GovTech Review March 2025

Page 1


CYBERWARFARE 2025: AI WEAPONS AND STATE-SPONSORED CHAOS

DEMYSTIFYING ZERO TRUST: THE NEXT EVOLUTION IN CYBERSECURITY

AI AGENTS: ENHANCING EFFICIENCY AND ENGAGEMENT

MARCH 2025

Insider

As this edition of GovTech Review goes to print, we would have to agree that we are living in interesting times, with major global unrest, military conflicts and some of our world leaders (who will not be named) appearing to be determined to create even more chaos and allow the tech barons free rein with our data.

Such situations embolden various nefarious cyber actors to increase their activities. For example, it has recently been reported that Australia’s critical infrastructure sector is now the fourth most popular target for cyber attack. Warfare is not only happening in the Middle East and Ukraine: it is coming to a business near you. Understanding Zero Trust principles and utilising safer authentication methods such as MFA and passkeys are now the bare minimum essentials in this environment.

As for the influence of certain tech billionaires: can our government stick to its guns? It remains to be seen…

And of course we cannot escape the subject of the day: artificial intelligence. Recent news revealed that Centrelink has been implementing automated AI-based decisionmaking systems, bringing up once again reminders of the Robodebt scandal. Hopefully the lesson has been learned and there is better human overview of such systems this time around. AI presents great promise for improving citizen services, as long as it is pursued with security and transparency in mind. If the purpose of government is to support the people, then it is the human aspect of government services that need to be front-of-mind in any technology advances: whether it is managing IT systems or providing public services.

Recent government bans on Chinese AI system DeepSeek and products from Russian-based cybersecurity company Kaspersky have also been noteworthy. The DeepSeek ban in itself is interesting: one industry insider has commented to me that because DeepSeek is Open Source, there is no reason it cannot be downloaded, implemented and trained independently of any overseas influence as a lower-cost custom AI system. But we mustn’t forget that those who want to use AI for cyberattack purposes also have it available to them. Like everything with AI, there are polar extremes in interpretation of the facts, just as we see in politics!

In this issue, we are once again presenting our Leaders in Technology feature. We have asked some industry leaders to give us their thoughts on 2025, and what technologies will gain ground, where the pain points are, and what’s on the wish list from government, innovators and the industry at large.

I hope you enjoy this issue of GovTech Review. Until next time…

Glenn Johnson, Editor gtr@wfmedia.com.au

A.B.N.

Head

gtr@wfmedia.com.au

ACTING

ART

ART/PRODUCTION

CIRCULATION

Alex

COPY

Ashna Mehta copy@wfmedia.com.au

ADVERTISING

Liz Wilson Ph 0403 528 558 lwilson@wfmedia.com.au

before the use of any equipment found or purchased through the information we provide. Further, all performance criteria was provided by the representative company concerned and any dispute should be referred to them. Information indicating that products are made in Australia or New Zealand is supplied by the source company. Westwick-Farrow Pty Ltd

Headlines

Fortinet opens new Australian headquarters

DTA signs new whole-of-government arrangement with AWS

The Digital Transformation Agency (DTA) has announced it has signed a new whole-of-government arrangement with Amazon Web Services (AWS) for a three-year term.

Security company Fortinet has opened a new Australian headquarters in North Sydney, which will act as the company’s first innovation hub in the Asia-Pacific region.

The new $75 million headquarters include what the company says is a cutting edge data centre offering in-region sovereign hosting services, secure access service edge capabilities and level three data security classification. A second on-site data centre meanwhile houses a technical assistance centre staffed with local experts that will provide testing, simulations and troubleshooting for customers.

The headquarters also include a dedicated cyber training facility offering the Fortinet Training Institute’s certification programs, which the company plans to use to support its pledge to train one million people in cybersecurity globally by the end of next year. Fortinet also partners with universities, training centres and governments across Australia to deliver cybersecurity training.

The facility has been developed with sustainability as a priority, and holds a 4-star Green Star rating for sustainable design and construction. The facility itself has solar panels on its roof, and Fortinet has committed to sourcing 100% green energy for the site’s remaining energy needs.

Fortinet has announced a strategic commitment to the Australian market, where its business has tripled over the past five years. Vishak Raman, VP for sales, SAARC, South East Asia, and ANZ, said the investments in the market underscore its pledge to advance cybersecurity resilience across the region.

“With the launch of Fortinet’s first Innovation Hub in the Asia-Pacific region, the company is not only strengthening local capabilities but also enabling enterprises, governments, and Australia’s critical infrastructure operators to drive digital resilience, accelerate innovation, and build a cyber-ready workforce,” he said. “As organisations embrace artificial intelligence and cloud, Fortinet’s cutting-edge security solutions and services, strengthened by the company’s commitment to industry-wide collaboration, ensures its customers are well-equipped to secure their digital transformation with confidence and agility.”

“With over 140 Commonwealth, state and territory public sector agencies currently using AWS to support service delivery in areas such as transport, health, education and tax, this new whole-of-government arrangement improves the value, reliability and security of cloud services in government,” said Chris Fechner, CEO of DTA. “The new AWS arrangement will drive better contract performance, vendor accountability and maximise value.”

The whole-of-government arrangement has been established with an initial three-year term, to provide flexibility, value for money and continuity of existing services.

According to the DTA, the new arrangement will reduce the time, effort and resources required to procure AWS services, supporting individual agencies in negotiations. The arrangement is a contracting framework with pre-negotiated terms and conditions, with agencies still required to undertake an approach to market to ensure a competitive outcome.

“AWS is pleased to continue our longstanding partnership with the Australian Government through this new and enhanced whole-of-government arrangement,” said Louise Stigwood, Managing Director for AWS Public Sector in Australia and New Zealand. “This arrangement includes access to more than 240 AWS services — including leading artificial intelligence, security and quantum technologies — to enable faster delivery of citizen-centric services.”

“Our investment in Australian infrastructure, workforce upskilling and support for local partners enables sustainable economic growth and technological advancement in Australia. AWS look forward to continuing our collaboration with the DTA and public sector agencies to accelerate Australia’s digital future and create lasting value for citizens.”

Fortinet headquarters in California.
Nadir Izrael*

iStock.com/da-kuk

As we move into 2025, the notion of warfare is increasingly shifting from the physical to the digital domain.

Cyberwarfare, once considered a supplementary tool for traditional military operations, has now emerged as a primary weapon for nations seeking to assert dominance or inflict damage on their adversaries without the need for physical conflict. Simply put, it is easier, requires fewer resources, and can often cause maximum damage without sustained efforts. The rise of AI-driven cyber weapons, zero-day vulnerabilities and state-sponsored cyber attacks is creating an unprecedented era of digital warfare.

THE ESCALATION OF STATESPONSORED CYBER ATTACKS Nation-states and rogue factions are rapidly integrating cyber attacks into their military arsenals, with cyber operations becoming a first-strike option in geopolitical conflicts. By targeting critical infrastructure — such as energy grids, communication networks, transportation systems and supply chains — these attacks can cripple an entire national infrastructure and create mass chaos without a single physical shot being fired. This shift toward cyberwarfare reduces the immediate risk of physical casualties, and in turn allows state actors to engage in asymmetric warfare, where a smaller, technologically advanced nation can punch well above its weight.

In 2025, we expect to see an escalation in state-sponsored cyber attacks aimed at creating widespread disruption and psychological stress. These attacks will be characterised by increased sophistication, as governments turn to advanced technologies, including AI-driven malware, to outmanoeuvre their targets.

Cyberwarfare

THE EMERGENCE OF AI-DRIVEN CYBER WEAPONS

Artificial intelligence is transforming the offensive capabilities of cyber actors. The next generation of cyber weapons will be powered by machinelearning algorithms that allow them to autonomously learn, adapt and evolve. AI-driven malware, for example, will be capable of dynamically changing its code to evade detection, bypassing advanced security measures. These AI-powered tools will be especially dangerous because they can automate much of the work currently done by human operators. The combination of speed, intelligence and adaptability makes AI-driven cyber weapons harder to defend against and far more destructive. In 2025, we may see AI-designed attacks that overwhelm cybersecurity teams by generating thousands of variants of malware or exploiting zero-day vulnerabilities faster than defenders can respond.

THE BLURRING LINE BETWEEN MILITARY AND CIVILIAN TARGETS

The distinctions between military and civilian infrastructure are rapidly blurring in the cyber domain. Hospitals, water utilities, transportation networks

and even personal smart devices have become prime targets for cyber attacks. In 2025, civilian infrastructure is expected to be on the frontlines of cyberwarfare. The risks posed to civilians — whether through disruption of essential services or direct harm via compromised healthcare systems — are no longer secondary concerns in cyberwarfare, but key objectives.

Ransomware has evolved from a financial windfall for cybercriminals to a political weapon for nation-states. These attacks will target sectors critical to national security, including health care, transportation and finance, pushing cybersecurity even further to the forefront of national defence priorities.

As cyber attacks become more frequent and targeted, the potential for significant collateral damage increases, complicating efforts to maintain societal resilience. The question we must ask is: how can we protect our most vulnerable infrastructures from the fallout of digital warfare?

UNIFIED SECURITY MANAGEMENT FOR HOLISTIC RISK PRIORITISATION

The rise of AI-driven cyber weapons and the increasingly blurred lines between military and civilian targets underscore

the need for a holistic approach to security. A ‘single-pane-of-glass’ strategy — one that consolidates security insights from diverse inputs like source code, misconfigurations and vulnerabilities — will become essential to navigating the complexities of cyberwarfare in 2025.

