At the Australian Cyber Conference Melbourne 2024, On Location with Sean Martin and Marco Ciappelli welcomed Brendan Dowling, Australia’s Ambassador for Cyber Affairs and Critical Technology. In this thought-provoking conversation, Dowling shared his insights on the evolving role of cyber diplomacy, the ethical implications of AI, and the importance of international collaboration in securing the digital world.
Guest: Ambassador Brendan Dowling, Ambassador for Cyber Affairs and Critical Technology, DFAT
On LinkedIn | https://www.linkedin.com/in/brendan-dowling-7812b4261/
AT AU Cyber Con | https://canberra2024.cyberconference.com.au/speakers/brendan-dowling
Hosts:
Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]
On ITSPmagazine | https://www.itspmagazine.com/sean-martin
Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast & Audio Signals Podcast
On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli
____________________________
Episode Notes
This conversation with Brendan Dowling gave us a glimpse into the strategies, challenges, and collaborations shaping Australia’s digital future—and reminded us all that the cyber frontier is not just a technical battlefield but a deeply human one.
The Role of a Cyber Ambassador
Dowling began by discussing the unique responsibilities of a Cyber Ambassador, a role that integrates cybersecurity into foreign policy at the highest levels. He emphasized how this position, once viewed as an innovative experiment, has become a strategic necessity for national security. As cyber threats grow increasingly complex and borderless, cyber diplomacy has emerged as a critical tool for fostering stability and trust on the global stage.
Strengthening Global Collaboration
During the discussion, Dowling highlighted the collaborative nature of Australia’s cybersecurity efforts. He explained how cooperation within government agencies and partnerships with international allies are key to staying ahead of emerging threats. These relationships enable critical information-sharing, strategic alignment, and unified responses to incidents, underscoring the interconnectedness of today’s digital ecosystem.
Navigating AI and Ethical Challenges
The conversation turned to artificial intelligence and its growing role in society. Dowling addressed the ethical considerations of AI development and deployment, stressing the importance of balancing innovation with responsibility. He described Australia’s approach to advocating for ethical design and policy frameworks that protect privacy and human rights while maximizing AI’s benefits.
Building Resilience in Critical Infrastructure
Critical infrastructure was another focal point of the discussion. Dowling acknowledged the increasing complexity of protecting vital systems, from industrial control processes to supply chains. He emphasized resilience—not only in preventing attacks but in responding swiftly and effectively when incidents occur. This approach ensures that essential services, such as energy and manufacturing, can continue to operate even under pressure.
Cultural Contexts in Cybersecurity
Dowling also reflected on the role of cultural differences in shaping cybersecurity strategies. He shared experiences from his international work, where addressing issues like online safety and disinformation often requires sensitivity to local norms and values. Tailoring cybersecurity approaches to diverse cultural contexts, he noted, is vital for fostering trust and collaboration across regions.
Conclusion:
As the conversation concluded, Dowling reaffirmed the need for continued cooperation, innovation, and cultural understanding in tackling global cyber challenges. Sean Martin and Marco Ciappelli expressed their gratitude, leaving listeners with a clear message: cybersecurity is not just a technical issue—it’s a global, ethical, and deeply human challenge that requires collective effort.
____________________________
This Episode’s Sponsors
Threatlocker: https://itspm.ag/threatlocker-r974
____________________________
Resources
Australia's global opportunity and responsibility: shaping a more secure region and a safer digital world (Session): https://canberra2024.cyberconference.com.au/sessions/australias-global-opportunity-and-responsibility-shaping-a-more-secure-region-and-a-safer-digital-world
Learn more and catch more stories from Australian Cyber Conference 2024 coverage: https://www.itspmagazine.com/australian-cyber-conference-melbourne-2024-cybersecurity-event-coverage-in-australia
Be sure to share and subscribe!
____________________________
Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage
To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast
To see and hear more Redefining Society stories on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-society-podcast
Want to tell your Brand Story Briefing as part of our event coverage?
Learn More 👉 https://itspm.ag/evtcovbrf
Australia's Global Opportunity and Responsibility: Shaping a More Secure Region and a Safer Digital World | An Australian Cyber Conference 2024 in Melbourne Conversation with Ambassador Brendan Dowling | On Location Coverage
Please note that this transcript was created using AI technology and may contain inaccuracies or deviations from the original audio file. The transcript is provided for informational purposes only and should not be relied upon as a substitute for the original recording, as errors may exist. At this time, we provide it “as it is,” and we hope it can be helpful for our audience.
