NEW FRAMEWORK TO ADDRESS TECHNOLOGY SECURITY RISKS

The Albanese Labor Government has established a new framework to consider the national security implications of digital technologies which could be subject to foreign ownership, control or influence risks.

The Technology Vendor Review Framework will support the Government to consider – and where necessary mitigate - the risks posed by certain technology vendors operating in and entering the Australian market.

The need for a framework was first identified under the 2023-2030 Australian Cyber Security Strategy as a key measure to ensure Australians can trust their digital products and software.

Australia is a net technology importer where foreign owned, controlled or influenced vendors supply and operate a range of technology products and services within our domestic market. These companies offer significant value and opportunities for our economy and society.

The majority of these vendors do not present a threat to Australia’s interests. However, understanding and managing the national security risks presented by technologies which could be controlled or accessed by a foreign state is a growing challenge.

If the vendor, through its product or service offerings, has access to sensitive systems or data, and has ties to a foreign government with interests which conflict with ours, there is a risk they could be compelled to act on behalf of that country against Australia’s national interest.

This framework will ensure the Government strikes the right balance in managing security risks while ensuring Australia continues to take advantage of economic opportunities.

It will ensure the Government fully understands the risks presented by technology vendors, to inform proportionate and consistent risk mitigations. The framework is founded on a risk-based approach, ensuring outcomes do not discourage technology adoption.

Since forming Government in May 2022, the Government has taken significant steps to address foreign ownership, control and influence risks. These include:

  • Passing world-leading cyber security legislation to enable the setting of mandatory cyber security standards for smart devices in Australia;

  • Directing Australian Government agencies to more stringently consider foreign ownership, control or influence associated risks as they relate to the procurement and maintenance of technology assets; and

  • Releasing new guidance to support public and private sector organisations in choosing secure and verifiable technologies.

As the international community continues to grapple with how to manage risks and opportunities relating to internet-connected technologies, Australia now has a proactive framework to holistically consider the risks and benefits relating to certain technologies and develop an Australian position based on our interests.

Consultation will be a key feature of reviews under the framework.

To ensure the integrity of the framework’s processes and protect information related to national security, the framework will not be made public. The Australian Government will engage directly with organisations and end-users, as appropriate, to understand the risks introduced by a product or service, and mitigations that may already be in place. 

Tony Burke