Unified security management platforms that integrate early warning intelligence and risk prioritisation across an organisation’s entire infrastructure will be the cornerstone of cyber defence strategies. By offering a clear, comprehensive view of security vulnerabilities, risks and threats, organisations can make more informed decisions and mitigate risks before they materialise into full-scale attacks.

EXPANDING THE SCOPE OF VULNERABILITY MANAGEMENT

In 2025, vulnerability management will expand beyond traditional vulnerabilities. Organisations will need to consider security gaps, such as compliance failures, misconfigurations and operational blind spots, as integral parts of their defence strategy.

Adopting a broader vulnerability management framework that captures the full spectrum of security risks, along with AI-based alarm deduplication, prioritisation, assignment and mitigation, will be critical in maintaining resilience in the face of evolving cyber threats.

THE WEAPONISATION OF IOT DEVICES

The proliferation of Internet of Things (IoT) devices introduces an alarming attack surface for cyber actors. From smart homes to autonomous vehicles, medical devices and Industrial IoT systems, connected devices are vulnerable to large-scale attacks that could cause physical damage or disrupt critical services. We expect to see the weaponisation of IoT devices in 2025, with cyber attacks targeting everything from individual households to nationwide infrastructures.

The rise of AI-driven cyber weapons and the increasingly blurred lines between military and civilian targets underscore the need for a holistic approach to security.

For instance, a well-coordinated attack on smart energy meters could cause massive power outages. Likewise, attacks on autonomous transportation systems could lead to chaos in major cities. As more devices come online, the potential for destructive IoT-based cyber attacks will increase exponentially.

CYBER MERCENARIES AND PROXY

ACTORS: THE HIDDEN HANDS OF CYBERWARFARE

A new breed of actors is emerging on the cyber battlefield: cyber mercenaries and proxy groups. These private contractors operate in the shadows and often conduct operations on behalf of nationstates, often with plausible deniability. The rise of these actors complicates attribution, making it harder to identify the true culprits behind a cyber attack and escalating international tensions.

In 2025, we will see increased involvement of these proxy actors, particularly in regions of political conflict, where nation-states seek to wage cyber campaigns without direct accountability. This will lead to heightened uncertainty and confusion, as attacks can no longer be easily attributed to state actors, further muddying the waters of cyberwarfare.

QUANTUM COMPUTING: THE NEXT FRONTIER OF CYBER THREATS

While quantum computing remains in its early stages, breakthroughs in 2025 may begin to challenge the security of traditional encryption methods and password complexity.

State actors that invest heavily in quantum research could gain the ability to decrypt sensitive data previously considered secure or passwords that in the past were not easily guessed. This will trigger a race to develop quantumresistant encryption standards and new password methodologies, but until then, the threat of quantum-enabled cyber attacks looms large.

CYBER ESPIONAGE AND THE RACE

FOR EMERGING TECHNOLOGIES

Intellectual property theft and cyber espionage are likely to intensify as nation-states seek to gain competitive advantages in emerging technologies, including AI, biotechnology and quantum computing. The strategic importance of these technologies cannot be overstated, as they are central to the future of economic and military power. In 2025, we expect to see more targeted attacks on research institutions, tech companies and critical infrastructure linked to these innovations.

GLOBAL CYBERSECURITY COOPERATION BREAKDOWNS

As cyberwarfare tactics become more sophisticated and geopolitical stakes rise, we may see a breakdown in international cooperation on cybersecurity. Distrust between nations and diverging national interests could lead to fragmented defence efforts, making it harder to mount a unified response to global cyber threats. In 2025, the challenge will be technical as well as political, as nations navigate the complex terrain of cyber diplomacy.

To strengthen the response to cyber attacks, organisations, vendors and governments should prioritise collaboration, information sharing and trust building through public–private partnerships and international coalitions. Standardising global cybersecurity frameworks and promoting shared certification programs can improve defence alignment, while regular cyber diplomacy summits and confidencebuilding measures can promote trust and cooperation between nations. Expanding AI-powered threat intelligence networks and establishing national and international cyber defence task forces will enhance real-time response capabilities.

NAVIGATING THE FUTURE OF CYBERWARFARE

As we enter 2025, state-sponsored chaos, AI-driven weaponry, and the blurred lines between civilian and military targets will define the cyber domain. To defend against these rising threats, we must adopt holistic security strategies that identify and prioritise risk across the entire digital ecosystem. Equally important will be fostering international collaboration, as cyberwarfare knows no borders, and the only way forward is through collective defence. The time to act is now, as the stakes have never been higher.

*As CTO, Nadir Izrael guides the technology vision for Armis, which he co-founded in 2015 with his friend and army colleague, Yevgeny Dibrov, after the two started looking for new and interesting problems to solve in technology. Prior to founding Armis, Nadir spent four years as a senior software manager at Google, working on Google Maps and Google Autocomplete. Nadir holds Bachelor of Science degrees in computer science and physics from the Technion – Israel Institute of Technology.

JOHN HOPPING

DIRECTOR OF SALES ENGINEERING ASIA PACIFIC, ENTERPRISE WIRELESS SOLUTIONS, ERICSSON

HOW WILL NEW GOVERNMENT POLICIES AFFECT THE ROLLOUT OF AI IN ORGANISATIONS?

The Australian Government policy on Artificial Intelligence in Government aims to protect Australians from harm; ensure that AI risk mitigation is proportionate and targeted; and ensure that AI use is ethical, responsible, transparent and explainable to the public. While not mandated, the government advises the private sector to implement this policy as well.

We think organisations will want to take it one step further and tell the public how they’re mitigating the security risks associated with AI. This means considering things like network isolation as a digital air gap, where data and systems are separated, operating in distinct, self-contained environments that can’t be accessed from adjacent networks. This limits the lateral movement of threats within a network that has been breached, reducing the likelihood of widespread compromise.

Organisations will also need to consider a 5G network, whether through a wireless wide area network (WWAN) or a private network, to enable the transfer of large amounts of data with low latency and a more secure connection.

HOW CAN PUBLIC AGENCIES BE BEST PREPARED FOR THE CYBERSECURITY THREATS THEY WILL FACE IN THE NEAR FUTURE?

The growing use of IoT in more places and hybrid working models have resulted in an increase in the number of attack vectors that cybercriminals can attempt to hack through. 5G enables government agencies flexible and fibre-fast performance, enabling Wireless WAN connectivity and forward-looking innovation for fixed and temporary locations, vehicles, and IoT applications. While 5G is inherently quite secure, the more end points attached to any network, the larger that organisation’s attack surface.

Ericsson 5G SASE is SASE optimised for companies who want to use 5G to connect this growing number of devices. By delivering zero-trust connectivity, features that include deny-all by default and blocking of east/west traffic mean that if an intruder enters one part of the network, they are unable to move laterally to other parts of the network.

WHAT CAN PUBLIC SECTOR ORGANISATIONS AND THEIR SUPPLIERS DO TO MANAGE THE RISKS OF INCREASING COMPLEXITY?

‘Appification’ has resulted in customers, contractors, and partners — the whole supply chain — accessing applications

LEADERS IN TECHNOLOGY 2025

from devices that are unmanaged and therefore risky, not to mention employees using their own devices to access sensitive data.

As part of its 5G SASE, Ericsson offers Web Application Isolation, which enables employees to access public cloud applications and private or web-based corporate applications while providing secure access from unmanaged devices of third parties and employees.

Air-gapping applications and data from malware or security threats on a device means users on any managed or unmanaged device can still access applications. Easy-to-set granular policy controls can restrict access and data usage on a least-privilege basis and enforce per-user browser controls to prevent data loss.

PRIVACY, DATA SECURITY AND EXCEPTIONAL CUSTOMER EXPERIENCE… CAN THEY COEXIST?

The expectation from customers — whether in the public or private sector — is that everything is connected. Everyone wants information at the touch of a button. So, when we talk about good customer service, organisations need to be ‘always on’. Ericsson Enterprise Wireless Solutions enable organisations to get reliable, secure and fast connectivity in areas where wires can’t go, or as a failover solution to fibre or satellite connectivity.

We have organisations that use us for primary connectivity. This might be because they don’t have fibre connectivity available at their location, or because they move or open new locations frequently and waiting for fibre connectivity delays them from starting operations.

In the case where organisations are using us for failover, this might be because they experience frequent outages on their fibre network, or perhaps in vehicles where satellite might be used as primary connectivity but does not work well in urban and densely built-up areas.

John Hopping is Director of Sales Engineering Asia Pacific, Enterprise Wireless Solutions at Ericsson, with nearly 30 years of experience in the IT sector. His previous experience includes technical roles at Optus, BT, Procter & Gamble and BristolMyers Squibb.

LULU SHIRAZ

SENIOR DIRECTOR - SALES, VERTIV AUSTRALIA AND NEW ZEALAND LEADERS IN TECHNOLOGY 2025

HOW WILL NEW GOVERNMENT POLICIES AFFECT THE ROLLOUT OF AI IN ORGANISATIONS?

As sustainability becomes an increasing regulatory focus, companies adopting AI will need to optimise their energyintensive data operations. Vertiv’s energy-efficient cooling, power and management solutions are well aligned with this shift, helping organisations select technologies that not only support AI workloads but also minimise their environmental impact. We assist businesses in developing efficient infrastructure strategies to comply with emerging green AI mandates while reducing operational costs.

Our infrastructure solutions are specifically engineered with sustainability in mind, enabling clients to reduce energy consumption and align with government sustainability targets. For instance, Vertiv’s heat management and liquid cooling technologies offer advanced options to manage both energy and water use more efficiently, ensuring that organisations can meet their operational and environmental goals.

WHAT CAN PUBLIC SECTOR ORGANISATIONS AND THEIR SUPPLIERS DO TO MANAGE THE RISKS OF INCREASING COMPLEXITY?

