The Prime Minister Scott Morrison has announced the Australian government, businesses and services have come under attack by a sophisticated state-based cyber actor.
“This activity is targeting Australian organisations across a range of sectors, including all levels of government, industry, political organisations, education, health, essential service providers and operators of other critical infrastructure,” Morrison said.
The PM said the government is alert and aware of the threat of cyber attacks and the malicious assault on the nation was the latest in ongoing and constant threats.
“Regrettably, this activity is not new, but the frequency has been increasing. The ACSC has also been actively working with targeted organisations to make sure they have appropriate technical mitigations in place to ensure they are protected.”
The PM said he was raising the issue with the public today as while these attacks are not new risks, they provide an ongoing security issue for Australia. The PM described cybersecurity as a whole of community effort
“This is why we are raising this matter today, to raise awareness of this important issue,” he said. “To encourage organisations, particularly those in the health, critical infrastructure and essential services to take expert advice and implement technical defences to thwart this malicious cyber activity.”
The PM said cyberattacks are now a part of the national landscape.
“We can’t diminish the risks we now face in this modern world. These risks are present and part of the world we live in. It is why these investments are necessary and the protections we put in place are necessary.”
Minister for Defence, Linda Reynolds, said there is no doubt cyberattacks are increasing in frequency, scale and sophistication.
“This activity harms Australia’s national security and harms our national interests. It’s vital all Australian organisations take steps to protect their own networks,” Reynolds said.
“All Australian organisations that are concerned about their vulnerability and ability to protect themselves from cyber compromise can take these three simple steps to protect themselves.
“Firstly, patch your internet-facing devices promptly, ensuring any web or email servers are fully updated with the latest software. Secondly, ensure you always use multi-factor authentication to secure your internet access structure and cloud-based platforms. Thirdly, it’s important to become an ACSC partner to ensure you get the latest advice to protect your organisation online.
Matt Warren, Director of the RMIT University Centre for Cyber Security Research and Innovation and a Professor of Cyber Security at RMIT University, said the announcement of a state-based cybersecurity attack against Australia highlights the vulnerability that all developed countries face.
“It is hard for us in Australia to imagine the consequence of a cybersecurity attack: an extended loss of power or the failure of related systems such as ATMs, the Internet and key medical equipment not working; the failure of public transportation systems; water treatment plants being non-functional; or a lack of food at the supermarkets due to the malfunction of food distribution systems.
“The situation also highlights our dependence on key critical infrastructure systems and how any cyber-attacks on these key systems could impact every Australian and their day to day activities.”
Warren said the attackers are seeking confidential or classified information from all aspects of Australian life and government. A successful attack could have dire consequences for all citizens..
“We are now in a situation where cybersecurity threats impact every Australian and have become an issue not only for governments but for individuals and their online information.
“Many critics dismiss the cybersecurity threat to Australia as being “hype or overstated”, but that is far from the truth, this is the new normal and new reality that we are in. “We are now seeing true sophistication in the planning and implementation of stated based cyber security attacks that impact all sectors of Australia. We are seeing a situation where diplomacy and political issues in the physical world are entering the cyber domain.
“What is needed in response is to update our national holistic approach to cyber security protection, which must cover a wide range of issues including the protection of corporate and government systems, protection for small businesses, research funding for Australian universities to help support the cyber protection of Australia and the development of a national cyber safety campaign for all Australians.”