_________________________________________
[00:00:00] Sean Martin: Alright. Marco. Sean. I feel represented. You are? Even though I'm not from Australia.
[00:00:07] Marco Ciappelli: As a cyber security professional. That's right. I feel represented as a human. Using technology. There you go. That's
[00:00:14] Sean Martin: important stuff. Somebody's looking at Apple. Citizens. And they represent many folks. I'm thrilled to have Ambassador Dowling on with us. Good to meet you, Dowling. Thank you. Very good
[00:00:31] Ambasador Brendan Dowling: to meet you.
And please
[00:00:32] Sean Martin: call me Brendan. Alright. Brendan. Marco, you, a few years back, got to meet another ambassador.
[00:00:40] Marco Ciappelli: Yeah. I believe he was the first. The first ambassador for Australia for cyber security, Dr. Tobias Feakin, and he was in Singapore, and at the time I was like, wow, they, you, you exist, like, people like you exist, and I was excited being somebody that looked at society.
Uh, politics and, and, and all my background is Sociology. I was like, that, that's an important step.
[00:01:06] Ambasador Brendan Dowling: Yes.
[00:01:07] Marco Ciappelli: And, uh, here, here we are.
[00:01:08] Ambasador Brendan Dowling: Well, and look up.
[00:01:09] Marco Ciappelli: What happened since?
[00:01:10] Ambasador Brendan Dowling: Uh, it, it, it, it, explaining to my mother what a Cyber Security Ambassador does, uh, was particularly challenging. And, uh, when she asked me where I would be posted to and I said Canberra, uh, that even added to the confusion.
[00:01:25] Sean Martin: That's Do you have the memes where this is what I look like or I think of myself and my role and this is what my mother thinks of me? Yeah, that's right. Exactly, exactly, exactly.
[00:01:36] Marco Ciappelli: That's really nice. Well, here's the first question. I mean, for me, it's the first thing that comes to my mind. What has changed since this was 2018?
[00:01:47] Ambasador Brendan Dowling: Yeah, look, I think, um, I think a lot has changed. Uh, I think we have recognized in that time. That cyber security is a core part of our foreign policy. So, I think when Toby was in the role, it was a new idea, it was a, and I think it was a non traditional idea to say that we should have a diplomat representing our interests into the cyber world.
Nowadays, there are many people around the world who have the title of cyber diplomat. Cyber Ambassador and that's a recognition that so much of our security, our prosperity is uh, uh, exists because of the digital world, um, is shaped by the technology that we use and unfortunately, uh, is not. is threatened by malicious actors, uh, who take advantage of, uh, the, the digital technology enabled world that we live in.
So, I think on the positive side of things, what has changed is that we recognize it's no longer an unusual idea. We recognize that, uh, Actually, cyber is a core part of our foreign policy. On the negative side, what has changed is that the world has become, uh, uh, more dangerous in cyberspace, um, uh, malicious actors are more capable, and vulnerabilities are more widespread.
[00:03:09] Sean Martin: Yep. Now, I don't know if you can speak to, I mean, I CISOs, and for them, the strength comes in the community. Yes. So the ability for them to have conversations off the record with each other, here's what we're seeing, here's how we're responding, here's how it's impacting our businesses, how we speak to our board of directors and our executive staff, um, do you have that same type of collaboration and camaraderie with your peers and perhaps with other roles within CyberSecure?
[00:03:45] Ambasador Brendan Dowling: Absolutely. I think across the Australian Government, um, You know, we have many legs of cyber security. We have my role. We have the cyber security policy functions in our home affairs department. We have our Australian cyber security center and we live in each other's pocket. So there's really very close collaboration.
Australia is a small system, relatively small. We all know each other, uh, probably a little bit too well. That's alright. Um, in the broader community, uh, I'm in constant contact with my, uh, colleagues. We share information about the type of, uh, issues that we're worried about. Um, we coordinate with partners on putting cyber sanctions on, uh, cyber criminals.
Uh, we coordinate on attributions. We say, we're really worried about these sectors. We think we need to publicly disclose it. We get on the phone, we share information. And then when we go into the multilateral world, we spend a lot of time preparing positions, sharing notes, and coordinating with each other.
So, it's a pretty deeply integrated community. I think there's a very strong sense that, uh, there are a lot of decisive moments happening and that we need to come together. And as you both know, as everyone at CyberCon knows, there is. Uh, these are transnational issues. No national government can come at these issues, um, uh, by itself.
