Cyber criminals targeted Australian government nearly 450 times in one year

By on 10/08/2020
Cyber security “an ongoing effort by all of us”, says home affairs minister Peter Dutton. (Credit: Creative Commons license).

The Australian Government has published a three-pronged strategy to protect Australia from cyber attacks.

A $1.67 billion plan has been launched to strengthen protection against cyber attacks targeting Australia’s government, businesses and the public.

The ten-year Cyber Security Strategy 2020 replaces a AUS$230 million strategy drawn up in 2016, which established the Australian Cyber Security Centre (ACSC) and the Joint Cyber Security Centres (JCSCs) to promote collaboration between state and territory governments and industry.

Since then, the risk from cyber security has worsened, the government said. The ASCS responded to more than 2,000 cyber security incidents in the 12 months to 30 June 2020. Nearly 450 of these targeted Australia’s central government, while more than 350 were against state and territory governments, according to ASCS figures contained in the strategy.

Around 35% of incidents impacted critical infrastructure providers delivering essential services, including healthcare, education, banking, water, communications, transport and energy. Those responsible for attacks included nation states or state-sponsored actors, financially-motivated criminals, issue-motivated groups and individuals, and terrorists or extremists, the government said.

In June, Australia suffered a large-scale cyber attack that targeted the government, industry, political organisations, healthcare organisations and other essential services and critical infrastructure providers.

According to national news website news.com.au, prime minister Scott Morrison told a press conference: “We know it is a sophisticated, state-based cyber actor because of the scale and nature of the targeting and the tradecraft used. Regrettably, this activity is not new. Frequency has been increasing.”

The government plans to strengthen the defences of its IT networks by centralising their management and operation, which it said would reduce the risk for smaller agencies with less secure IT. Clauses covering cyber security will also be included in government IT contracts, it added.

According to the plan, commonwealth, state and territory government agencies will work with the private sector to prepare for cyber security emergencies through a AUS$10 million national exercise programme, while AUS$124.9 million will be spent on strengthening counter-cyber crime capabilities.

In addition, some AUS$118 million will be invested in expanding the government’s data science capabilities and AUS$20 million will be spent on setting up research laboratories to better understand threats to emerging technology. Five hundred new intelligence and cyber security personnel will be recruited over ten years.

Meanwhile, AUS$50 million will be spent on growing the pipeline of skilled cyber security workers in business and government, including through partnerships between industry and academia on skills projects; a skills programme for the ASCS, including specialised training for women; and teacher training to prepare school children for a career in cyber security.

The government is also planning to invest more than AUS$31 million to extend and expand the ACSC’s ability to defend against cyber criminals acting outside the country. It said that the agency will provide technical advice and assistance to commonwealth, state and territory law enforcement agencies in identifying and disrupting cyber criminals.

Finally, the plan states that new laws will be introduced to clarify how businesses providing critical infrastructure must protect themselves and their customers from cyber security threats, including duties for company directors.

Peter Dutton, minister for home affairs, said: “Effective cyber security will require an ongoing effort by all of us. The coalition government will continue to engage industry, state and territory governments and the public to ensure that initiatives under this strategy support economic recovery through strong cyber resilience.”

About Catherine Early

Catherine is a journalist and editor specialising in government policy and regulation. She writes predominantly about environmental issues and has held permanent roles at the Environmentalist (now known as Transform), the ENDS Report, Planning magazine and Windpower Monthly, and has also written for the Guardian, the Ecologist and China Dialogue. She was a finalist in the Guardian’s International Development Journalism competition 2009, and was part of the team that won PPA Business Magazine of the Year 2011 for Windpower Monthly. She also won an outstanding content award at Haymarket Media Group’s employee awards for data-led stories in Planning magazine. She holds a 2:1 honours degree in English language and literature from Birmingham University.

Leave a Reply

Your email address will not be published. Required fields are marked *