Opinion: If the recent cyber attacks and data breaches making the news in Australia have not given organisations across the country pause for thought to consider where and how their data is held and secured, they probably should have, writes Sarah Sloan, head of government affairs and public policy for Australia and New Zealand, Palo Alto Networks.
To continue reading the rest of this article, please log in.
Create free account to get unlimited news articles and more!
This article originally appeared in Defence Connect’s sister brand Cyber Security Connect.
Given the severity of the impacts these recent breaches have had on Australians, it comes as little surprise that the federal government is paying particular attention to the security of its data and the suitability of its national data policies, regulations and guidance.
Globally, there has been a growing trend towards governments adopting data localisation policies, laws or mandates that require data to be stored and/or processed on infrastructure within a country’s borders. However, this is a very nuanced conversation and not one to be taken lightly.
Data localisation does not equal data security
It is important to remember that the security of data depends mostly on the logical and physical controls that are used to protect it — elements such as strong data encryption (at rest and in transit) on devices or perimeter security for physical data centres, and how well data is segmented along with the control of access to the data — not just where the data is stored.
There are pitfalls to conflating data localisation with data security — one where we risk security complacency from organisations which may assume that because their data is stored onshore, it is secure. With the current cyber threat landscape, complacency is something we cannot afford when it comes to cyber security.
The real-world impacts of data localisation
The world had the chance to see the impacts of data localisation policies firsthand in the early days of the Russia-Ukraine conflict.
Ukraine’s data protection laws initially prohibited its government authorities from processing and storing any data in the public cloud. This meant that public sector digital infrastructure was run on local servers in the country and could not leave its borders.
Having data held only on local servers put Ukrainian data and hardware in danger from kinetic attacks — such as missiles and artillery bombardment — while also putting it at greater risk of cyber attacks.
While Australia certainly doesn’t face this type of kinetic attack, forced data localisation can essentially replicate the inherent limitations of data centres, and increase the risks from natural disasters to cyber attacks that result from consolidating data in one physical location.
The free and real-time flow of security data underpins our collective cyber defence
Security data — also known as system data — is data relevant to, or used for the purposes of security research, services, or solutions such as the development of patches. It can include device and network information, as well as other information such as URLs/domains, session data, threat intelligence or data, and “telemetry data”.
Data localisation policies that restrict the free and real-time flow of security data across borders can have serious and significant impacts on our collective cyber security defence.
Today, cyber attacks are becoming increasingly sophisticated and automated, launched by adversaries anywhere in the world and hitting targets in all countries. Governments, businesses and citizens are being systematically targeted by threats which may or may not originate from inside the country in which they reside. Perhaps this is why, according to a recent Palo Alto Networks survey, 74 per cent of Australians are currently fearful of a nationwide cyber attack that will impact their daily lives.
To counter this, the cyber security community regularly leverages security data, in which cyber threat information from around the world is combined to develop a global picture of cyber adversaries including their techniques, tactics, infrastructure, motives, and the like.
Effective cyber security requires connecting the dots between different threats and taking immediate action to automatically deploy defences against these threats. Given threats can originate from, and target anywhere in the world, security data needs to be freely transferred in real time between nations to best understand and counter the full range of cyber adversaries and the threats we all face.
In addition, victims and perpetrators of cyber attacks are also frequently located in different jurisdictions, therefore the work involved in combating cyber crime and reducing threats often relies on free cyber intelligence sharing across borders as well as international cooperation across countries.
Cyber security is a collective effort
For the cyber security community to be most effective, security data must be made as accessible as possible, enabling the combining of security and cyber threat information from as many countries as possible.
After all, our cyber adversaries do not recognise national borders.
This is just one of many reasons why the Australian government should pursue policies and approaches that promote the free flow of security data across borders instead of restricting it; the free flow of security data across nation-state borders is integral to cyber security.
Sarah Sloan is head of government affairs and public policy for Australia and New Zealand at Palo Alto Networks.