And I'd also add, one thing I've loved about this role is the engagement with industry. I think, uh, I spend a lot of my time talking to industry partners, uh, and we're all pulling in the same direction.
[00:05:20] Marco Ciappelli: Yeah. Well, it's funny story, still around that, that period of time, 2018, we were at DEF CON, Las Vegas.
And it was one of the first time that while we were Throughout all the village, the, the aerospace village and, and, and many others. There was an actual delegation from the, the White House come in and meet with the hacking community. Yes. Which was a big step Yes. At the time because, you know, it was spot the Fed.
I seen the attack and since then, and we know a lot of people involved with CSA and, and all of that. It's been, I think, many, many steps have been taken. One question I have. In your role, do you and your peer also talk about ethical issues such as AI, guardrails, and how Europe is moving, you're moving. Is that part of your
[00:06:14] Ambasador Brendan Dowling: Yeah, absolutely.
So we all, um, I think, uh, you know, we all have sort of different These two faces we point into our own domestic system to be a voice in how we look at policy making around, uh, something like AI. That's a huge focus for us at the moment, but then look to shape how the AI ecosystem is developing globally.
So Australia is, is often a place where Price taker when it comes to those types of technologies, we have a lot of niche smaller capability but the big AI firms are usually operating out of the U. S. So I spend a lot of my time in advocacy and talking about, uh, with companies about what our expectations are, learning about how Technology works, how they're, uh, designing it and trying to have a really open conversation.
And oftentimes that does come down to an ethical, uh, question. There's no black and white lines. We should do it like this. We shouldn't do it like that. It's about how do we design technology. That achieves all the upsides, all the positives, while mitigating the downsides. And I do think AI is, um, uh, it's a new frontier, but it's not unprecedented.
We've dealt with these issues in a range of other technologies. We've dealt with the challenges of, uh, how you ensure, uh, the, the inputs, uh, uh, uh, safe, secure, uh, uh, kind of moderated. How do you ensure that the software is safe? It's doing what you think it should be doing and how do you ensure that it's not taken advantage of by malicious actors.
That's not always cybercriminals. That's how, particularly with AI, things can be tweaked to compromise on human rights and on privacy. So that's a really big part of the global governance conversation. And one that we need to be seriously tackling because the models are out there. They're being developed, they're being deployed.
Um, so there's a degree of urgency around it.
[00:08:12] Sean Martin: So I'm going to come down a bit from the AI and look more toward critical infrastructure. Industrial control systems, um, we've had some conversations prior to the CyberCon and also in the last couple of days where resilience is a big topic. Yes. And I know there's been a lot of investment in the U.
S. around supply chain, CMMMC, CMMMC. And, uh, understanding what you're Buying from whom you're purchasing it from, the risks involved in that, which if you start putting it in manufacturing or electrical grids or things like that, can have an impact on resiliency of the, of the nation or the states within it.
Um, how does your role look at some of that and partner with some of the other parts of it?
[00:09:04] Ambasador Brendan Dowling: Well, I think there's a real question there around our national resilience. But a lot of what I do in my role is talk to countries in the region, and they're usually at different stages of the kind of digital transformation than, than Australia.
So I spend a lot of time in developing countries in Southeast Asia and the Pacific, who are starting to think about these issues, but don't necessarily have. Strong policy or regulatory frameworks in place like we do here, and that means that, uh, particularly as technologies are coming into their critical infrastructure, as they're, uh, in things like industrial control systems, it's a challenge for us all and supply chain, uh, uh, Resilient supply chain attacks and understanding vulnerabilities in the supply chain is a challenge everywhere.
But it's a particular challenge if that's not the way that you're geared up to think about things. If that's not the expectation on, um, on your critical infrastructure operators, if that's not a conversation that you have between government, uh, and industry. So I think we have seen the hard way that, uh, even when you're doing everything right if you're operating, uh, infrastructure.
If you're not conscious of your supply chain and the vulnerabilities down the stack, you can be just as exposed. Now, no one's pretending this is easy, right? Finding and developing confidence in your suppliers. A lot of industries work on trust when you're buying a product. Sometimes, attacks are unknown even to the supplier you're working with.
So there's no, there's no If you just make more effort, you can find out about those vulnerabilities and mitigate them. It's a hard thing to ask, but I do think infrastructure operators are vastly more conscious of their supply chains than they were three, five years ago. And I think that's a good thing.
