Meeting the challenges of cyber-security

Parliament house flag post

Meeting the challenges of cyber-security

Posted 31/03/2011 by Nigel Brew

Senator John Faulkner speaking on Cyber Security
Just weeks after the Attorney-General, Robert McClelland, announced the establishment within the Australian Security Intelligence Organisation (ASIO) of a ‘specialist cyber investigations unit to investigate and provide advice on state-sponsored cyber attack against, or involving, Australian interests’, News Limited media reports have claimed that the parliamentary computers of the Prime Minister and several key Cabinet ministers were infiltrated recently in a sustained “hacking” attack.

The reports claim that ‘several thousand emails’ may have been accessed and that in addition to the Prime Minister, the Defence and Foreign Ministers were among those targetted. The cyber-attack is alleged to have begun in February and lasted more than a month before Australian authorities were alerted to the breach by US intelligence agencies. According to the report, state-sponsored actors are among those under suspicion. Understandably, the government is remaining tight-lipped on the claims, citing a long-standing tradition of not commenting on intelligence and security operational matters. However, the government’s concern over cyber-attacks and electronic espionage targetting Australian interests is neither secret nor new.

Acknowledgement of the problem

This latest alleged incident serves to highlight the significant and ongoing challenges of cyber-security. While neither espionage nor computer “hacking” are themselves particularly new, combined they pose a rapidly evolving potent threat to security. Discussion of cyber-security and in particular, public acknowledgement by the government of the threat from cyber-espionage, appears to have become more forthright and detailed in recent years.

In his National Security Statement to parliament in December 2008, the then Prime Minister, Kevin Rudd, sounded a general warning about the threat to Australia from espionage, noting in particular the increasing potential for spying by electronic means:
Australian policy, military and intelligence institutions, directions and capabilities are attractive intelligence targets for foreign powers. And Australia is also seen as a potential alternative source of sensitive defence, intelligence and diplomatic information shared by our allies. Electronic espionage in particular will be a growing vulnerability as the Australian Government and society become more dependent on integrated information technologies. Both commercial and state-based espionage, while not visible to the public eye, are inevitable.
Similarly, in a farewell address to staff in February 2009, the former Director-General of ASIO, Paul O’Sullivan, spoke of the agency’s efforts to deal with re-emerging traditional national security threats, in addition to the ongoing threat of terrorism, and hinted at an increase in electronic espionage:
We’ve broadened and strengthened our human and technical collection, and our investigative and strategic analysis, not only in counter-terrorism, but across all areas of security concern. We have responded proactively to the evolution of espionage in the 21st century, and the accumulation of challenges this presents, by boosting our counter-espionage and foreign interference capability.
In a further indication that counter-terrorism is not the only issue occupying ASIO, the current Director-General, David Irvine, noted in ASIO’s 2008–09 annual report, that 2008–09 ‘saw the most intense period of operational activity since 2005’, adding that, ‘...the extent of Internet-enabled espionage as a rapidly growing threat to the national interest became more apparent’. Adding to the recognition publicly that espionage, and cyber-espionage in particular, has now firmly become an operational priority, ASIO’s Portfolio Budget Statements 2010–11 noted that, ‘ASIO continues to build capability and operational momentum against counter-espionage and foreign interference targets, which includes a focus on electronic espionage’. Indeed, as previously stated in the section on ASIO in the Parliamentary Library’s Budget Review 2010–11, ‘the combined effect of the intelligence-related measures announced in the 2010–11 Budget is to underpin the Government’s public recognition of the growing need to deal with the re-emergence of traditional security threats in a technology-enabled world, and to plan for the long-term strategic security implications of modern shifts in geopolitics’.

ASIO’s 2009–10 annual report is even less ambiguous about the nature and extent of the challenges posed by cyber-espionage, indicating strongly that the government is no longer simply hinting at the threat. Reflecting on the notion that ‘the communications revolution has fashioned new security frontiers’, and noting that ‘the speed and scale of technological development presents significant challenges for organisations like ASIO’, the Director-General states:
Espionage has also thrived on globalisation and the communications revolution.
Digitisation means that massive amounts of information can be extracted, transferred and shuffled with ease. A single well-placed human agent becomes the potential source of archives worth of intelligence. Hostile intelligence agencies now also have a ‘beyond-the-horizon’ capability; they need not leave their own shores to target information held on our government, business and even personal computers.
The Attorney-General has also recently echoed these observations in an address on 10 March:
While traditional threats like espionage and foreign interference remain significant, the explosion of the cyber world has expanded infinitely the opportunities for the covert acquisition of information by both state and non-state actors ... these attacks can be staged from anywhere in the world...
Coincidently, on 23 March, the Australian National Audit Office released a Performance Audit Report into The Protection and Security of Electronic Information Held by Australian Government Agencies, in which the effectiveness of the management and implementation of measures by four government agencies to protect and secure their electronic information was investigated. The agencies selected for the audit, which included The Department of the Prime Minister and Cabinet, were chosen because they ‘represent a general cross-section of agencies and their associated ICT systems’.

