to do, one of the biggest is collaboration.
“Organisations need to collaborate – private and public; organisations from a governmental standpoint: the US, Australia, UK, New Zealand, Canada.
“We’re already working very closely together, but the more partnerships and alliances around the threat, with an intelligence perspective, the better off we all are.
“Because we can learn of a threat before it has reached our shores and hopefully address it proactively.”
Novak isn’t a fan, however, of overbearing government intervention in private sector breaches.
He believes countering and responding to data breaches works best when there is an equal partnership.
“In most places where I’ve witnessed it work well, it’s worked well on a voluntary relationship where the government exerts a lot of influence and effort to try and make itself available,” he said.
“Its services and support are made available to potential victims of breaches, but not necessarily to the point of saying ‘by law you are compelled to involve us’.
“There may be some caveats for critical infrastructure, where there may be a broader national security interest.
“There could be a military interest or a geopolitical interest and that may take precedence over a small organisation having a breach or bank losing some of your financial data.”