Exclusive: Meet Australia’s Ambassador for Cyber Affairs

By Nurfilzah Rohaidi and Apala Bhattacharya

Interview with Dr Tobias Feakin on cyber strategies and the importance of international cooperation.

In 2016, Australia appointed the country’s first-ever ambassador for cyber affairs. This role is dedicated to bringing together the Australian government and other countries internationally on cyber issues.

This follows a trend of countries undertaking diplomacy around thematic issues, rather than strict geographical boundaries. Denmark’s Tech Ambassador works with tech giants in Silicon Valley - the kind that are enormously influential in their reach. Singapore’s appointed Design Ambassador is based in Paris, where she promotes Singaporean design and attracts talent and investment back to the country.

Australia’s appointment of the ambassador underlines how cyber issues are a “real key issue now for government”, says Dr Tobias Feakin, the man at the helm. “There was a recognition that it was hard to avoid international affairs which didn't have some form of cyber component.”

Growing defence capabilities

Feakin’s role is broad, encompassing cybersecurity, economic growth, the digital economy and the cyber space as a whole. “We felt that there was a senior position required within government to pull together all different strands of work streams in government and develop them in order that we had a clearer and malleable voice,” he explains.

One part involves tackling the growing issue of cyber crime in the APAC region. He works with nations to build approaches to cyber crime: this could mean helping them develop digital forensics technology, or rejigging the legal system so that judges know how to prosecute perpetrators based on the severity of cyber crimes, he says.

Here, one challenge is the fact that many populations in this region are just coming online for the first time. “We've got, just last year, just over 50% of all the world’s users of the internet in this region,” Feakin points out. First-time users are the most vulnerable, according to him: “They won't quite understand the dangers of being online”. Furthermore, countries that are new to the internet will not have cyber approaches as well-developed as their peers, he notes.

On the upside, there is a “monumental opportunity” for these countries to be more aware of cyber threats, and understand the most effective approaches, even as they develop their nascent digital economies, he explains. For instance, the boom in mobile technology has allowed “remarkable” growth in Vietnam and Indonesia despite a lack of communications infrastructure, he shares.

Feakin and his team have worked extensively with Papua New Guinea in building a cybersecurity operations centre, developing cyber security governance frameworks and even creating an emergency cyber response team. Meanwhile, Australia has signed a MOU with Indonesia to collaborate on cybersecurity skills and policy training and awareness-building, and works closely with Singapore as well, he adds.

Australia also has a capacity building programme with funding to assist countries in developing cybersecurity frameworks, management responses, and policies, he explains.

Calling out the attackers

Feakin’s role is also shining the spotlight on state-sponsored attacks. “We've been doing a lot of attribution of malicious state activity - attributed the WannaCry ransomware incident to North Korea, and a malware strain we attributed to Russia,” Feakin says. And in December last year, Australia publicly named China as responsible for cyber attacks against private companies for the first time, reported ABC news.

His team leads discussions on how international law can be applied equally online and offline, and rallies government leaders to ensure that there is some form of consequence when cyber crimes happen. “I really think it's important that they are called out, that the perpetrators are identified, and we want to change the behavior,” he remarks.

In 2015, the UN published a report outlining 11 non-binding norms of cyberspace. They include, among others, an understanding to not attack a country’s critical infrastructure during peacetime. Australia put these norms into its policies and published them in 2017, and is now encouraging countries to do the same. “We'll be doing a lot of outreach work highlighting some of the areas of work that we've been developing and how we go about it.”

This year, the ambassador expects more progress in outlining how international law applies to cyberspace. “We’ve agreed that it does; now we just need to get some finer details and ensure that we make a more stable environment and try to roll back the activity that seems to be blurring what we’ve agreed to,” he adds.

At the same time, Australia hopes to help its partner nations in the region become more cyber secure by “developing that cybersecurity understanding, their policies, their technical approach”. Ultimately, it is a win-win situation for all involved. “If our partner nation increases their cybersecurity, we stand to benefit as much as they do [as it creates] a more stable market environment to be engaged with,” Feakin remarks.

Strengthening the home base

Feakin's work as ambassador requires him to engage the private sector as well. “We can't do without them; we can't do the whole thing alone,” he remarks. The government announced in 2016 that it would create Joint Cyber Security Centres, and they were established in major cities across Australia between Feb 2017 and Nov 2018. They will bring together a range of companies from telecommunications, banking and other infrastructure sectors to improve cross-country coordination.

He hopes to ease the way for small to medium cybersecurity enterprises to sell to public sector. “What we did find as well was that often Australian companies would very quickly move to other markets to sell their product,” he notes. “The government realised that we needed to do better at being able to benefit from small to medium enterprises and some of the innovative products and services that they put forward.”

This was tackled in two ways: first, the government looked at streamlining procurement platforms for SMEs. And second, the Australian Cyber Security Growth Network and the Department of the Prime Minister and Cabinet have been running GovPitch since 2017, an initiative that allows these SMEs to pitch their products to “very senior officials” and decision makers. “It's been a very good way of giving direct access to government,” Feakin says.

Feakin has also been engaging universities to develop courses that develop necessary skills in cybersecurity. “We realised that in the tertiary sector, we need to be better equipped,” he explains. Since 2016, Australia has started accrediting specific universities with the Center of Excellence marks from the government for their cybersecurity courses. “Also we're doing a huge amount of outreach in schools for broader STEM subjects and highlighting the types of careers, cybersecurity jobs needed, and also trying to look specifically at gender imbalances in this area of work,” he adds.

Feakin hopes to see some progress in discussions around how international law will be applied in cyber space. “I'm excited about the opportunity to have a hard negotiation with different countries and organisations.” The region’s economic growth is another area he has his eye on this year.

There is much to be achieved in a short span of time, but as the cyber space permeates our daily lives in exponential ways, the importance of this work cannot be understated.