Wednesday, 22 May 2013

What is trust anyway?

Ongoing education

In a typically Keynesian short-term policy the Australian government has implemented a plan to cut educational programs[1]. In this latest shortsighted plan the government has announced that it will be proceeding with a plan to cap all tax deductions for self-education expenses to only $2000 per annum. The idea is that by reducing deductions the government will be able to maintain a steady rate of income while still having people engage in further education. The idea is that those who are planning to undertake degrees or other further education will continue to do so at an equal rate regardless of the tax implications.

The flaw in this line of thinking was demonstrated by Frédéric Bastiat in his 1850 essay, "That which is seen and that which is unseen" and has come to be known as the parable of the broken window.

Here we see that which is seen in the government's policy. We see that people engage in further education and use a tax deduction to help fund this endeavor. The government has not looked beyond the short-term in their strategy. They make the assumption that educational levels will remain the same even as the effective cost of education rises. They're problems here as well. The cost to the user a further education is the net cost after the deduction has been made.

A student engaged in a part-time Masters degree such as a MBA or one of the various Masters degrees in applied information technology that are offered will generally pay between $6,000 to $10,000 per annum in fees with between $2,000 and $6,000 in textbooks and other supplementary material. At present all of this is deductible meaning that the average postgraduate student working while studying part-time can gain around one third of this expense back.

As such, the total cost of a Masters degree to the student comes to between $16,000 and $32,000. After the government’s policy takes effect the actual cost to the student will be in the range of $23,000 and $47,000. This makes the cost of doing Masters level education in a technical field between $7,000 and $15,000 more expensive. This is clearly an imposition of additional costs against people who many times already struggling to justify taking further education.

People do generally see this aspect of the policy and justify it by stating how those doing these degrees will earn more money. There are several problems with this argument as well. A well-known basis of the economy is supply and demand. As the cost of the product is altered the demand for it decreases. Here we are increasing the cost of education. The natural consequence of this increase is a decrease in the demand for education. In the flow on effect from increasing the cost of educating our nation we have in fact lower the number of people who will take degrees because the marginal benefits obtained will be decreased.

A key factor of all of this which has been neglected is that universities are predominately government-funded in Australia. However, postgraduate studies such as MBA programs and technology programs are only partially funded or in some instances actually run as profit centers the other parts of the university. When a student undertakes postgraduate education and university they are already paying the government. In not allowing the tax deductibility for education the government has in effect implemented regime of double taxing.

If we start looking at the broken window effect and the results that come from this policy we see that the government actually reduces the amount it will collect from taxes in the long run.

In reducing the demand for university courses the government is in effect changing the economic outcome they seek to promote. The unseen effects of capping taxable expenses start with the fact that fewer students will be paying for existing university costs many of which go to fund undergraduate courses. This then results in fewer undergraduate courses and not just a lower uptake of postgraduate courses.

This is not just a slippery slope argument but one that comes from the rational analysis of the unseen effects. Reducing demand for university courses results in fewer people taking courses within a university. Fewer students mean less income. A lower income means that the government needs to provide a greater level of funding to universities. The perverse effect of attempting to collect more money from the reduction of educational expenses that can be claimed is that the government actually needs to spend more to maintain the existing level of courses being offered.

What about trust?

The real difficulty comes in courses such as information technology and management technology. An executive MBA in information systems or a more technical information technology degree require up-to-date knowledge. A career in these fields does not end when one has gained a qualification. Education is an ongoing requirement in information technology.

This is particularly true when it comes to risk and security. They have been numerous security incidents in the press over the last couple years. Our own government, the same one cutting educational allowances has been touting the need to train information security professionals. In fact it has been argued that one of the primary needs that is not being met within the Australian economy is the provision of security and risk professionals in information technology.

For the online economy to grow we need to be able to trust the underlying systems. To do this we need trained professionals who understand risk and can help defend against cyber crime and cyber terror. This is a dynamic field which changes on a daily basis. New attacks a new defenses offer a consistently moving target that requires the information security professional to update their skills on a regular basis.