One of the most significant risks associated with the increasing complexity of modern technology is underestimating the critical role that power and cooling infrastructure plays in supporting IT systems. As organisations integrate more advanced technologies — from AI and edge computing to data centres and cloud services — the demand on these systems intensifies. Without robust and scalable power and cooling solutions, even the most sophisticated IT infrastructure can be compromised by unexpected downtime, overheating or inefficiencies. Properly designed power and cooling systems are not just a necessity; they are fundamental to ensuring the reliability, performance and longevity of increasingly complex technological environments. Therefore, AI and high-performance computing (HPC) require enhanced infrastructure resilience. As systems become more intricate, the demand for reliable infrastructure to prevent downtime grows. Vertiv’s UPS systems and energy-efficient cooling solutions provide the foundational reliability needed to support public sector workloads, from day-to-day operations to emergency scenarios.

On the other hand, complexity often arises from managing on-premises, cloud and hybrid infrastructures. Vertiv’s solutions seamlessly integrate with cloud environments, enabling public sector organisations to create hybrid setups that maintain efficiency and control over critical data. At the same time, Vertiv’s edge computing solutions ensure that critical applications remain functional and secure in remote or distributed environments, enabling real-time data processing and minimising latency.

Moreover, as public sector needs evolve, scalable infrastructure becomes essential. Vertiv’s modular data centre solutions allow organisations to adapt quickly, increasing or decreasing capacity without major disruptions, and offer a highly flexible, scalable and efficient approach to meeting the growing demands of modern IT infrastructure. These pre-engineered, factory-tested systems enable faster deployment, reducing build times and operational delays. Organisations can scale their data centre capacity incrementally, ensuring they only invest in what they need at any given time, making it ideal for dynamic environments. Designed with energy efficiency in mind, Vertiv’s modular solutions help reduce operational costs while meeting sustainability goals through advanced power and cooling technologies. The modular design also enhances reliability, with each unit rigorously tested to minimise the risk of downtime and ensure optimal performance. These solutions are particularly suited for edge and hybrid cloud environments, providing low-latency access to data and seamless integration with existing infrastructures. Vertiv’s modular data centres enable organisations to futureproof their operations, adapt to evolving technology, and support critical workloads in an increasingly complex digital landscape.

An equally important aspect to mitigate risk is real-time remote monitoring across complex systems, enabling proactive maintenance and rapid response to potential issues. By using data-driven insights, organisations can make informed decisions, prevent disruptions and reduce downtime. Similarly, using predictive analytics and AI-driven tools to anticipate equipment failures can help mitigate risks. Vertiv’s integrated monitoring tools and predictive maintenance solutions can greatly assist the public sector in these areas, extending equipment life and enhancing operational continuity.

By implementing these strategies, Vertiv empowers public sector organisations and their suppliers to manage the risks associated with increasing complexity while ensuring infrastructure resilience, flexibility and sustainability.

LuLu Shiraz is the Senior Director of Sales for Australia and New Zealand (A/NZ), overseeing the growth of Vertiv’s local presence across its enterprise, colocation, telecommunications (telco), channel, and service divisions.

A seasoned professional in the A/ NZ information technology and telecommunications (IT&T) industry, LuLu brings over 20 years of experience, with a proven track record of building and leading high-performance sales teams with a customer-centric approach.

Before joining Vertiv in June 2021, LuLu held leadership roles at multinational technology companies such as Telstra, Oracle, and

JASON MACBRIDE

REGIONAL DIRECTOR FOR AUSTRALIA AND NEW ZEALAND, NEAT

HOW WILL NEW GOVERNMENT POLICIES AFFECT THE ROLLOUT OF AI IN ORGANISATIONS?

New government policies will significantly impact AI rollout by emphasising more robust security, compliance and data governance. Organisations must meet requirements for transparency and accountability by specific deadlines.

For example, the National Framework for AI Assurance ensures that AI technologies are deployed safely and responsibly, enhancing trust and innovation. The Cyber Security Bill 2024 mandates reporting cyber threat incidents. For organisations, this means a greater focus on compliance, integrating tighter data governance and more advanced security measures. These policies will help Australian businesses leverage AI for innovation while maintaining ethical standards.

WHAT CAN GOVERNMENT AGENCIES AND THE TECH INDUSTRY DO TO INCREASE DIVERSITY IN THE WORKPLACE?

Australian organisations are expanding diversity, equity and inclusion practices beyond gender equality to include more under-represented groups. The government also recently announced a strategy to achieve cultural diversity in senior leadership across the Australian Public Service to better reflect the community it serves.

As hybrid workspaces continue to evolve, the public sector can employ improvements in digital innovation to enhance workplace inclusivity. For example, height-adjustable portable boards deliver more meeting flexibility for all participants regardless of any mobility issues, with wheelchair users able to easily participate. Similarly, advanced audio technology can improve dialogue clarity for those with hearing impairment, and auto dynamic framing technology can help workers relying on visual and auditory cues to follow conversations seamlessly.

WHAT

SPECIFIC TECH SKILLS WILL BE IN HIGH DEMAND IN 2025?

As we are already seeing, people with experience in AI and machine learning are invaluable due to current skill shortages in the tech sector. Data analytics skills will be essential for analysing AI-generated data, as demand for real-time insights continues to grow.

Cybersecurity expertise will also be in demand due to the increasing volume of cyber threats. Companies adopting AI will prioritise securing sensitive data, with 88% of ANZ CIOs focusing on cybersecurity investments in 2025, according to Gartner. CISO skills will continue evolving to translate complex cyber risk practices into business benefits and ROI measures that the board can more easily understand. AI will also drive

IN TECHNOLOGY 2025

the development of intelligent video collaboration tools and enhance user experience.

HOW CAN PUBLIC AGENCIES BE BEST PREPARED FOR THE CYBERSECURITY THREATS THEY WILL FACE IN THE NEAR FUTURE?

Cybersecurity threats like deepfake scams are rising with AI adoption, and globally, deepfakes have increased 10-fold across all industries in 2023. Closer to home, Mastercard research shows 20% of Australian businesses faced deepfake threats in the past year, with 12% falling victim.

It’s crucial to not only review and strengthen cybersecurity posture, but also to educate employees on recognising common social engineering tactics through real-life and virtual training scenarios. Implement user authentication protocols such as multi-factor authentication, facial recognition and AI-driven threat detection and response systems to fight AI-powered scams, ensure robust internal processes and business transparency.

Neat’s video collaboration solutions help public agencies maintain seamless and encrypted communication, ensuring they can operate efficiently while safeguarding against cyber threats.

WHAT CAN PUBLIC SECTOR ORGANISATIONS AND THEIR SUPPLIERS DO TO MANAGE THE RISKS OF INCREASING COMPLEXITY?

Government agencies should look at ways to create more meaningful digital experiences that go beyond the technology, remove IT complexity and simplify the user experience. By prioritising intuitive and user-friendly video solutions, agencies can transform the way people collaborate both in and outside of the office.

As the demand for innovative video solutions grows, these solutions not only enhance productivity but also foster genuine connections and seamless communication, making meetings more impactful. This trend will transform how public sector organisations operate, allowing them to navigate complexity more efficiently, ensure smoother operations and achieve better outcomes.

Jason MacBride, Neat’s Regional Director for Australia and New Zealand, leads the expansion of Neat in the region, ensuring that clients and partners maximise the benefits of their Zoom Rooms and Microsoft Teams Rooms. With over two decades of experience, he is a seasoned solutions specialist with expertise spanning multiple industries.

Lysandra Schmutter*

Government agencies often face challenges related to repetitive administrative tasks, overwhelming volumes of data, and inefficient processes that consume valuable resources and impact productivity.

At the same time, citizens are seeking greater transparency from public institutions, more streamlined ways to interact with government services, and easier access to essential resources — without the frustration of navigating complex websites or bureaucratic hurdles.

LEVERAGING AI FOR SMARTER DECISION-MAKING

Artificial intelligence is emerging as a game changer in helping public sector organisations enhance decision-making, optimise service delivery and boost operational efficiency. AI-powered agents are already demonstrating their ability to process vast amounts of data at remarkable speeds, generate actionable insights, automate numerous workflows, and improve the quality of services available to the public.

Looking ahead, the next wave of innovation involves multi-agent AI systems and a concept known as ‘Agentic AI’, where AI-driven systems will go beyond automation to assist human workers by interpreting complex information, setting objectives, and continuously learning from large datasets to take proactive actions.

WHAT IS AGENTIC AI AND HOW IS IT DIFFERENT FROM OTHER AI?

Agentic AI represents a new breed of artificial intelligence that goes beyond passive automation and reactive responses. Imagine AI systems that don’t just follow instructions, but actively pursue objectives, learn from their experiences, and make independent decisions. This is the essence of agentic AI. These systems are designed with specific goals in mind, whether it’s optimising complex operations,

enhancing citizen engagement, or streamlining government processes. They act as proactive problem-solvers, anticipating and addressing challenges before they escalate.

What truly sets Agentic AI apart is its ability to adapt and learn. These systems don’t just execute pre-programmed routines; they continuously analyse data, identify patterns and refine their decisionmaking processes. It’s like the difference between a calculator that simply provides answers and a personal assistant who anticipates your needs and takes initiative. This allows them to become increasingly effective over time, handling more complex tasks and navigating dynamic environments. By taking on these responsibilities, Agentic AI frees up human workers to focus on strategic planning, creative problem-solving, and tasks that require uniquely human skills.

The Agentic AI approach is particularly well suited to addressing the needs of public sector organisations in three key ways.

IMPROVED EFFICIENCY

Think of an AI multi-agent system as your team of expert co-workers, available 24/7, with the knowledge you need to collaborate on complex tasks.

Decisions are made in the context of specific use cases. Patterns and trends that traditional methods may have missed are identified, and complex workflows are adjusted in real time as circumstances evolve. This allows human workers to focus on highervalue tasks, representing a significant shift towards augmenting workers with intelligence tailored to their roles.

Agentic AI has the potential to significantly enhance efficiency for public sector workers by automating tasks and providing valuable support in real time. Imagine a knowledge-retrieval agent that can instantly access a vast database of tax regulations, policies and procedures, providing accurate answers to complex queries from both

Artificial intelligence is emerging as a game-changer in helping public sector organisations enhance decision making, optimise service delivery, and boost operational efficiency.

colleagues and citizens. This eliminates the need for time-consuming manual searches and ensures consistent, up-todate information.

Furthermore, a sentiment analysis agent can monitor the tone and sentiment of callers in real time, alerting the human agent if the caller is becoming frustrated or upset, and even suggesting appropriate responses to de-escalate the situation and improve communication and service delivery. This allows for more empathetic and effective interactions, ultimately improving citizen satisfaction.

Finally, a follow-up agent can automate administrative tasks by scheduling and managing follow-up actions, such as sending emails or scheduling callbacks, ensuring that no task is overlooked and reducing the administrative burden on staff.

This frees up valuable time for public sector workers to focus on more complex and strategic tasks that require human expertise.

IMPROVED GOVERNMENT OUTCOMES

With careful implementation, the multiagent approach to AI has the potential to revolutionise public services, delivering transformative outcomes that extend far beyond improvements in efficiency and engagement methods. Decisions that once took days or weeks could be made

Agentic AI

in a fraction of the time using Agentic AI. For instance, determining eligibility for grants, allowances, or support services, and potentially even tax breaks, could be automated. This not only accelerates service delivery but also ensures fairness and consistency in decision-making.

Moreover, these agents can be used to enhance data interpretation, leading to improvements in areas like fraud detection, which in turn could result in increased revenues to reinvest in public services. By identifying and preventing fraudulent activities, governments can protect valuable resources and ensure they are used effectively. Finally, Agentic AI excels at processing and analysing vast volumes of data to provide actionable insights for policymakers and service providers. This data-driven approach can lead to more informed decisions, a better allocation of resources and, ultimately, more effective public services that truly meet the needs of citizens.

BETTER CITIZEN EXPERIENCES

Agentic AI offers the potential to not only increase capacity but also significantly improve the experiences offered to citizens across various public services. By gathering and analysing individual citizen data, it can provide personalised recommendations for services or benefits, ensuring that citizens receive the information most relevant to their needs. This tailored approach moves away from the ‘one-size-fits-all’ model, acknowledging the unique circumstances and requirements of each individual. AI can adapt communication styles and language based on citizen preferences, making interactions more user-friendly and accessible, particularly for vulnerable groups or those who may face challenges navigating complex government systems. Perhaps most importantly, Agentic AI can facilitate early intervention by identifying patterns that indicate potential issues for citizens, such as financial distress or health risks, and alert relevant authorities to

intervene proactively. This preventative approach can help mitigate the severity of problems before they escalate, leading to better outcomes for citizens and reducing the strain on public resources. By simplifying interfaces and providing contextual understanding, Agentic AI also opens the door to improving access to and use of the data sources available across multiple government departments, empowering citizens with the information they need to make informed decisions and engage effectively with public services.

Our observation is that governments are still in the relatively early stages of harnessing, deploying and operationalising Agentic AI. We see the adoption of AI has slowed in comparison to other industries, as the Australian Government focuses on establishing clear policies and guardrails that ensure AI adoption is secure, protects Australians’ personal information, is adopted with transparency and is ethical.

AI agents have the potential to transform public sector efficiency and elevate citizen engagement to new heights. By automating time-consuming tasks, AI systems can significantly improve government operations and decision-making processes. This allows for human workers to focus on more meaningful and impactful tasks. This shift not only enhances the efficiency of public sector organisations but also ensures citizens receive faster support

for critical services such as grants, visas and other government assistance, making processes more streamlined and accessible. As AI continues to evolve, the public sector has a unique opportunity to harness its power to create smarter, more responsive and more inclusive government systems that better serve the needs of society.

The policies the Australian Government have now established are fundamental for government — not only to earn public trust, but to ensure they can achieve equitable outcomes that are sustainable for all Australians. The question will now be how quickly government can accelerate adoption, to keep pace with productivity demands and the speed that other countries are investing in AI.

*Lysandra Schmutter is Industry General Manager, Federal Government, DXC Technology, and has over 30 years’ experience partnering with state and federal governments in Australia and Asia Pacific. Based in Canberra, she brings a comprehensive understanding of the region and deep public sector insight that will create momentum and enhance strategies and teams to deliver impactful outcomes for DXC’s customers.

Headlines

Victorian Government awards Motorola Solutions $500 million comms contract

The Victorian government has awarded Motorola Solutions a fresh 10 year, $500 million contract to maintain and enhance the Metropolitan Mobile Radio network used by the state’s emergency services agencies.

The contract with the state’s Department of Justice and Community Safety will extend operation of the land mobile radio

Kaspersky products banned from government systems and devices

On 21 February the Department of Home Affairs issued a mandatory direction banning the use of all Kaspersky Labs products on federal devices.

The direction is intended “to prevent the installation of Kaspersky Lab, Inc. products and web services from all Australian Government systems and devices”.

network through to 2035. Motorola Solutions originally designed and deployed the network for the state government in 2005.

As part of the contract, the Marine Search & Rescue department will be brought on board the network for the first time. Existing users include Victoria Police, Ambulance Victoria, Fire Rescue Victoria, Victoria State Emergency Service and Life Saving Victoria. The agreement also involves the delivery of 24/7 support and service, to help keep the network and its fleet of more than 32,000 radios optimised and performing well.

Meanwhile Motorola will deploy its cloud-based SmartConnect service to expand coverage of the network by allowing radios to switch to broadband, Wi-Fi and satellite networks when outside of radio coverage areas.

Ambulance Victoria’s regional fleet will also be provided with state-wide coverage through the deployment of 1600 cutting-edge APX NEXT all-band smart radios and an additional 750 APX services multi-band mobile radios.

The network has been used to support public agencies’ response to major crises including the 2023 flood crisis and 2009 Black Sunday bushfires. In the past 12 months alone, more than 50.5 million push-to-talk radio calls were made using the network.

The direction, made under the Protective Security Policy Framework (PSPF), also requires federal entities to remove all instances of Kaspersky’s products.

The Department has assessed that the software poses an unacceptable security risk to Australian government, networks and data, “arising from threats of foreign interference, espionage and sabotage”.

“I also considered the important need for a strong policy signal to critical infrastructure and other Australian governments regarding the unacceptable security risk associated with the use of Kaspersky Lab products and web services,” said Stephanie Foster, Secretary of the Department of Home Affairs.

All traces of Kaspersky need to be removed from all systems and devices by 1 April this year.

Headlines

VicRoads launches passkeys to enhance online security

VicRoads has rolled out an initiative to enhance customer online security with the introduction of passkeys, offering a simpler and more secure way for customers to access their myVicRoads accounts.

Using fingerprints, facial recognition, a PIN or a swipe pattern, passkeys eliminate the need for a password and provide more security for VicRoads customers by reducing the risk of phishing attacks. VicRoads joins Telstra, myGov and UBank as one of the first organisations in Australia to introduce passkeys.

Crispin Blackall, VicRoads Chief Technology Officer, said the introduction of passkeys is a key milestone in the organisation’s digital transformation and aligns with its focus on modernising registration and licensing products and services.

“The introduction of passkeys is a demonstration of our

commitment to our 4.8 million myVicRoads customers, and the experience they have when interacting with our services,” he said. “It’s fantastic to see our customers are already embracing the technology. Our introductory pilot program has resulted in the creation of over 200,000 passkeys, with adoption on the latest smartphones, tablets and computers that support passkey technology exceeding 50%.”

The announcement follows new research from the FIDO Alliance which found growing consumer demand for passkey adoption as individuals increasingly recognise the limitations of passwords, preferring more secure and customer-friendly authentication methods.

“Customers are quickly realising the benefits of passkeys,” said Andrew Shikiar, CEO and Executive Director of the FIDO Alliance. “Since passkeys first launched in 2022, more than 20% of the world’s top 100 websites and services have now adopted the technology.

“This accounts for more than 13 billion accounts worldwide that can use passkeys to log in.”

VicRoads registers more than 6 million vehicles annually and licenses more than 5 million drivers. VicRoads Registration & Licensing operates as a joint venture partnership with the Victorian Government, Aware Super, Australian Retirement Trust and Macquarie Asset Management.

Government sets procurement criteria for Australian businesses

The federal government has announced that Australian businesses seeking to win Commonwealth procurement contracts will now need to meet a definition of an official ‘Australian business’.

To qualify as an Australian business, companies will have to have local tax residency, be principally operated in Australia and have more than 50% local ownership. There is also updated guidance on considering broader economic benefits through government tender processes.

processes will help make them more competitive, and guide future initiatives to better support them.”

In addition, the government is also issuing ‘Broader economic benefits in ICT sector procurement’ planning and engagement guidance to assist ICT businesses navigating Commonwealth procurement, acknowledging the importance that the ICT sector plays in procurement — making up approximately 15% of Commonwealth procurement commitments.

Defining an Australian business for the purposes of procurement has long been advocated for by the business sector and will ensure greater transparency, provide better insight into who is winning Commonwealth tenders, and assist in making businesses more competitive in tendering.

