The federal government has unveiled a final set of regulatory principles intended to help companies secure supply chains for critical technologies such as artificial intelligence and quantum computing.
The voluntary ‘critical technology supply chain principles’, released by the Interior Department on Monday, come a year after the government first proposed a set of principles.
The 10 principles are intended to be used to make decisions about vendors and their products, reduce “unforeseen threats” by developing critical technologies, and build business resilience.
Critical technologies are defined as “current and emerging technologies with the ability to significantly improve or pose a risk to our national interests,” such as artificial intelligence and quantum computing.
“Australia is a world leader in key research areas, such as advanced manufacturing, and Australian industry is ready to invest in emerging technologies,” Internal Affairs said in a document. [pdf]
“However, foreign markets satisfy many of our technological requirements and Australia imports many technologies and components that we are not in the best position to produce locally.
“To facilitate greater investment and resilience, we must ensure enduring access to a diverse, secure and reliable supply of critical technologies.”
The principles, which have been modified slightly since they were first proposed to reflect industry feedback. [pdf], are grouped into three pillars: security from the design, transparency and autonomy and integrity.
The agreed upon security-by-design principles include understanding what needs to be protected and how it can be done, and incorporating security considerations into all organizational processes.
Internal Affairs said that the adoption of such principles would mean that “clients do not need to have specialized knowledge and that risk that they are not in the best position to manage is not unfairly transferred to them.”
Other principles agreed to in the transparency and autonomy pillars include establishing and communicating minimum transparency requirements and considering whether suppliers are operating in an ethical manner.
Internal Affairs has recommended that organizations apply the principles to their own operations and their direct suppliers as a first step, and “carry forward the expectation that those suppliers are doing the same.”
“By choosing to apply the principles, governments and businesses will be better able to adopt critical new technologies, buy or use products and services with greater confidence, and securely reap the full benefits,” he said.
“Other potential benefits include better supplier relationships, clearer expectations for suppliers, increased customer confidence that translates into competitive advantage and better resilience in times of crisis.”
Home Affairs Minister Karen Andrews said the principles will give businesses and consumers the confidence to embrace, invest in, and further develop critical emerging technologies.
“These principles come at a vital time, both for Australia and for our critical industries,” it said in a statement.
“We face unprecedented threats from a variety of malicious cyber attackers, growing geostrategic uncertainty, and we are increasingly reliant on technologies that can be hacked, held for ransom, or otherwise disrupted.”
Andrews added that the federal government “would lead by example and use the principles in its own decision-making practices.”
The principles are intended to work in conjunction with the shortened version of the Security legislation amendment bill (critical infrastructure), which is currently before the Senate.
The bill is intended to rush new cybersecurity incident response acquisition powers for Australia’s Directorate of Signals, a deeply unpopular move with tech companies.