‘Alarming’: Australia must expose foreign cyber spies
Australia will continue to be targeted by "cyber criminals" and foreign spies until harsher penalties are introduced to stop them and attack their profits, an industry cyber security panel cautioned today.
The warning, from the Cyber Security Strategy Industry Advisory Panel, came as part of 60 recommendations to protect Australia on the digital battlefield, including greater co-ordination between law enforcement and security agencies and transparency about when the country is being attacked by other nations.
The industry panel, with representatives from companies including Telstra, Tesla, Vocus Group, and NBN Co, said businesses and individuals should be aware that "fraud, data breaches, and unauthorised intrusions" were spiking during the coronavirus pandemic.
The warnings come just over a month since Prime Minister Scott Morrison announced that Australian organisations were under attack from a "sophisticated foreign actor" without actually naming the country behind them, and after News Corp launched a three-part series into Australia's cyber security threats.
Telstra chief executive Andy Penn, who chaired the panel, said the group had been meeting since November last year but its work had taken on greater importance in the wake of the COVID-19 pandemic as online attacks skyrocketed.
"We're certainly seeing, during this period of time, an increase in malicious activity, both in terms of the level of activity but also the activity using COVID as a trojan horse," he said.
"Never has there been a more important time to think about cyber security and Australia's cyber defences."
The panel's report, created after classified briefings, input from 1400 stakeholders and more than 150 public submissions, also noted an increase in attacks by foreign online spies.
"Australian governments, businesses and individuals are being increasingly targeted by cyber criminals and nation states," it found.
"Rates of fraud, data breaches and unauthorised intrusions are growing at an alarming pace because malicious cyber activity is low risk and high reward."
Left unchecked, the panel warned these cyber attacks may not just lead to financial losses but attacks on critical infrastructure resulting in everything "from a disruption to delivery times for fresh food and vegetables to prolonged delays in provisioning lifesaving equipment to corrupted medical data".
The panel recommended Australia take a harder stance on cyber criminals and malicious foreign actors, including exposing the countries involved in attacks "where relevant and appropriate".
Former US Secretary of Homeland Security, Kirstjen Nielsen, who sat on the panel, warned without greater attribution and harsher consequences for online attacks against Australia, efforts to undermine the country would continue.
"Australia should target the profits of cyber criminals and take a stronger approach to confronting state-based actors," she said. "Malicious actors will continue to target Australia until there are real consequences for bad behaviour."
The panel's 60 recommendations include better co-operation between state, territory and international partners, greater penalties for cyber attackers including "economic sanctions," more powers for the Australia Cyber Security Centre to investigate criminals using the Dark Web, and more transparency about "serious cyber security incidents" in Australia to inform the public.
The 2020 Cyber Security Strategy should also define what should be considered critical infrastructure and be protected as such, the report said, and encourage Australians to practice safe online behaviour to prevent security breaches.
The new strategy will replace a 2016 policy that expired two months ago and put $230 million towards Australia's cyber security defences over four years. An announcement from the Department of Home Affairs is expected within months.
Originally published as 'Alarming': Australia must expose foreign cyber spies