Australia still has a way to go to become an infosec world leader

Australia is far from the largest cybersecurity marketplace in the world, but that hasn't stopped Prime Minister Malcolm Turnbull from having soaring ambitions of Australia becoming a leader in both the Asia-Pacific and internationally.

As part of his national innovation and science agenda last year he unveiled plans for an industry-led "growth centre" that will facilitate cyber security research and development. The centre was touted again in the government's new cyber security strategy, unveiled in April.

It is intended to ensure Australia is a "global industry leader" able to "export products and services in the global marketplace" while helping Australian organisations address the growing threat of cyber crime.

While it all sounds great, at current standing we lack the innovation and growth culture that is required to reach these lofty heights.

A recent story about the Pegasus malware has once again drawn the industry's attention to Israel as an exemplar in cyber security industry growth, leaving me to wonder - are there lessons Australia can take to mimic its success?

There's a variety of reasons Israel has established itself as a real challenger for the title of cyber security industry growth and development leader globally.

Firstly, its policy on military service means that, aside from a few religious exemptions, all citizens are conscripted into national service at the age of 18. The selection process sees every teenager take a series of medical, cognitive and psychological examinations which determines where they will work. And this is where it gets interesting.

The Israeli Defence Force (IDF) has an intelligence unit - globally renowned for its hi-tech capability - known as 8200. To get into 8200, conscripts go through a long and arduous selection process, ensuring that only the most suitable and talented recruits are placed in this unit. 8200 is the primary unit of the IDF that engages in both cyber defence and cyber offense.

Every single 8200 recruit will go through rigorous training in offensive security operations, cyber security architecture and the discovery of vulnerabilities and weaponising of exploits.

Furthermore, each trainee will go through the typical military training of physical and mental capabilities, giving them all the basic skills they need to promote the discipline and leadership qualities needed in the real world when they leave their national service.

It’s no surprise Israel is fast becoming a leader in cyber security innovation since the IDF is continually churning out experts with the qualities that make the best private sector cybersecurity professionals. Its people are leaving the military with the most progressive, up-to-date offensive and defensive cybersecurity knowledge, emerging into the world of business as the “perfect hires” for tech start-ups.

Cybersecurity Ventures' Cybersecurity 500 list of the world's "hottest and most innovative" infosec companies listed 26 such businesses in Israel. Australia has just two: Deakin University and Tasmania's Stratokey.

So the big question is, how can Australia's cyber strategy engender the same levels of success in infosec innovation, growth and research that the IDF does in Israel?

It goes without saying that Australia does not have a comparable level of national threat and security awareness, making conscription not an option. Conscription allows Israel to shape the best and brightest cyber security prospects, whether they know it’s their destiny or not, into the cyber defenders of the future.

Without that ability to sweep the entire populous, there will inevitably be people who might have been right for the industry that end up working elsewhere.

But finding the right talent is only one of the problems Australia faces.

A similarly big issue is that Australian business budgets are still not reflective of the goals the government set in the strategy given most don't yet properly recognise the value of cyber security research and development.

Both of these problems combined means the government has its work cut out building Australia into a cyber security innovation hub.

Maybe the answer lies in a strong collaboration between the security profession, industry and government, facilitated by the work of the cyber security growth centre.

Without the immediate threat that fuels Israel's development program, however, there is a massive risk that Australia will fall at the first hurdle: getting citizens to actually care.