Thank you very much.
I have just developed a paper that looks at some of the key cybersecurity challenges. I have extended my thinking beyond the technical to those that I think are important for both of our governments.
I've explained to you that I think there is a need for a clear understanding of cyber threat. The diagram I have provided explains to you through a little flower picture that there are different vectors of attack, so cybersecurity and cyber threat is not the traditional understanding of technology, of computer network security, but it also covers issues such as law and policy and administration. Therefore, when we are looking holistically at cybersecurity, we must get all those elements aligned.
One of the issues I focused on in Australia for many years is seeing cybersecurity as part of national security. Very often, those of us who are considered experts have come from technical backgrounds where we have been applauded and awarded funds for particular niche pieces of technical research, but there has been a reluctance for academics to see their work as part of national security. Somewhere within the policy mechanism of government, of prime ministers' departments and those departments that deal with the more secret issues around cybersecurity, there has to be an alignment of the agendas of the computer scientist and that of the national security agencies.
The other issue I've raised with you, which obviously I've been working on in Australia for a couple of years, is that as there is more of a focus and more of a need to deal with cybersecurity as part of national security, it's really important for us as countries and as allies to define what a cybersecurity practitioner is. We need to be able to answer the question: Who is an expert in this field?
We, in Australia, have done some work on that over the last couple of years actually to develop a national standard, professional standards in cybersecurity, so that we can answer the question: Who is a cybersecurity professional and who is a cybersecurity technician? This makes workplace issues, HR issues and government employment issues much easier, because our discipline has grown in some ways as an art rather than a science.
I've indicated the type of work we've done in developing national professional standards.
The last point I was making was essentially, in all of our countries, we're going to have a limited amount of money for research, for training, for alignment of cybersecurity with national security. We each have cohorts of researchers who are able to do really good research in areas such as artificial intelligence, machine learning for cybersecurity and IoT security, but very often I find as an academic that the research and teaching agenda is not aligned with the national security agenda.
I can do wonderful publishable work, but in a constrained environment. It's sometimes very unclear from government what they might do with the outcomes of my research. It's very important from a policy point of view to align research funding policies and education policies with the national security policies, the national security environment, so that we actually fund work that is important to the country.
I'll stop there.