At the same time that we are calling for more trained security professionals and more places in universities we are increasing the cost and hence driving potential students away from this field of study. Information risk is a field that requires constant training. Not only do the software and hardware platforms change on a regular basis but so do the attacks against our systems. In the past decade we have moved from Windows 2000 to Windows XP to Windows Vista to Windows 7 and now Windows 8. At the same time we've seen a move from desktop systems to cloud-based infrastructure and mobile tablet applications.

To maintain skills within this field requires constant reeducation learning. To attract new people into this field and to maintain those who already here means that we should incentivize people to want to be a part of the solution. In making education more expensive we drive people away from educationally expensive occupations such as information technology, medicine, science, engineering, and all of the things that drive a modern economy.

If we want to create a vibrant and innovative economy, we need to be able to trust the infrastructure that it is based on. To do this, we need to allow those in this economy to develop the skills they need.

What is occurring overseas

In the United States, the need for a consolidated program designed to teach cyber security is well publicized[2]. To achieve this end information security practitioners need to be involved in constant education and adult learning programs. Like many other professions, information security is a dynamic field that changes from month to month and a failure to maintain the necessary skills moves the advantage to the criminal. Without a secure and trusted base as a foundation for electronic commerce Australia does not have the future. This is a message that is clearly been missed by the Australian government.

The economy is founded on trust in the electronic economy requires the implementation of acceptable security levels that are designed to minimize risk in order to function. This is not a static playing field. In game theory we would call it a predator prey model. It evolves over time with the cyber criminals becoming better at what they do and thus requiring consistent incremental improvements in the amount of security delivered by businesses. This risk function becomes affordable when there are sufficient numbers of trained professionals. That is, the supply of educated security professionals is sufficient to meet the need.

When the cost of education goes up the amount that professionals in this field earn decreases. This is a rational decision. Security professionals remain security professionals because they earn an adequate level of income. That income is not the pretax amount that the amount that they take home and can actually spend.

The Australian position[3] seems to be one aimed at protecting school children and little more.

The current policy is certainly one that has been designed with short-term thinking in mind. It is a set of policies that are designed to collect revenue in the short term at the expense of growth and capital development. So while we have acknowledged need to implement effective risk practices and secure our commercial systems, it is government policy to undermine the very foundation that this desire is built upon. It is government policy to make it more difficult and more costly for both individuals and businesses to engage an employee risk professionals.

Information technology in general is not an economic ill that needs to be punished as the government seems to believe in the implementation of the current policy strategies. In fact, we should be promoting applied education and not seeking to tax it more. It only when we incentivize correctly that we have good outcomes. In punishing those wanting to learn the government has created a policy platform designed to move Australia from being the clever country to a has been.

Rise in cyber attacks in Australia

Is only weeks ago that the Sydney morning Herald[4] reported on the rise in cyber attacks against Australian companies and the need for increased vigilance. This followed the 2012 Cyber Crime and Security Survey Report, commissioned by national computer emergency response team CERT Australia and conducted by the University of Canberra which stated the need for increased training and the announcement in January this year where Prime Minister Julia Gillard announced that CERT Australia would soon be part of a new Australian Cyber Security Centre, which aims to develop a comprehensive understanding of cyber threats facing the nation.

Australia may be on the offensive in creating a cyber threat tracking Center but at the same time we have decided to make education more expensive and reduce the supply of qualified security professionals to industry. It is astounding how government can state the need to increase education in cyber security whilst simultaneously reducing the number of future qualified professionals through taxation policy.

So, although the Commonwealth government has vowed to combat cyber crime[5] the actual policy they are implementing is one where fewer professionals will be available to do this.

"We are in a period of consolidation and we need to get the most value out of every dollar expended," Ms Gillard said.

Yet at the same time we going to reduce the number of dollars available. Instead of incentivizing people towards effective means, we have removed the incentives in a petty grab for short-term political gain at the cost and expense of the economic growth of this country. At the same time that the government is giving lip service to the need to implement security controls and acknowledged the marked increase in criminal activity against our online economy they have removed any incentive for people to engage in this activity.