There's a lot of great companies out there filling the gap and saying, So, you've decided you want to know what's in your supply chain and helping you understand that. 2, 3, 5, 10 levels down, so I think we're getting better at understanding those risks.
[00:11:15] Marco Ciappelli: And often times, as you said, I don't want to sound like it's inevitable, but it's more about being ready.
What if it happens? How do we react? And how do we react quickly? And can we react quickly? From your perspective, TOGETHER. Yes,
[00:11:34] Ambasador Brendan Dowling: and that's a really important message. At a conference like this to say, you can do your utmost, you can do your best, but never think you're safe. Never think that it won't happen to you.
So plan out, when it happens, how do we respond, how do we recover, how do we get back up and running, how do we communicate. Uh, being deeply involved in some major cyber incidents, um, uh, here myself, uh, you don't want to be doing that after the incident. The more that you've prepared, thought it through, thought about second, third order consequences, uh, the better.
So no one, no one should sit there and have their SISO say to them, Don't worry. We're good. Um, that's great. Love the positivity, but what if we're not good? How are we going to respond?
[00:12:19] Marco Ciappelli: Sean, can I have the last question? Because I know we're wrapping here. That's about where change. Cause usually you die.
I'm really interested in the, in the cultural aspect of the thing coming from sociology and how so many difference there are in the region, different cultures, And I think you have a pretty tough job to, sometimes the ethical aspect of it, it's, you know, we can't really tell philosophically speaking, this is good, this is bad, again it's a lot of gray.
And some of the culture, because the way they are, may see certain things in a different way. Is that a challenge?
[00:12:58] Ambasador Brendan Dowling: Definitely. And I think, um, uh, Uh, in my travels, you've really got to be cognizant of the context. Um, you cannot go in, and we do a lot of, we talk to a lot of countries, we help a lot of countries, it has to be different in every place.
I'll give you a couple of examples, um, uh, uh, in the Pacific, when I go in and talk cybersecurity, uh, they also want to talk about, uh, We now have connectivity to our most remote communities with very traditional, very religious cultures. We're worried about content. We're worried about what that is doing to disrupt our social fabric.
Now, you can't say, oh no, I want to talk about cyber security, because it is all part of the same system. problem, the same question for many people in those countries. So we've got to talk the online safety issue. Another example I think is, um, everyone is concerned about miss and disinformation and how that is, uh, proliferating online.
There's some countries I visit where when they're talking about missing disinformation, it is actually, they're talking about political speech they don't like and they're wondering, well, what tools can their government use to, uh, limit that sort of, uh, Uh, what they don't see is constructive, uh, feedback.
Now, we have to be really careful, because we are just as concerned, and we have agencies like the eSafety Commission here, but we're very clear that when we use our powers as it relates to content, it is subject to the rule of law, it is subject to review, to judicial review, it is subject to transparency requirements.
And we do it very carefully. None of us want to get it into the realm of arbitrary application of power, uh, in cyberspace. Uh, and that's something we have to be very conscious of. Uh, the final point I'd say is, I come from a national security background. I often talk from a security perspective. Most people in this region want to talk about the good things that digital technologies are going to bring for them.
And they're worried about security in the system. If that undermines confidence, uh, and the trust that their people have in their, uh, digital government services, et cetera, that's a problem. If it undermines their ability to access, um, uh, the global economy, uh, that's a problem. What they're not necessarily, uh, what doesn't necessarily resonate is going in and saying, Right, geopolitics, pick a side, uh, Pick a technology, don't use that, don't use that.
It just doesn't work, it doesn't resonate. Um, the end game here is about how do we get the most positive experience, most positive benefits of the digital world. So, sometimes I have to sort of check my kind of pessimistic security perspective and say, no, actually this is about how we maximize the benefits.
[00:15:47] Sean Martin: I love it. Super interesting. Yep. Perfect. I love it. Ambassador, it's fantastic to meet you. Thank you. Hopefully not our last meeting. Last conversation. I have a gazillion questions. Maybe you'll join us again for another, another chat after the conference. I'd love to. I'd love to. Um, hope everybody enjoyed this conversation.
I'm sure you have questions as well, and hopefully a few nuggets you can take with you as you think about how you look at cyber security in your own, your own space, your own world. Uh, stay tuned. Mark, we're going to have lots more coming to you from AU CyberCon hosted by ASA, and uh, lots more. Stay tuned.
[00:16:20] Marco Ciappelli: Thank you.
[00:16:21] Sean Martin: Thanks very much. Thanks.