Prime Minister Scott Morrison said Australian organisations are currently being targeted by “a sophisticated state-based cyber actor” in a media conference that appears to escalate the ongoing war of words with China.
“This activity is targeting Australian organisations across a range of sectors, including all levels of government, industry, political organisations, education, health, essential service providers and operators of other critical infrastructure,” he said.
While not coming out and naming China directly, government sources backgrounded the media to ensure the culprit was widely known.
The PM said the attacks were not new, but the frequency has been increasing according to the Australian Cyber Security Centre (ACSC).
“The ACSC has also been actively working with targeted organisations to make sure they have appropriate technical mitigations in place to ensure they are protected,” he said.
Morrison said cyberattacks are now a part of the national landscape.
“We can’t diminish the risks we now face in this modern world. These risks are present and part of the world we live in. It is why these investments are necessary and the protections we put in place are necessary.”
Defence Minister Linda Reynolds said Australian organisations take steps to protect their own networks.
“Firstly, patch your internet-facing devices promptly, ensuring any web or email servers are fully updated with the latest software,” she said.
“Secondly, ensure you always use multi-factor authentication to secure your internet access structure and cloud-based platforms. Thirdly, it’s important to become an ACSC partner to ensure you get the latest advice to protect your organisation online.
Matt Warren, Director of the RMIT University Centre for Cyber Security Research and Innovation said the government’s announcement highlights the vulnerability all developed countries face.
“It is hard for us in Australia to imagine the consequence of a cybersecurity attack: an extended loss of power or the failure of related systems such as ATMs, the Internet and key medical equipment not working; the failure of public transportation systems; water treatment plants being non-functional; or a lack of food at the supermarkets due to the malfunction of food distribution systems,” he said.
“The situation also highlights our dependence on key critical infrastructure systems and how any cyber-attacks on these key systems could impact every Australian and their day to day activities.”
Warren said cybersecurity threats impact every Australian and have become an issue not only for governments but for individuals and their online information.
“Many critics dismiss the cybersecurity threat to Australia as being ‘hype or overstated’, but that is far from the truth, this is the new normal and new reality that we are in,” he said.
“What is needed in response is to update our national holistic approach to cyber security protection, which must cover a wide range of issues including the protection of corporate and government systems, protection for small businesses, research funding for Australian universities to help support the cyber protection of Australia and the development of a national cyber safety campaign for all Australians.”
Dane Meah, founder and CEO of cyber security startup, InfoTrust, said it was a reminder that cyber security must remain a key focus.
“Although the Prime Minister’s announcement this morning may seem alarming to some, it is worth noting that many Australian businesses in recent years have doubled down and made significant efforts to mature their cyber resilience and protect themselves against cyber-attacks,” he said.