Cyber crime cost the Australian economy between $1.5 and $2 billion in the 2011/2012 tax year. Yet the answer to this is a decision to disincentivize professionals who may wish to enter or stay in this field. What we are in fact seeing are the increases in incentives to move away from Australia to other economies that actually want educated people. The current 25-28% yearly increase in cyber attacks will only increase further as we take funding away from this profession.

Number of cyber security experts that Australia will be needed by 2015

The Federal Government spent a little under $500 million on cyber security in 2011-12. A large percentage of this going to the ongoing education and training of individuals. The majority of this money was spent on people working in this area. Maybe we can see this as a drive to centralize further taking security professionals away from industry in making them part of government in an expanded public service. This of course increases the cost to the economy while also increasing government spending. Worst of all, it does nothing to make business more secure.

It has been estimated that India would require about 500000 cyber security experts by 2015[6]. At the same time it is been estimated that we will require at least 20,000 more trained risk and security professionals by 2015 in Australia if we are to maintain a robust trusted online economy. This figure is expected to exceed a need to train 50,000 additional personnel before 2020. These figures of course based on CERT and government estimates in predominately focus on government needs so the actual figure is likely to be far higher.

Unlike counties such as India, USA, and UK, The Australian government has no strategy to compact the threat

Whilst we give lip service to information security needs, the Australian government has a policy of promoting the need that removing the incentives. Any economist will tell you that this is a strategy that cannot work. At the same time the government acknowledges the growth in cyber attacks and the need to train people both inside the government as well as in business it has increased the cost of maintaining the required levels of education for those in this field. The results of such a policy is simple and easy to understand. If we reduce the benefits we reduce the incentives.

People do not decide to work in a difficult job that requires long hours unless they are rewarded for their efforts. The government policy of telling us we should do this out of the goodness of our hearts does not work.

At a time when we desperately need to develop more cyber security expertise, the Government has capped self-education expanse claims at $2K

A strategy of deincentivizing people in making education more expensive is a strategy designed to destroy an industry. We have to ask at this point whether the government is intentionally attacking the economy or if they think we're too stupid to notice. Maybe this is the desire in making education more expensive. A land of sheep that does not complain is the only outcome in a land where education is penalized.

Australia is already a prime target for cyber terrorist because of we have a growing online economy and the lack of foresight by the government will ensure we become more of target

In research (Wright, 2011) published in 2012[7] it was demonstrated how cyber criminals think and act rationally.

In increasing the chances of being caught or making an attack more difficult the cyber criminal earns less. The economic incentive provided through having more vulnerable networks that have not been secured by adequately trained individuals means that more cyber attacks will occur.

We can see from this that the government has incentivized criminals at the cost of the economy. In typical short-term thinking the government has sacrificed the future of the country for political gains. Education is a long-term investment unfortunately politics is not.

Criminals may be rational but it seems that the political system is formed through irrationality. Instead of thinking through the consequences of decisions the government has chosen to act without thinking. This of itself shows the need for education.

References

Wright, C. S. (2011). Criminal Specialization as a corollary of Rational Choice. Paper presented at the ICBIFE, HK, China.


[1] http://www.smartcompany.com.au/economy/055542-budget-2013-deductions-for-self-education-expenses-to-be-capped-at-just-2000.html

[2] http://www.dhs.gov/shaping-future-cybersecurity-education-and-workforce-development

[3] http://www.dbcde.gov.au/online_safety_and_security/cyber_security

[4] http://www.smh.com.au/it-pro/security-it/rise-in-cyber-attacks-on-australian-businesses-20130218-2em94.html

[5] http://www.abc.net.au/news/2013-01-23/gillard-national-security-strategy/4480448

[6] http://www.rediff.com/business/slide-show/slide-show-1-tech-universities-to-arm-india-to-fight-cyber-attacks/20130509.htm#1

[7] http://ebooks.asmedigitalcollection.asme.org/content.aspx?bookid=408&sectionid=38787998

No comments: