A ‘double whammy’ of vulnerability and malicious intent resulted in the prime minister’s cyberattack warning last week, according to one of the nation’s biggest government data storage and cyber security providers.
Prime Minister Scott Morrison’s announced last Friday that businesses and all levels of government were being attacked by “a sophisticated state-based cyber actor”.
Mr Morrison and key stakeholders have refused to point the finger at any player, but many including the Australian Strategic Policy Institute (ASPI) believe China is involved.
China has rejected any involvement and says suggestions it was responsible are “baseless”.
Aidan Tudehope is is managing director of government and hosting at Macquarie Government, which provides data storage and security services for 42 per cent of Australian government agencies.
Mr Tudehope confirmed to Government News the company was briefed about the attack prior to the announcement but he would not reveal exactly when this occurred or the specific nature of the information. He would also not reveal which specific government departments may have been targeted.
But he said Macquarie’s systems remained crucial in detecting attacks on government data and the government had ensured “we were armed and advised with the best knowledge possible to help detect and mitigate”.
Casting a wide net
Mr Morrison said on Friday that the activity was targeting Australian organisations across a range of sectors, including all levels of government, industry, political organisations, education, health, essential service providers, and operators of other critical infrastructure.
“We know it is a sophisticated state-based cyber actor because of the scale and nature of the targeting and the tradecraft used,” he told a media conference.
The ACSC and the Department of Home Affairs has published a technical advisory with advice for Australian businesses and organisations to protect themselves, which is available here.
Mr Tudehope said since receiving government reports the company has scanned its databases and is keeping the government informed, but he wasn’t aware of any specific system upgrades in response to Mr Morrison’s announcement.
Mr Tudehope said there was nothing new about cyberattacks, and alerts often came on a daily basis, ranging from minor to critical.
“This is just a series of (incidents) that have been elevated to a new level of prominence, certainly if our team determines we need to tune the way we need to detect them we will,” he said.
COVID behind increased attacks
Executive director of the Australian Strategic Policy Institute Peter Jennings said over a period of years there had a consistent cyber campaign by China and the communist state was “actively working” to infiltrate Australian parliament, political parties and government departments.
“What’s new is there is a higher intensity of that Chinese effort which has come about mostly because of COVID,” he told the ABC.
“It has become so substantial and so overwhelming the government felt it necessary to warn Australian businesses that you need to get your cyber security up to scratch if you want to be safe from these attacks.”
Mr Jenning said cyber security could be “quite poor” at a state government level.
“China is going after these areas precisely because they are weak,” he said.
Mr Tudehope agreed that COVID was linked to increased cyber attacks, especially as the workforce moved out of the office and into the home.
“We are now bringing our relatively insecure networks to be part of the government agency network,” he said.
“The WIFI network the kids’ laptops and PCs are all connected and of course it’s technology that’s kept up together in the COVID world.
“So we have a double whammy here – we have state actors that are particularly focused on breaking into the nation’s assets, but at the same time we’ve got an increased reliance because of the COVID pandemic on technology.”
Highlighting the importance of sovereignty
Mr Tudehope said the hacking attacks highlighted the importance of having sovereign cloud operators.
Concerns have been raised that foreign companies like AWS, which have commercial arrangements with the Australian government, are also subject to laws in their own countries which could compel them to provide access to the data they hold.
Mr Tudehope said these companies also often take a “follow the sun” approach which means support centres operate in daylight hours around the world, potentially giving unknown individuals privileged access to data.
“Administrative access is granted to Australians during our business hours then it goes jurisdictions like India, Europe, maybe to the US and then to Australia the following day,” he said.
“So even if you think that all your customer data is here in Australia in a cloud … those support centres need a degree of access.”
Threat unlikely to go away
The continuing threat of cyberattacks is unlikely to go away any time soon, Mr Tudehope says.
“Sovereign state actors have been there for a long time,” he said.
“We just have a heightened exposure to them right now, particularly in this COVID world and particularly as there are increased tensions between Australia and other nations.
“But its not just a thing of today, it’s not just a flash in the pan. This is something that has been there for a long time, it just increases in prominence at some points in time.”
He said one area the DTA needed to look at was ensuring security in government internet supply chains.
“It’s one thing to secure your own network but if your supply chain doesn’t treat their security at the same level then in many respects all your great work that the agency does equals zero,” he said.
“I think there’s a role for the DTA and the government more broadly to work out – how do we secure the supply chain so that we then don’t indirectly have the weakest link that brings down what the government is trying to achieve.”
Comment below to have your say on this story.
If you have a news story or tip-off, get in touch at firstname.lastname@example.org.
Sign up to the Government News newsletter