Monday, 11 September 2023

Quad Tech Network Dialogue – Reception Dinner

Subjects: Quadrilateral Security Dialogue, National Security, Australia’s Cyber Security Strategy.

Rory Medcalf: It’s a great privilege to be welcoming the Minister for Home Affairs and Cyber Security, the Honourable Clare O’Neil. But before I do that, I also want to recognise the many distinguished individuals in the room with us today, not only senior officials, from many agencies of the Commonwealth Government, and also with parliamentary colleagues, of course of the Minister, some of whom are here, some of them joining us shortly. Heads of Mission, not only from Quad countries, but from quite a substantial roll call with Australia’s partners and friends in the Indo Pacific and globally. So that idea of the Quad being really a kind of an island of trust that built around it, a network of like-mindeds, it’s, it’s really, it’s really quite substantial - the idea of Quad Plus.

And of course, the experts, all the scholars, the academics, the think tankers, the practitioners, friends from industry, who’ve actually made this Quad Tech Network what it is, what it needs to make it such a substantial addition to dialogue and the harvest of ideas for the interests of the four countries and for the stability and the interests of the region and the world. I know many of you have travelled long distances. I know it’s been a very fruitful day of discussions today and we have another day of such discussions tomorrow and last count, I think there are no fewer than 22 very substantial papers, with practical ideas for cooperation and collaboration on critical and emerging technologies that are at the core of this dialogue. Today, only one of those papers is published so far, and there are copies of that on your way out. So please, make sure you take the paper on biotechnology by my colleague, Dirk Van Der Kley and Dan Pavlich from the National Security College.

I want to thank the support of the department of - the Department of Home Affairs and the strong support that that department but also other agencies of Australian government, have given to the college and have given to the Quad Tech Network as it’s evolved over the past three years, I think incubated originally in Foreign Affairs and Trade and then developed really powerfully through Home Affairs.

We’re really grateful for your support that’s made this dialogue what it is. Just one last observation from me before I invite the Minister to speak the whole purpose of our getting together over the next few days apart from this wonderful venue of the great hospitality and this is very convivial moment, is very serious purpose. It’s about really pooling, the combined expertise and creativity of four democracies - of four really distinct and get like-minded partner countries for the common good, the good of our countries, but also for the good of the region and the world. And so I think we’re seeing already a very, very happy, but ruthless process of testing those ideas, and there’ll be more of that soon. And this is all really about providing insight to the policy, community insight, insight to government. So I guess, Minister, we look forward to those ideas that really get life within government beyond - beyond our dialogue today. So I want to thank all my colleagues who’ve made this happen. And they’ll be thanked again at the end of the dialogue. But a team from the National Security College have really done a lot of the heavy lifting for this for this project. And that’s really about building if you like, materials, resources for government.

Minister, your support of the College and our mission to engage minds for secure Australia is well known. I was just reflecting earlier that I was very grateful for your time on national security podcast earlier this year. So the minister needs little introduction to this group here. But just to note that Clare O’Neil, in her career, has engaged very much with the private sector very much at a community level, I think, in local government, including Mayor of Dandenong at an age that was frighteningly young for that field of endeavour, but consistent engagement with the world of education, ideas and technology. So, Minister, it’s an incredible privilege to welcome you to the podium. Thank you.

Clare O’Neil MP: Thank you so much, Rory just called this the karaoke mic before. And Dr Cathy Foley tells me she’s a big Air Supply fan. So watch out for that later guys. I want to say good evening to all of you ladies and gentlemen, I pay my respects to the traditional custodians of the land, the Ngunnawal and Ngambri people, and I acknowledge their thousands-long years connections to this place. And I acknowledge any First Nations people who are here with us tonight. And Rory, I want to thank you for that really warm and kind introduction, of course, Rory heads the National Security College and the College is leading really, really important work. And I mean that. Very influential on the thinking and the work that we do in government. So I want to thank you worrying for all of your national security college colleagues who are here. You mentioned also this sort of side hustle that Rory has his podcast, which is an absolutely must listen for those of us who are working in national security. So I’m quite into it already. Thank you. I want to acknowledge we’ve got a huge number of High Commissioners ambassadors and other dignitaries in the room here.

We have three other very important people who I’ve saved to last here, we’ve got Josh Wilson, who is the member for Fremantle, and a really good friend of mine, sometimes pool buddy, we play pool together. Josh is also a member of the Parliamentary Joint Committee on Intelligence and Security. He is a really important and respected voice in the national security conversation in our federal parliament. And it’s great to have him with us. And we’re soon to be joined by to shadow ministers who are from the other side of politics - Simon Birmingham, the leader of the opposition in the Senate, and the Shadow Foreign Affairs Minister and Senator James Patterson, the Shadow Minister for Home Affairs. And I really want to acknowledge them, we’ve also got Arthur Sinodinos, who is with us who is a former senator in our parliament on the conservative side of politics. And I just want to make that point to you because it’s really important for us to convey to you in the strongest possible terms that people like Arthur and James and Simon and Josh and myself are not here tonight representing the Labor Party or the Liberal Party. We’re not representing the government or the opposition. Instead, were reflecting what is the strongest possible bipartisan commitment to the Quad. And that is based in a shared and real belief that this group of four countries in collaborating and working together has a genuinely game changing possibility for us in reshaping the national environment - the national security environment that we face.

Now I know that there’s a big conversation that I actively participate in about what is going on in democracies around the world and we certainly see really significant challenges being faced by some of our closest allies in their democratic processes. And Australia is not immune from those issues. But what’s really important is while we have that public discussion about the issues facing our democracy, we also take time to step back and observe those moments of democratic strength. When the Morrison government lost the election in 2022, the fastest transition to a new government that has occurred in Australian history was facilitated. And the reason that the parties work together to make that happen, was so that new Prime Minister Anthony Albanese could get on a plane to represent the interests of our citizens overseas in the Quad. So Simon, Josh, and James and I are part of what is a very high contact sport of Australian politics. But some things are bigger than politics, and the court is one of them.

So tonight, I want to talk about two things. First, why I think the Quad offers such a transformative opportunity for us in tackling some of the national security challenges that I spend every day thinking about. And second, I want to speak a little bit about a specific problem in cybersecurity that I think the court has great potential in helping us resolve. Rory you mentioned when you open that we’re here today on what is the anniversary of 9/11. And what happened on that day was without question, an act of sheer brutality and total inhumanity and of incredible bravery and strength and community. It was a day that none of us will ever forget not just an attack on our greatest ally, but an attack on the very foundational beliefs that also created the Australian democracy and the society that we enjoy so much here. That terrible attack transformed the global threat landscape. And for the 20-odd years that followed, religiously motivated, violent extremism quite rightly dominated the national security threat landscape. Our national security threat landscape is changing. And when I look at what’s happened over the past five years, in particular, I think we see some profound and radical shifts that are going to mean that we need to adapt how we think about national security challenges, and certainly how we change them. So terrorism is, of course, a very significant issue for our country and something that the Australian Government is very focused on. But even terrorism is changing.

Today, the likely perpetrator of a terrorist threat is just as much someone who is an ideologically motivated, violent extremist who has radicalized themselves online, and then acts alone using a weapon that’s easily available in their orbit. Last year, ASIO downgraded our threat level from probable to possible. So that doesn’t mean in any way that the threat of terrorism in our country has been extinguished. But as the Director General of Security, Mike Burgess, has warned us repeatedly over the last two years, Australia is facing now an unprecedented threat. And that is the threat of espionage and foreign interference. All this brings me to one of my core portfolio responsibilities, which is cyber security. This is a problem that is so profound and so significant, it literally touches the lives of every single person in our country.

We have got radical shifts in the global world order, which are driving us into a new national security age. And it’s technology that is turbocharging every single one of those dynamics that I just talked about there. It’s in the way that we see tech platforms promoting mis and disinformation, which spreads like a virus, radicalising citizens and feeding a culture of conspiracy that not only degrades our democracy, but in some instances is actually inciting people to violence. It’s in the way, it has become so easy to track people walking around as we do with very high-powered computers in our pockets that can see where we are, and that can listen into our every word. It’s in the way that information is being collected about us all the time, our facial imagery, and digital keystrokes, the places we go and the things that we buy. And all of this information, of course, as we know, is being gathered in troves of personal data that could one day be used against us. It’s in the way that AI and cyber attacks are fundamentally changing the way in which conflict will unfold. And in the way that cybercrime, whether it is at the hands of state actors, or criminal gangs, or petty thieves is now a drumbeat in the daily lives of most people across the world.

So our government’s view is that Australia faces the most dangerous set of strategic circumstances since the Second World War. And it’s technology that’s evolving at these breakneck speeds, which is exacerbating these circumstances and bringing them right into the centre of the lives of the people that we are representing this room. When 9/11 hit, it was an earth-shattering event. And we did not have the time have the partnerships and the institutions and the norms that we would need to solve that problem. We had to build them. And some of the people who are here in this room were instrumental in making that happen. Now we need to do it again, but in a different national security context.

Not long after our government was elected, we experienced the first of what have been three profoundly shaping effects on the cyber security conversation that we’ve had as a country. And it is in the wake of those really significant attacks that we saw on Optus and Medibank, and Latitude that I announced that we would be developing a new Cyber Security Strategy for Australia, there is absolutely no question that even if we look at two years ago, we’re in a different world for cyber from a threat perspective. But also from the public focus. There is an urgency now in the Australian community, for us to be doing everything we can to protect them from this problem. And it’s really an exciting moment for me, because we are getting very close due to the hard work with some people in this room. We’ve got Pete and Hamish from my department, but many others, that we are at a very close stage of finalizing that strategy and releasing it to the public.

So the Strategy, from my perspective is, you know, simple and complicated, simple and its goal, we want Australia to be one of the most cyber secure countries in the world by 2030. And the goal for us in this Strategy is thinking about what that 2030 world might look like, and what are the real things that we’re actually going to do as a government over the coming two years to build and support that universe. There’s lots of parts to the Strategy. And I’ll speak with many of you in this room about those specifics as we as we get a bit closer to the launch. But the thing that I do want to talk to you about today is about safe technology. So by 2030, we envisage a world where Australians can trust their digital products and software are safe when they buy them off the shelf, just as we can for so much of the products and services that we use in the physical world. And to create that world, we are going to need to do two very important things.

The first is a mindset shift, we’ve got to stop leaving citizens and small businesses and other people who are quite vulnerable and unable to do much to reshape the cyber environment around them, we need to help them, we need to use the power of government and the power of big institutions to help protect people better from this problem, and shift responsibility to those who can actually literally change it. And we need to make safety a core part of technology rather than just an optional add on that you might be thinking about after the product is designed. So I’m very concerned about this problem, not just because of the environment that we’re in at the moment, but really because I can see quite a bit about where we’re going. And I don’t need to give anyone in this room a lecture about regenerative AI because Cathy Foley can do that for us when she takes the karaoke mic. But there’s some really big things changing in the technology world, that will mean that if we don’t make some shifts in our thinking about secure by design, then we are going to face a world of very unsafe products as we go forward.

So one of the things I’m thinking about, of course, is the internet of things. So we are moving into a world where every appliance and every electronic device around us is going to be connected to the internet. And these devices are going to be talking to each other about us. We’re thinking about electronic devices in your home, your car, every part of our city and our workplace. This is a world in which we want safety to be a first port of call for the design of these products. But as I think many of you in this room would know, the cyber security of a lot of these products today is absolutely terrible, if it’s there at all. So we set these standards for products in the physical world. But the principles of safety by design haven’t yet penetrated in the world of digital.

And I want to just share a quick example to you. I’ve got three really young kids. And I want to just talk about two products that I think a lot of Australians have in their homes where we see vast differences in the way that we’re thinking about safety and security. The first is a child’s car seat. So we’ve got lots of parents in this room. And many of you can probably remember that first time that you put your little baby - taking them home for the hospital in the car seat and you’re anxiously pulling on everything to make sure that everything in the car seat works. You don’t care about whether the car seats comfortable or whether it matches the colour of your car’s interior. All you care about is - is it safe? And is it going to take your baby safely home with you. Now of course we would not allow an unsafe car seat to be sold in our country. We’ve spent a generation trying to make sure that people who design these products, that they are safe to use, when you need them.

Now, think about another device that all the parents in this room would be aware of, which is the baby monitor. Now, baby monitors today, you can see if your baby wakes up for a lot of you, you can open your phone to check what baby’s doing, and whether baby’s had a bottle. And the monitor allows you to do that because it’s connected to the internet, which is wonderful technology. But in many cases, lousy cyber security, we are talking about products here, which are integral for the lives of our children. And yet no one has thought about the cyber security and what could be done with those images. So what’s missing here is that secure-by-design software, which makes it really hard for hackers to get access to the device, and a safety standard sticker on the back that enables a consumer to see - a mum who goes into the shop or a dad who goes into the shop - that consumer to be able to see at a glance, that the design of that product has thought about security from the very beginning, just like the car set manufacturer must comply with that set of mandatory standards if they want to be allowed to put a safety sticker on their product.

So we want to world and I believe we’re moving to a world where we’re thinking about these things in a really systemic way, that you shouldn’t be allowed to put things on a shelf for an ordinary Australian to come by and pick them up and buy them if you know those products are inherently unsafe, or if you haven’t bothered to think about it, we can’t be so lax, about how we think about these issues anymore. So something we’ve heard again, and again, when we travel the country and talk to them about the cyber security strategy is also the lack of information. So why is it for example, that there is no real discussion and accreditation for products, for example, that tell you whether these are cyber secure or not. So these are things that we are thinking about at the moment in the context of the strategy. So the next seven years will be about more than just making sure that baby monitors and washing machines are safe, although these things are important. But the other thing we need to do is really think about where technology’s going, and how we’re going to make sure that these principles are being thought about in where technology will take us.

Ultimately, what we’re here for is making sure that the government is thinking ahead about these problems, we have great visibility about where cyber security is going, we have great understanding about what the cyber threats are, what we haven’t done is do the public policy work to make sure that we are using that knowledge to protect our citizens. And at the end of the day, that’s what I’m there for.

So I want to come down to the importance of the Quad in all this because Australia is far from alone in the problems that I’ve described. And we cannot be, because the thing about technology is that it does not respect land borders. So the Quad and the Quad Tech Network are enormously valuable and important to trying to make the intellectual shifts about this problem that I’ve just described here. If we can work together so that Quad partners adopt the same set of standards for digital devices and software, then you can immediately see what a powerful impact this will have on technology around the world.

And so one of the calls to action I want to make to you tonight is to think about this in your discussions tomorrow. How can our Quad partners work together to create a digital future where security by design and default is at the centre of how we think about the development of new technology, the Quad is going to be enormously powerful in how this conversation evolves.

One of my best friends in politics is Tim Watts, who is our Assistant Minister for Foreign Affairs. And he’s always reminded me in the we’ve been in Parliament together for 10 years, he always reminds me there is nothing that is destined about the development of technology, we get to make choices, and we get to shape where technology goes and the impact that it has on our lives. But to do that, like-minded countries are going to have to work together.

And when I look at the policy debate that we’ve had about technology and security issues over the last decade, what I see is a lot of people talking about possible solutions. And I think one of the reasons that we haven’t been able to translate the concerns of the public is because big like-minded countries have not been working together in a way that they will need to do. Together, the four countries in the Quad make up 40% of global GDP. So these four democracies have enough buying power, which is clearly big enough to transform the dynamics of how technology is invented and developed. Not in piecemeal ways but to demand that cybersecurity and national security and the protection of our democracy are built in at the design stage. We are great and trusted friends, these four countries with shared interests that are so important and obvious and profound, that I’m incredibly confident that we’ll be in a room like this probably in 20 years’ time, talking about the great achievements of this group of countries working together.

One of the reasons the Quad is so brilliant is that the four countries that have come together under this banner has such complementary skills. That is, we’re more than the sum of our parts. To name just a few examples in the US, we’ve got this incredibly rich history of software innovation. India has more IT workers, I think, than any other country in the world. Japan offers incredible expertise in precision manufacturing, material science and chip design. In Australia, a smaller economy but profoundly dynamic. And our country has something which is becoming more rare and more special by the day. And that is a parliament that, though clunky and adversarial, can pass difficult, complex national security laws, usually with bipartisan support. And in this age, looking around the scope of all the countries in the world, that is a very precious thing that we should hang on to.

So when it comes to the Quad, what also gives me great confidence is, of course, it’s not just about potential, already, this group has achieved so much whether it’s thinking about identifying risks in the software supply chain, or demonstrating a commitment to software vulnerabilities and setting minimum cyber standards.

Now, and I’m saying all this in a room full of people who believe so deeply in the Quad that you are devoting yourselves to supporting this endeavour in very real ways. And the fact that Rory - you mentioned 22 papers were presented today, it’s really astounding, it is amazing the volume and the quality of work that is happening to support this endeavour. I know what you know, and that is that we need this to work, and it will. We’re living in a new age of national security, and that necessitates a new kind of partnership to tackle those challenges. So I want to thank you, all of you for your efforts. I want to wish you the very best of luck for the full day that you have tomorrow. And I really want you to know that you have the full support not just of the Albanese government, but in this endeavour the entire parliament. So thank you for having me here tonight. I really appreciate it and I’ll hand back to Rory. Thanks.