Australia's new cyber legion to ward off 'state based' attacks

In mid-June, Australia came under sustained cyberattack by a "state-based actor" - widely understood to have been the People's Republic of China. Canberra has now confirmed more than AU$1bn in funding and the recruitment of hundreds of cyber operatives in response.

Prime Minister Scott Morrison announced publicly that companies and government at all levels were targeted in June's cyber assault on Australia, but did not name the country involved.

Local media reported that the New South Wales (NSW) state government was a major target. The state is Australia's most populous and it is home to Sydney, the country's largest city with more than 5m people.

The attack on the NSW government was reportedly of serious concern to federal authorities and a significant motivation for Mr Morrison to warn the nation of the spike in "malicious" cyber raids. Mr Morrison stated, however, that investigations had found there had been no "large-scale" breaches of personal data: Australian cyber officials also suggested that in many cases hacks had been achieved but not fully exploited.

According to the Australian government there was a clear connection between the ramped up cyber attacks and Australia's diplomatic push for a global inquiry into the origins of the coronavirus pandemic, which is thought to have angered Beijing. The new attacks reportedly exhibited many similarities to a cyber attack on Parliament House's computer system in February 2019, which Australian security agencies internally attributed to China although they never publicly stated this.


‘An affront to our sovereignty'

Former National Cyber Security Adviser Alastair MacGibbon told the Sydney Morning Herald that the threat definitely originated with "a sophisticated state-based actor" and suggested that it was part of a wider trend.

"It is an affront to our national interest and sovereignty that such events occur," added MacGibbon, nowadays chief strategy officer at CyberCX after a long career in government.

The Australian Cyber Security Centre, Australia's coordinating cyber security agency, said that the attackers had used "copy-paste compromises", in which hackers make subtle changes to open source code. The ACSC also said that there had been "heavy use of proof-of-concept exploit code, web shells and other tools" to enable the attacks.

However the ACSC added that its investigators found no evidence that the presumed Chinese state-backed hackers attempted to be "disruptive or destructive" once gaining access to a network, suggesting that the digital offensive might have been more in the nature of warning shots than deliberate acts of war.

Prime Minister Morrison confirmed that recently reported cyber attacks on Australia-based beverage giant Lion were not, in the government's view, related to the new wave of strikes. The attack on Lion was thought to have originated from Russia, according to government sources - and that cyber raid is not thought to have been state backed. Lion said its cyber team was investigating a ransomware attack.


Australia strikes back

The response to the cyber onslaught was not long in coming. At the beginning of July, it was announced that Australia would pour funding into cyber defence and recruit hundreds of new digital security operatives.

Just days after the presumably-Chinese wave of attacks, Mr Morrison announced an AU$1.35bn (US$930m) investment in national cyber security, albeit spread over a decade. Mr Morrison said malicious cyber activity against Australia was increasing in "frequency, scale and sophistication" and was undermining the nation's economy, security and sovereignty.

Beijing in its turn lost no time in putting pressure on Canberra. The day after Mr Morrison's announcement of increased cyber personnel and funding, the Global Times newspaper - a Beijing tabloid which takes a nationalist line and is often used as a mouthpiece by the Chinese state - accused Australia of hypocrisy in denouncing Chinese espionage.

According to the article, Canberra has been "waging an intensifying espionage offensive against China". By way of an example it was stated that Chinese authorities in 2018 had arrested Australians in Shanghai who were in possession of "a compass, a USB flash disk, a notebook, a mask, gloves and a map of Shanghai".

A day later the Chinese foreign ministry weighed in officially saying that the USB-stick-toting Australians were just the "tip of the iceberg" of Australian espionage against the People's Republic.

"As part of the Five Eyes intelligence alliance, Australia has consistently been obsessed with spying on relevant countries," a ministry statement added.


So what is Australia actually doing?

Officially the new effort to bulk up Australia's cyber muscle is called Cyber Enhanced Situational Awareness and Response (CESAR).

"The Federal Government's top priority is protecting our nation's economy, national security and sovereignty," said Prime Minister Morrison, announcing it. "Malicious cyber activity undermines that.

"My Government's record investment in our nation's cyber security will help ensure we have the tools and capabilities we need to fight back and keep Australians safe."

The CESAR package allocated $31m to the Australian Signal Directorate (ASD), Australia's equivalent of Britain's GCHQ or America's NSA, to help fight offshore cybercrime. There's also $35m for a new cyber threat-sharing platform and $12m intended to enable the ASD and Australian telcos to block known malicious websites and computer viruses "at speed".

Apart from this there's more than $118m for expansion of data science and intelligence capabilities, and better than $62m to help the ASD prepare for national-scale cyber threats.

The single biggest line item, however, is a solid $470m intended to create more than 500 new cybersecurity jobs within ASD.

There is some question, however, whether Australia actually has the skilled cybersecurity people to fill these jobs and others which are likely to appear at telcos and other involved organisations and companies. Australian IT security experts have long decried a chronic skills shortage.

According to research by ACS Digital Pulse last year, Australia needs 11,000 additional cyber security workers over the next decade. Recent research from Hays suggested that demand for cyber workers is "outpacing the number of qualified candidates".

The government has attempted to ease this skills shortage in recent times. A $156m boost for cyber skills was announced just before the last federal election.


Jaw-jaw, or war-war?

The CESAR announcement was seen by some as no more than selected early highlights from the long-expected new Australian cyber strategy, delayed by the Covid crisis. This has now finally been announced, in early August. The new plans succeed the previous 2016 Cyber Security Strategy, in which the Turnbull government put a total of $230m into strengthening Australia's cyber capabilities over four years.

When August's full new strategy was released, however, many analysts felt that there was not much new to follow CESAR. Though there was an impressive, increased headline spending figure of A$1.67bn, this only represented 20 per cent, or $320m, of new expenditure compared to the initial strategy: and this in itself might be more a result of increased efforts to include more already-existing budget lines and create a larger headline figure rather than any genuine reallocation of scarce government funds.

There are some specifics in the latest announcement, however. The government plans to centralise the many networks used by government agencies.

"Centralisation could reduce the number of targets available to hostile actors such as nation states or state-sponsored adversaries and allow the Australian government to focus its cyber security investment on a smaller number of more secure networks," the strategy document says.

There's also a focus on cyber security skills development, continued investment in cyber security centres in each state and continuing support for existing programmes such as Stay Smart Online for consumers and businesses.

In the end there can't be any real doubt that China poses a real and increasing digital threat to its rivals in the West and elsewhere, and that Australia is a country of great interest to Beijing.

Whether Canberra's response is a real reaction to recent events or simply a relabelling of a new cyber strategy which was coming anyway is a matter, perhaps, of perception.


Also read:

Wild West Web: There's a new Australian sheriff in town

Do or be done to: how Canberra turned its back on the 'ideas boom'