“Procurement is one of the most important economic levers government has — helping to grow our economy, support small and medium businesses, and benefit Australian workers and consumers,” said Minister for Finance Katy Gallagher.

“Being able to easily identify Australian businesses in tender

The government says this plan builds on improvements already made to the Commonwealth Procurement Framework to support Australian businesses and SMEs to win government work.

Commonwealth Government procurement is a major economic lever, with on average around $70 billion and 80,000 contracts committed to each year.

From 2025–26, businesses on the Whole of Australian Government Panel arrangements will be able to report their Australian business status in line with the definition on the Australian Government’s Supplier Portal, with this opportunity expanded to all AusTender-registered businesses in the future.

PHIL ZAMMIT

PHIL ZAMMIT, VICE PRESIDENT FOR THE APAC THEATRE, AVAYA LEADERS IN TECHNOLOGY 2025

HOW WILL NEW GOVERNMENT POLICIES AFFECT THE ROLLOUT OF AI IN ORGANISATIONS?

The outburst of excitement around AI was met quickly with caution. The federal government’s AI guardrails alongside the OAIC’s guidelines on the use of data for generative AI training are essential foundations to fulfil the AI aspirations of the nation’s private sector.

In August, ‘Right to Disconnect’ laws for larger employers also came into effect, and there is an opportunity to leverage AI to comply with these laws.

With AI, businesses have the chance to optimise workflows and enforce healthier work boundaries. For example, companies can empower staff with AI to handle routine tasks, such as data retrieval or data entry. For a customer service professional, this can reduce average handling time and after-call documentation with a single view of customer and automated admin support.

WHAT SPECIFIC TECH SKILLS WILL BE IN HIGH DEMAND IN 2025?

Organisations are navigating the chasm between current capabilities and evolving customer expectations. Navigating it effectively requires stepping back and taking a holistic approach to customer service, which integrates customer experience with employee experience.

It is expected significant portions of the AU$147 billion IT spend in Australia will go toward bridging the gap between current CX and EX platform capabilities. Because humanled skills and experience is critical to manage the complex needs of customers, it demands the same level of advanced capabilities companies typically already offer their customers.

As these EX investments trickle through 2025, there will be a push around employee digital literacy skills. It is critical workers know how to use advanced technologies such as AI to safely and effectively augment their customer service output to not only improve retention, but maximise the new tech’s ROI and promote safe application.

WHAT CAN PUBLIC SECTOR ORGANISATIONS AND THEIR SUPPLIERS DO TO MANAGE THE RISKS OF INCREASING COMPLEXITY?

In an environment where funds are limited, it’s critical to consider how pragmatic, foundational investments minimise

complexity, and project upward through an organisation to maximise return on investment. For example, it is well known that customer service makes or breaks a business. For the public sector, agencies have a duty to serve their constituents with the same level of competitive service. But often, the prospect of abrupt changes in business communication infrastructure carries high risks, including potential disruptions to operations and customer service continuity.

Through targeted tests and pilots, a pragmatic transformation approach allows government agencies to build on what is already proven to work by leveraging familiar processes, systems and technology as a baseline for new capabilities. This improves the success rate in which new services and channels are introduced for specific use cases, and allows agencies to explore advanced capabilities, like generative AI, without disrupting workflows.

PRIVACY, DATA SECURITY AND THE EXCEPTIONAL CUSTOMER EXPERIENCE… CAN THEY COEXIST?

A recent survey by Statista found that 61% of brand interactions are occurring digitally, and there’s heightened expectation for organisations to anticipate the personalised needs of their customers. To deliver this degree of customer service, it is crucial to have a full, accurate view of who they’re serving. And the data they use needs to be ethically obtained and securely held.

Digital privacy, data security, and customer service can coexist. Customer service systems must be built to address vulnerabilities, with customer service professionals adequately trained in digital literacy to ensure their efforts, including communication with customers, are protected and informative.

Based in Sydney, Phil Zammit is Vice President for the Asia-Pacific theatre for Avaya, including Japan, Greater China and India. Phil has previously had extensive success in CX leadership at Zoom, Cisco, AWS and Telstra, among others. He has a reputation for developing high-performing teams through regional business strategies to address local market needs.

PHISHING-RESISTANT MFA ELEVATING SECURITY STANDARDS IN THE PUBLIC SECTOR

PHISHING REMAINS A SIGNIFICANT ISSUE FOR GOVERNMENT AGENCIES, AND CURRENT MFA SOLUTIONS OFTEN FALL SHORT IN ADDRESSING THE THREAT.

In October 2024, the Australian Government introduced the Cyber Security Bill 20241, its first standalone Cyber Security Act. This legislation comes at a crucial time, as escalating cyberthreats, such as ransomware and phishing attacks, demand stronger protective measures. The ongoing nature of this issue is evident, with recent incidents showing Iranian hackers targeting Australian services2 through pushbomb attacks, brute-force tactics, and password spraying.

THE GROWING THREAT OF PHISHING ATTACKS

A report from the Office of the Australian Information Commissioner (OAIC)3 revealed that phishing and credentialharvesting attacks are among the most frequent threats faced by Australian government agencies and their services, such as myGov, Centrelink or the Australian Taxation Office.

Alongside these findings, user reviews of government services frequently appear online, with daily concerns about breached account and phishing attempts. In just the first

quarter of 2024, an alarming 1.8 million user accounts across different apps and services were compromised in Australia. What might seem like a bad dream is an ongoing issue for everyday Australians trying to access government services.

As cyber attacks continue to intensify, government agencies remain prime targets, with phishing being a persistent and significant threat. This growing risk highlights the urgent need for stronger, phishing-resistant authentication methods, as phishing attempts are becoming increasingly sophisticated. AIgenerated deepfakes posing as trusted individuals, and fake websites that are indistinguishable from legitimate ones are ubiquitous, yet security measures seem to barely keep pace. Even for those carefully trying to look out for these attacks, it’s almost impossible to avoid getting caught up in these schemes.

A solution to many of the phishingrelated issues has been on the horizon for a while, and plenty of organisations are already adopting it: passkeys — a phishing-resistant, user-friendly authentication method based on publickey cryptography, developed by the FIDO Alliance.

This article explores why phishing remains such a critical problem for the public sector and discusses why phishing-resistant methods like passkeys are becoming essential to safeguarding sensitive data in the public sector.

WHY THE PUBLIC SECTOR IS A PRIME TARGET FOR CYBERCRIMINALS

The vast amount of sensitive data held by the public sector — ranging from citizen records to financial and healthcare information — makes it an attractive target for cybercriminals. Phishing attacks, in particular, are commonly used to gain access to user credentials, which can then be exploited or sold on lucrative black markets due to their highly personal nature. The public sector is especially valuable because it stores detailed information that can be misused for identity theft, including real names, email addresses, payment details, health records, physical addresses and driver’s licence numbers, among other sensitive data. Notably, in the first six months of 2024, the Australian government sector experienced the second-highest number of data breaches, after the

health sector.3 High-profile incidents, such as the Service NSW breach4 in 2020, resulted in unauthorised access to approximately 5 million documents, 10% of which contained sensitive personal data, relating to up to 186,000 individuals. This breach occurred after cybercriminals successfully compromised 47 staff email accounts through a series of phishing attacks.

A typical phishing attack might involve a fraudulent email, for example, purporting to be from Service NSW, luring users to a fake Service NSW login page. Once their credentials are stolen, these are quickly sold on dark web marketplaces, leading to compromised bank accounts and identity theft. Most of the time, citizens have limited options regarding which government agencies they share their personal information with, as they depend on the online services these agencies provide. A breach at even one of these agencies could be disastrous, putting every citizen at risk. This scenario plays out daily across Australia — but solutions like passkeys, which prevent users from entering credentials on fake websites, are starting to make a real difference.

LIMITATIONS OF TRADITIONAL MFA SOLUTIONS

While multi-factor authentication (MFA) has become a good practice for securing accounts and avoiding phishing traps, not all MFA methods offer the same level of protection. Solutions like SMS-based MFA, though an improvement over password-only authentication, are still vulnerable to sophisticated attacks such as SIMswapping and man-in-the-middle breaches.

As governments continue to digitise services — from healthcare portals to social security systems to tax services — the need for more resilient MFA solutions has become urgent. The vulnerability of traditional MFA methods reveals a critical gap in the security landscape, one that more advanced phishing-resistant technologies are designed to address.

PHISHING-RESISTANT MFA

To address these concerns, governments are increasingly focusing on phishingresistant MFA technologies like passkeys and hardware security keys. Australia’s Essential Eight cybersecurity framework has highlighted this shift by recently strengthening its requirements for phishing-resistant MFA across all maturity levels. Unlike traditional MFA, phishing-resistant MFA with passkeys relies on public-key cryptography and domain-binding, creating an environment that is immune to phishing. Even if an attacker sends a phishing email, the user is still safe, as there is no way to trick the user into revealing the private key of a passkey in a fake website.

This approach significantly reduces the cybersecurity risks faced by the public sector, making it a crucial strategy in modernising security protocols. To make meaningful progress in protecting citizens, government agencies must move away from password-based authentication and traditional MFA methods to fully embrace phishingresistant passkeys, a viable solution for all demographics.

CONCLUSION

Phishing remains a significant issue for government agencies in Australia, and current MFA solutions often fall short in addressing this growing threat. The Australian Government’s Cyber Security Bill 2024 signals a turning point — but real progress will depend on implementing advanced, phishing-resistant solutions like passkeys which are the only viable option for large-scale usages.

The Australian Government’s updated cybersecurity strategy and revisions to the Essential Eight framework reflect the increasing need for secure, userfriendly authentication methods to safeguard the public sector. By adopting these advanced solutions, government agencies can better protect sensitive data, mitigate the risk of cyber attacks, and set new standards for cybersecurity best practices across the public sector.

1. Department of Home Affairs 2024, Introduction of landmark Cyber Security Legislation Package, <<https://www. homeaffairs.gov.au/news-media/archive/ article?itemId=1247>>

2. Australian Signals Directorate 2024, Iranian cyber actors’ brute force and credential access activity compromises critical infrastructure, <<https://www.cyber. gov.au/about-us/view-all-content/newsand-media/iranian-based-cyber-actorscompromising-critical-infrastructurenetworks>>

3. Office of the Australian Information Commissioner 2024, Notifiable data breaches report January to June 2024 , <<https://www.oaic.gov.au/__data/ assets/pdf_file/0013/242050/Notifiabledata-breaches-report-January-toJune-2024.pdf>>

4. Service NSW 2020, Service NSW cyber incident, <<https://www.service.nsw.gov. au/services/cyber-security/service-nswcyber-incident>>

*Vincent Delitz is Managing Director at Corbado, a passkeys-as-aservice company specialising in large-scale deployments. With a focus on innovative, phishing-resistant MFA solutions, Vincent works closely with enterprises to improve user security, reduce SMS OTP costs, and streamline login experiences through passkeys.

iStock.com/aprott

ADOPT OR LAG DIGITAL WORKSPACES IN GOVERNMENT

EMBRACING DIGITAL WORKPLACES WILL BENEFIT AUSTRALIAN GOVERNMENT AGENCIES AND ENABLE A TRANSFORMATIVE SHIFT IN PUBLIC SERVICE CAPABILITIES.

The Australian Data and Digital Transformation Strategy1 envisions a government that is modernised, secure and citizen-focused by 2030. However, without taking bold steps towards adopting digital workspaces, government agencies will struggle to meet the rising expectations of citizens. This is not only about implementing technology: it is about overhauling how government agencies operate, collaborate and deliver services in an increasingly connected and digital world.

THE CASE FOR DIGITAL WORKSPACES IN GOVERNMENT

operations more fluid and less siloed. They promote real-time collaboration between agencies, easy access to up-to-date information, and support with making informed decisions quickly. This becomes especially crucial in service-heavy agencies such as health care, transport and social services, where real-time data access can make or break the delivery of services to citizens. Platforms such as myGov, which integrates crucial government agencies such as the Australian Taxation Office and Medicare, highlight the potential of a connected, efficient digital workspace.

A digital workspace is an integrated environment that fosters collaboration, enhances employee engagement and agility, and harnesses advanced technologies for optimal productivity. This ecosystem seamlessly combines various applications, data devices and services, working in unison to offer a streamlined and empowering digital experience.

As hybrid and remote work become permanent fixtures in Australian government agencies, the case for digital workspaces is stronger than ever. They allow for streamlined communication and data sharing across departments, making

When combined with artificial intelligence (AI), digital workspaces can be particularly transformative. AI-driven tools enable the automation of routine tasks, freeing government employees to focus on more meaningful work, such as problem solving, policy analysis and service improvement. By removing repetitive and time-consuming tasks, AI enhances the productivity and job satisfaction of government employees, who can then apply their skills to tasks that directly benefit citizens.

THE IMPACT OF AI IN DIGITAL WORKSPACES

Beyond operational efficiency, AI-driven digital workspace tools can enhance employee experiences and make

government roles more appealing in a competitive job market. Today’s workforce — especially digital natives — values flexibility and modern technology in the work environment.

In fact, according to the latest research by Unisys, AI is not merely a productivity tool but also a catalyst for employee satisfaction, career development and job creation. The survey found that 79% of employees believe AI skills will advance their careers, and 61% view the technology as a job creator, not a disruptor.

A MINDSET SHIFT

For the Australian Government to achieve its 2030 data and digital goals, agencies must adopt a dual approach that addresses technical and cultural hurdles. Resistance to change and lacking relevant skills can hinder even the most ambitious digital transformation plans.

Firstly, start from the top down. Strong leadership is essential in driving technical change and cultural transformation. Leaders must demonstrate a clear vision for the future and rally employees around the opportunities that digital transformation brings.

This includes a clear business use case for any new technology, especially one as fresh as AI. It is not enough to

just decide to implement a digital workplace; it must be driven by strategically considered and measured ROI. Any technology should closely align with your organisational objectives rather than focusing solely on the technology itself. Identify how AI will help you and your agency increase efficiency, connect workers and, ultimately, better serve citizens.

Because the success of AI implementation often hinges on the specific use case chosen, it’s essential that users understand it and that it undergoes thorough evaluation. This requires data maturity, quality assurance, security, and organisational change management to ensure that end users fully utilise the technology to realise its potential ROI. It’s also important to remember that patience is essential, as AI solutions will continue to evolve and require ongoing adaptation over time.

BRINGING THE MINDSET TO LIFE

After solidifying the business case, initiate an organisational change management program that encourages and trains employees to modify their working methods to take full advantage of the technological innovation that’s been built.

With the Australian Computer Society projecting a need for 1.3 million IT professionals by 2030, the government must

Digital workspaces

A digital workspace is an integrated environment that fosters collaboration, enhances employee engagement and agility, and harnesses advanced technologies for optimal productivity.

prioritise upskilling its workforce, investing in continuous learning and adaptability to create a tech-savvy, future-ready public sector. Here are some best practices for keeping staff skilled in new technology.

ENCOURAGE INTERNAL MOBILITY

Start by looking within your existing workforce to identify talent with AI expertise or interest, then support their transition into AI-focused roles. AI can even help in this process by analysing the employee base for candidates with relevant skills, experience and attributes suited for AI roles.

INVEST IN CONTINUOUS LEARNING

AI literacy requires ongoing education, not just a one-time training session. Organisations can retain talent by providing accessible micro-learning modules, online courses and mentorship programs to keep employees current on AI trends and applications. This approach also enriches employees’ roles, boosting retention.

FOSTER A CULTURE OF EXPERIMENTATION

Encourage employees to explore AI’s potential within their departments by supporting pilot projects. This approach nurtures innovation, surfaces new ideas and uncovers hidden talent with a knack for AI.

PARTNER WITH AI EXPERTS

While internal skills-building is essential, some expertise will require external support. With many organisations struggling to grasp AI’s ethical implications, it may be necessary to collaborate with AI consultancies or universities to bridge skill gaps and stay ahead.

FOSTER A COLLABORATIVE CULTURE

Government agencies should also foster a culture of adaptability and collaboration. Encouraging employees to embrace digital workspaces and ways of working ensures they remain engaged and confident in using AI and other digital technologies.

BALANCE RISK AND INNOVATION

Encouraging employees to stretch and try new technology can make some leaders nervous. But there are measures you can take to mitigate risk without hampering innovation.

EDUCATE EMPLOYEES ON HOW TO USE TOOLS SAFELY

This includes when to use them and how to use them, and excluding sensitive data from their inputs — that is, controlling who has access to which data. The first step is to structure the platform before exposing data to it.

EVALUATE WHERE THINGS COULD GO WRONG

Many AI tools pose unintended risks. For example, when meetings are automatically transcribed, they become potential legal records that can be subpoenaed. This creates risks of revealing sensitive internal discussions to unintended audiences, including the public. Additionally, AI limitations can result in transcript errors, leading to misunderstandings or legal complications if they get forwarded without an accurate check.

For the best success, government agencies must be willing to take minor risks to advance innovation. Risk analysis goes back to having a strong, clear, strategic vision for AI use cases so decision-makers can ask the question: is this particular risk worth the reward of innovation?

ADOPT OR LAG

The choice for Australia’s government agencies is clear: embrace digital workspaces to lead a transformative shift in public service or risk lagging in a fast-evolving digital world. AI-driven digital workspaces offer a path not only to operational efficiency but also to a more dynamic, resilient and future-ready public sector that meets the needs of Australians in the digital age. The government has the opportunity to move decisively, aligning technology, skills and culture to drive this digital transformation forward.

1. Digital Transformation Agency 2024, Data and Digital Government Strategy , Australian Government, <<https://www.dta. gov.au/digital-government-strategy>>

*Kate Adams is Field Services Director – Asia Pacific at Unisys. With over 25 years’ experience in delivering IT support across multiple accounts and geographic locations, she excels in the complex nature of IT, consistently identifying improvements and innovations, and managing change to achieve positive outcomes. For both government and commercial clients Kate has successfully led large teams, driving continual improvement and innovation in service delivery, people engagement and operational effectiveness.

DEMYSTIFYING

ZERO-TRUST FOR GOVERNMENT

AS ZERO TRUST BECOMES MORE CENTRAL TO ICT ENVIRONMENTS, IT NEEDS TO BE CONSIDERED NOT JUST AS AN ADJUSTMENT BUT THE NEXT EVOLUTION IN SECURING VITAL NETWORKS.

In Home Affairs’ recent publication of the 2023–2030

Australian Cyber Security Strategy, now moving towards becoming the nation’s first Cyber Security Act, it states:

“We will also draw on internationally recognised approaches to zero trust, aiming to develop a whole-ofgovernment zero trust culture.”

With these initiatives being taken seriously by the government as part of its broader cyber strategy, it’s important to understand zero trust and its relevance in a government agency security architecture and posture.

The zero-trust framework derives from the principle of ‘never trust, always verify’. It builds on the assumption that risk is inherent both inside and outside an agency’s network.

Zero trust’s architecture eliminates implicit trust and implements strong identity and access management (IAM)

James Rabey*

controls, so that federal departments and other government agencies can authorise individuals, devices and applications before granting access to systems and data.

In Australia, the tenets of zero trust are reflected in the Australian Signals Directorate’s (ASD) Gateway Security Guidance Package1, designed to assist organisations to make informed risk-based decisions when designing, procuring, operating, maintaining or disposing of gateway services, the systems that control data flow between networks.

Zero trust is also covered in the Essential Eight set of mitigation strategies for the higher maturity levels two and three. Overseas, the US’s National Institute of Standards and Technology (NIST) has released a zero-trust architecture publication2 and set of principles to which the ASD and Australian Government align:

1. All data sources and computing services are considered.

2. All communication is secured regardless of network location.

3. Access to individual enterprise resources is granted on a per-session basis.

4. Access to resources is determined by dynamic policy — including the observable state of client identity, application or service, and the requesting asset — and may include other behavioural and environmental attributes.

5. All owned and associated assets have their integrity and security postures measured by the enterprise.

6. All resource authentication and authorisation are dynamic and strictly enforced before access is allowed.

7. The enterprise collects as much information as possible about the current state of assets, network infrastructure and communications and uses it to improve its security posture.

The aim is for these tenets to be technology agnostic, and to be guidance rather than prescriptive rules. This reflects that each environment is unique in nature, and in a government context, the threats, requirements and risks vary from agency to agency.

But applying the principles means that ICT assets should always act as if there is an existing threat within the network. No resource (source of data) is inherently trusted either; each should have its security posture evaluated throughout every session through a policy enforcement point (PEP).

This applies remotely too: remote enterprise subjects (users and devices) and assets (devices connected to the network) can’t fully trust their local network and should assume it’s compromised. All workflows, regardless of location, should be treated the same in terms of security posture and apply principles as if they were within the internal network or not.

It’s also important to understand that these tenets cannot be enforced at the data layer alone and require a separated control pane that administrates the access of data within a specific environment.

DEPLOYMENT MODELS

While the tenets are the fundamental technology concept, there are deeper deployment models government ICT departments need to understand to develop a sense of the trusted and untrusted zones within their environment: the Device Agent/Gateway model, the Enclave Gateway model and the Resources Portal model.

DEVICE AGENT/GATEWAY MODEL

The Device Agent/Gateway model is typically the foundation approach as it closely aligns with environments that have a cloud-first approach or a hybrid cloud strategy. This works well for government agency environments that are typically at some point of transition into the cloud, with many having remote working environments in place. In this model, the PEP is split into two parts, one on an asset and one in front of a resource.

To give a practical example of how the most likely relevant Device Agent/Gateway model works, a user with a governmentissued laptop attempts to connect to an enterprise resource such as an application or database. The local agent on the device forwards the request to the policy administrator, and the policy engine software evaluates the request.

If authorised, the administrator creates a communication channel between the agent and access gateway. The connection is terminated once the workflow is completed or

The zero-trust framework derives from the principle of ‘never trust, always verify’. It builds on the assumption that risk is inherent both inside and outside an agency’s network.

by the administrator when a security event occurs, eg, session time-out or failure to re-authenticate. This model is popular as the system reflects many enterprise environments that have already transitioned or are transitioning to the cloud.

ENCLAVE GATEWAY MODEL

The Enclave Gateway model follows on from the Device Agent/ Gateway model. It signals a more bespoke deployment where the resources are held within a private cloud or data centre.

This model is closest in alignment to the traditional Secure Internet Gateway (SIG) model where resources are held in a data centre or use a private cloud environment. It is similar but varies from the Device Agent/Gateway model in that resources reside in a resource enclave together rather than separated.

It’s also possible that this deployment runs alongside a Device Agent/Gateway model, where legacy or ageing applications within the environment live behind the gateway on a complete private cloud system.

The main hindrance with this model is that the gateway protects a collection of resources and may not be able to individually protect each resource. Further system development needs to happen between the gateway and individual resources to create micro-segmentation — zones within data centres and cloud environments to isolate workloads.

RESOURCES PORTAL MODEL

The Resources Portal model has a separate approach and reduced security visibility due to the lack of a steering agent on the device. Further, the gateway portal is seen to be a cloud-based interface and publicly exposed to the internet.

This model uses a gateway portal as the PEP and doesn’t use any steering agent to establish a secure connection from the policy administrator. The administrator still authorises the access with the policy engine; however, this model lacks visibility over the user as the agent on the user’s device is not required.

The Resources model only scans and analyses assets and devices once they’re connected to the gateway portal and may not be able to continuously monitor them for security issues such as malware, unpatched vulnerabilities and appropriate configurations. The portal is considered internetfacing and can also be a deterrent for various internet-facing attacks such as a denial-of-service (DoS) attack.

ZERO TRUST: THE NEXT EVOLUTION

As the government sets the scene for zero-trust principles, architecture and culture to become more central to department’s ICT and security environments, it needs to be considered not just as an adjustment, but the next evolution of securing these vital networks.

There are also a number of challenges and procedures to address within government to ready for the zero trust shift, including migrating policies to zero trust platforms, providing support for legacy systems, bringing skilled people in amid a cyber talent shortage, and maintaining Essential Eight maturity level two.

Zero trust shouldn’t be viewed as a one-size-fits-all solution either — it can be implemented iteratively through a mixture of deployment methods to best suit individual agencies. This will help to ensure zero trust works for the organisation, people and data it’s ultimately protecting.

1. Australian Cyber Security Centre 2022, Gateway Security Guidance Package: Overview, <<https://www.cyber.gov.au/resourcesbusiness-and-government/maintaining-devices-and-systems/ system-hardening-and-administration/gateway-hardening/gatewaysecurity-guidance-package-overview>>

2. National Institute of Standards and Technology 2020, Zero trust Architecture, <<https://nvlpubs.nist.gov/nistpubs/ SpecialPublications/NIST.SP.800-207.pdf>>

*James Rabey is a principal consultant with Macquarie Government, an Australian provider of cloud and security services for Australian government agencies. He has more than two decades of consultancy, marketing and management experience across a range of leading Australian and international technology companies.

iStock.com/EvgeniyShkolenko

FROM TRAINING TO COLLABORATION

HOW XR CAN TRANSFORM PUBLIC SECTOR OPERATIONS

While once associated primarily with gaming, extended reality (XR) has emerged in recent years as a powerful tool for public service organisations looking to train and operate effectively in high-stakes scenarios. Its transformative potential lies in its ability to immerse individuals in virtual worlds, stretching, bending, and reshaping their experiences. For emergency services, defence, and law enforcement teams, the technology enables the simulation of high-risk situations and processes in a completely safe environment.

XR is redefining government and military operations by transforming combat readiness, planning, and collaboration. From interactive 3D terrain maps to next-generation machinery design and mission coordination, below are some examples of how XR is revolutionising critical government and military operations.

SAFE SIMULATION TRAINING FOR HIGH-RISK ENVIRONMENTS

The demand for practical, hands-on training is undeniable, especially in life-or-death situations. However, traditional training methods often lack the complexity and realism of real-world crises. XR steps in to complement existing training. By offering immersive simulations, it provides a safe environment for teams to build critical skills, enhance coordination, and gain confidence under pressure.

Australian company, FLAIM Systems, for example, uses XR headsets to create high-fidelity virtual fire environments, they integrate real-time physical interfaces that simulate the tools and conditions firefighters encounter in the field. This approach allows trainees to use real-world equipment in dozens of scenarios, offering realism without the environmental damage or risks associated with live training exercises. The immersive environments simulate the dynamics of fire, water, smoke, heat, and foam, ensuring that firefighters

experience the complex nature of fire behaviour. This realistic yet safe training allows them to repeatedly run through a wide range of scenario, and then maximise their real-world training. Simulation training is also used to support law enforcement. In Mexico City, police training has been improved with wireless VR technology, location-based software, and a private 5G network. This setup enables continuous 1.5 hour training sessions, where officers use real-world equipment for greater realism. Trainees benefit from enhanced mobility, reliability, and immersion, with realistic scenarios that improve decision making, response times, and overall preparedness. The multi-user environment supports entire tactical units, allowing officers to collaborate in customisable scenarios — from active shooter responses to urban patrol operations.

ENHANCING OPERATIONAL PLANNING, ANALYSIS AND DESIGN

Alongside XR’s impact on training, the technology opens possibilities for

effective planning, design and analysis. Combining 3D digital twin assets with virtual reality enables teams to visualise and iterate on the designs of critical military machinery and equipment in real time regardless of location. Reducing the number of costly physical mock-ups needed, bringing these 3D models to be instantly tested within a digital twin environment enables a larger team to review and provide feedback in real-time.

Lifelike simulations can also be helpful when it comes to operational planning. XR enables teams to visualise 3D models of terrains, structures and operational environments, and then rehearse missions using dynamic, lifelike simulations. Government agencies can also use XR tools to analyse disaster response strategies in a virtual space without risking lives or resources. By integrating XR into planning processes, organisations not only improve efficiency but also reduce costs and optimise outcomes, ensuring they are better equipped to handle both routine and high-stakes scenarios.

GLOBAL MISSION COLLABORATION AND CITIZEN COMMUNICATION

Lastly, XR technology is revolutionising how government and military organisations approach collaboration and communication. For recruitment, XR offers a compelling way to attract the next generation of public service personnel, providing an engaging, hands-on glimpse into roles through realistic simulations. One such example is the US Air Force’s Activate: Special Warfare initiative, which saw over 1400 recruitment leads in its first year. The program immersed people in realistic combat scenarios using haptic vests, VR headsets and replica gun controllers, enhanced by environmental effects like bursts of hot air and wind to mimic explosions and helicopter rotor gusts. Beyond recruitment, agencies can use immersive tools to streamline operations, access real-time data, and collaborate through hands-on interactions. XR enables cost-effective, remote teamwork, allowing units in joint military exercises to train and strategise together seamlessly, regardless of location.

These tools not only improve operational efficiency but also foster stronger relationships between teams and organisations, ultimately driving better outcomes in both routine operations and high-stakes missions.

EMBRACING XR FOR A SAFER TOMORROW

As XR technology continues to evolve, its potential to transform how public service organisations prepare for and respond to high-stakes scenarios becomes increasingly clear. XR bridges the gap between traditional methods and modern demands, offering immersive solutions for safe simulation training, operational planning, and global collaboration. And as more government and military organisations embrace XR, they are building a foundation for a future where readiness and resilience go hand in hand, ensuring safer outcomes for communities and nations alike.

*Thomas Dexmier is ANZ Country Manager at HTC VIVE.

BUILDING SECURITY-CENTRIC AI

WHY A SECURITY-FIRST STANCE IS KEY TO THE GOVERNMENT’S

AI AMBITIONS

The adoption of artificial intelligence (AI) continues unimpeded across multiple industries, grabbing the interest of even the public sector. It’s easy to see why. The capabilities of AI could radically transform a wide range of government operations, from the streamlining of bureaucratic processes to the automation of routine administrative tasks. The technology can also empower public employees to deliver greater value and elevate the quality of public services, reshaping how government institutions could engage and build trust with the citizens they serve.

Given such benefits, it’s unsurprising that government agencies across Australia are looking to double down on AI spending.1 But even as they test the waters of this new technology, public sector leaders must consider how they can secure and protect their investment. One sensible approach is to reassess cyber and data security capabilities. Here, we’ll explore why robust security is more essential than ever in the early days of AI adoption and the strategies or practices government organisations can employ to strengthen their defences.

THE TWO SIDES TO AI SECURITY

The development and deployment of AI-based solutions have changed

significantly over the past few years. Previously, training with large and continuous volumes of data was typically required to create an AI that truly understands and adds value to an organisation over an extended period of time. This fact alone was a hurdle to any government’s AI ambitions, as it happened post-deployment. Depending on the use case, the training data might range from ordinary operational data to sensitive information like medical records or personally identifiable data. This restriction was based on the limited variety of mathematical models and computing power.

Now, vendors have access to more sophisticated models and

theoretically unlimited computing power, making finding a proper match for their tasks more manageable. This advancement significantly reduces the time required to train with actual data, making the process more efficient, secure and productive.

That said, the use of any personally identifiable data raises security questions. Should sensitive national information be used for the purpose of improving public sector efficiency and productivity? Are the risks to national sovereignty and security justifiable?

No single person can answer these questions, but one thing is clear: government organisations cannot afford to rely on off-the-shelf AI solutions from just any provider. The potential exposure of sensitive national data to external, possibly hostile, entities through a third-party AI solution poses unacceptable risks to privacy and national security.

BUILDING A SECURITY-CENTRIC AI FOUNDATION

So, how do you ensure AI is built with security at its core? Below are solutions and best practices governments should employ throughout their AI program.

SECURITY BY DESIGN

‘Secure by design’ should be a crucial principle for AI development, emphasising the integration of security from the outset, rather than as an afterthought. While this is a multi-pronged approach, part of it involves adopting the limiting of access to AI models and sensitive data to only those involved in development, training and processing via access management tools. This minimises potential risk vectors and helps ensure secure, responsible data use, backed by clear accountability. Moreover, a comprehensive data governance framework, encompassing clear policies, privacy compliance and regular audits, helps ensure that data is handled responsibly and ethically.

PRIORITISE SUPPLY CHAIN SECURITY

The security of the software supply chain is fundamental to ensuring the fortification of modern AI applications. This involves safeguarding the entire life cycle, from data acquisition and model development to deployment and maintenance.

JOIN FORCES WITH OTHER PUBLIC AND PRIVATE ORGANISATIONS

Collaboration is key in the development and deployment of AI. By working together with other public and private organisations, public sector bodies can leverage diverse expertise, resources and data to tackle complex challenges, accelerate research and drive innovation.

DON’T FORGET ABOUT AI-ENABLED SECURITY

AI- and ML-powered cybersecurity solutions allow IT teams to act more swiftly and decisively against modern evolving threats. AI-powered observability tools, for instance, offer a unified dashboard for visibility into security events across networks, infrastructures, applications and databases.

By enabling observability across hybrid IT environments and augmenting it with security management tools, IT and security admins can quickly identify and diagnose security issues and address regulatory compliance problems across complex and distributed infrastructures. This also helps break down IT silos and fosters cross-domain correlation and collaboration.

CONSIDER TENANT ISOLATION

Isolating Al infrastructure in dedicated physical servers or data centres creates a physical buffer against external security threats.

This strategy helps protect against risks like data poisoning while maintaining local or private cloud access to Al capabilities. It’s a concept not unlike

what the finance industry established decades ago with its PCI zones.

EMPLOY PROVEN CYBERSECURITY SOLUTIONS

Proven cybersecurity solutions such firewalls, monitoring and observability tools remain core essentials for maintaining secure AI infrastructure. A combination of these solutions allows IT teams to detect anomalies, monitor suspicious activity and deploy proactive protection measures to prevent unauthorised access.

PRIORITISING SECURITY IS A NECESSARY TRADE-OFF

Truthfully, prioritising security in AI development might increase costs and slow the development of future AI initiatives, but it’s a necessary trade-off when national security and public trust are on the line.

In the long run, this investment not only helps protect sensitive data but also paves the way for the far-reaching benefits sovereign AI offers — namely, enhanced public service efficiency, a better customer experience and stronger national competitiveness on the global stage.

1. Francis L 2024, ‘AI and GenAI investment areas for public sector in Asia Pacific’, GovInsider, <<https://govinsider.asia/intlen/article/ai-and-genai-investment-areasfor-public-sector-in-asia-pacific>>

*Sascha Giese is Global Tech Evangelist, Observability at SolarWinds. He has more than 15 years of technical IT experience, four of which have been as a senior pre-sales engineer at SolarWinds. Sascha has been responsible for product training SolarWinds channel partners and customers and has contributed to the company’s professional certification program, SolarWinds Certified Professional.

Opinion REFLECTING ON THE GOVERNMENT DEEPSEEK BAN

The AI arms race, especially between major players like DeepSeek, Alibaba, ByteDance and their US counterparts, is a double-edged sword. On one hand, rapid advancements drive innovation, increase accessibility and push the boundaries of AI capabilities. On the other hand, the intense competition often prioritises speed over security, governance and long-term sustainability.

For companies and consumers, the allure of cutting-edge AI models — especially open-source ones — comes with significant trade-offs. Open-source models provide transparency and adaptability but also introduce security risks, such as data leakage, adversarial manipulation and lack of robust safeguards against misuse. Without rigorous security vetting, organisations leveraging these models may find themselves in a precarious position, exposing sensitive data or enabling unintended consequences.

The race for the ‘fastest AI gunslinger’ also raises concerns about responsible AI development. If the focus is purely on performance benchmarks and model size, rather than safety, reliability and ethical considerations, we risk a scenario where AI is deployed recklessly. The rush to dominate the AI landscape may ultimately force companies into a Faustian bargain —

trading long-term trust and security for short-term competitive advantage.

In short, while competition fuels progress, responsible AI development should not take a backseat to the speed of innovation. Organisations should weigh the risks carefully before adopting new models and push for more robust security, compliance and ethical AI standards across the industry. The reality is that it is going to be Faustian bargain-trading as no vendor is willing to hold back. It’s company versus company, country versus country. This is now geopolitical.

Artificial general intelligence (AGI) is one of the biggest table stakes in the world. This is the land of trillionaires, the definition of capitalism — you build AGI, and from that moment on, you don’t build anything again: the AGI keeps refining itself, accelerating its own intelligence until we reach artificial superintelligence (ASI). Imagine AGI cracking nuclear fusion, curing cancer and unlocking solutions that would instantly create billionaires. This arms race has everything to lose and everything to win.

But then consider a company pushing AI forward, offering incredible capabilities for free, yet lots of dangers below the surface. If there’s a lesson from DeepSeek’s triumph, money alone doesn’t foster breakthroughs — it creates an illusion of progress while the real game changers, constrained by resources, are forced to think differently.

And history has shown time and time again: those who are forced to be creative, to work within limits, are the ones who ultimately win. Innovation is more than spending.

70% of companies are already blocking DeepSeek, but threat actors are moving just as quickly, spinning up DeepSeek-related domains to bypass these restrictions and exploit unsuspecting users. These domains aren’t just being used for circumvention — they’re becoming tools for compromise, targeting organisations and their customers alike. Adding to the concern, all DeepSeek requests were found in unprotected ClickHouse logs and data sent to China, raising major data sovereignty and security questions. Given the geopolitical implications, it’s only a matter of time before we see broader bans, much like TikTok, extending to lots of Chinese AI services. So yes, grab your popcorn… but maybe also a helmet. This ride is going to be wild.

*Andrew Grealy heads Armis Labs, a research practice where experts delve into the latest trends and tactics employed by cyber adversaries. He was formerly CEO at CTCI (Cyber Threat Cognitive Intelligence, acquired by Armis) and thought leader on Cyber, AI, and Data & Analytics at Nike. Andrew graduated from the University of Queensland in Computer Science.

for government and industry professionals

The magazine you are reading is just one of 11 published by Westwick-Farrow Media. To receive your free subscription (print or digital plus eNewsletter), visit the link below.

Turn static files into dynamic content formats.

Create a flipbook
Issuu converts static files into: digital portfolios, online yearbooks, online catalogs, digital photo albums and more. Sign up and create your flipbook.