The audit examined the following four aspects of electronic information security within each agency—information security framework; network security management; access management; and equipment security—and the report notes the importance of maintaining good electronic information security:
Vulnerabilities within ICT systems may allow an attacker to gain access to sensitive information, including information about Government decision making, significant financial transactions, and aggregate personal and financial information.
The Department of the Prime Minister and Cabinet made similar comments in the audit report, noting, somewhat prophetically:
... the protection and security of electronic information by Australian Government agencies is of increasing importance. Recent events surrounding the unauthorised release of classified US information, as well as the increasing incidents of cyber attacks are a stark reminder of the damage that poor information security can do to Australia’s national interests.
The audit concluded overall that the measures examined to protect and secure electronic information in each of the agencies were ‘generally operating in accordance with Government protective security requirements’. However, the audit did identify several deficiencies and recommended agencies take measures to ensure better upkeep of information security policies and procedures, better use of software security patches, closer attention to password security, and the blocking of access to public web-based email services (like Hotmail and Gmail) on agency ICT systems. Although some access to web-based email is currently permitted in the Department of the Prime Minister and Cabinet, limited by certain control measures, the Department has indicated in its response to the audit report, that all access to web-based email from Departmental systems will cease on 1 July 2011.

Tests designed to test the strength of user passwords revealed weaknesses in several agencies. The application of a so-called “brute force” test resulted in ‘around 20 per cent of passwords being compromised in each agency’, which, the report states, ‘compares reasonably favourably with some private sector and State government agencies’. In three of the four agencies, however, the test was able to compromise some administrator and/or service account passwords, about which the report warns:
... these types of accounts have a high level of access to agencies’ ICT systems. If an attacker managed to gain access to an agency ICT system by cracking an administrator or service account password, there could be serious consequences for that agency’s security.
Responding to the problem

In acknowledging that ‘cyber security is now one of Australia’s top tier national security priorities’, the government launched its Cyber Security Strategy in November 2009 with the aim of maintaining ‘a secure, resilient and trusted electronic operating environment that supports Australia’s national security and maximises the benefits of the digital economy’.

CERT Australia, Australia’s national computer emergency response team, is one of the lead agencies in this ongoing effort, and works in close conjunction with the Cyber Security Operations Centre (CSOC), based within the Defence Signals Directorate. The CSOC was established in 2009 as an initiative of the Defence White Paper, Defending Australia in the Asia Pacific century: Force 2030, and contains staff from a number of agencies, including ASIO, the Attorney-General’s Department, and the Australian Federal Police.

ASIO noted in its 2009–10 annual report that it had ‘expanded its engagement with industry on the threat of electronic espionage, particularly in the resources and energy sectors’, liaising with some private sector companies which had been the targets of electronic intrusions. As part of National Cyber Awareness Week, ASIO also ‘sponsored a resource sector information technology forum to deliver high-level briefings on cyber security and espionage threats and mitigation strategies to a range of resource sector companies’.

The government has also recently announced its intention to accede to the only binding international treaty on cybercrime, the Council of Europe Convention on Cybercrime. Australia would be joining over 40 other nations which have either signed or become a party to the Convention, and as the Attorney-General has recently indicated, such international cooperation will significantly assist Australia’s efforts to stay abreast of and meet the ever-growing challenges of cyber-security:
Accession to the Convention is a critical step as it facilitates international co-operation between signatory countries and establishes procedures to make investigations more efficient. As such, it will help Australian agencies to better prevent, detect and prosecute cyber intrusions.

(Image sourced from

Thank you for your comment. If it does not require moderation, it will appear shortly.
Facebook LinkedIn Twitter Add | Email Print


Flagpost is a blog on current issues of interest to members of the Australian Parliament

Parliamentary Library Logo showing Information Analysis & Advice




refugees asylum immigration Parliament climate change Australian foreign policy elections social security women welfare reform Australian Defence Force welfare policy school education higher education private health insurance Taxation Indigenous Australians health financing emissions trading Australian Bureau of Statistics employment people trafficking statistics Middle East illicit drugs gambling health reform federal election 2010 Senate income management Medicare disability Sport United Nations Asia transport Australian Public Service politics criminal law Afghanistan health forced labour aid Australian Sports Anti-Doping Agency World Anti-Doping Agency United States federal budget Industrial Relations Carbon Pricing Mechanism dental health public service reform OECD constitution Australian Electoral Commission WADA child protection environment poker machines Australia in the Asian Century steroids National Disability Insurance Scheme detention aged care 43rd Parliament slavery health system Electoral reform accountability defence capability multiculturalism ASADA Law Enforcement Australian Federal Police Fair Work Act governance labour force people smuggling debt international relations New Zealand food Australian Crime Commission pharmaceutical benefits scheme voting China regulation leadership Census election results UK Parliament Papua New Guinea banking International Women's Day corruption pensions children's health Aviation federal election 2013 foreign debt gross debt net debt parliamentary procedure Senators and Members ALP Newstart Parenting Payment Youth Allowance sea farers vocational education and training domestic violence military history by-election political parties High Court skilled migration mental health Federal Court terrorist groups science social media Higher Education Loan Program HECS federal state relations youth paid parental leave same sex relationships coal seam gas customs planning doping crime health risks Gonski Review of Funding for Schooling sex slavery Special Rapporteur Northern Territory Emergency Response social policy Productivity United Kingdom firearms public policy Population violence against women ADRV terrorism transparency research and development welfare ASIO intelligence community Australian Security Intelligence Organisation carbon tax mining employer employee renewable energy regional unemployment fishing European Union family assistance United Nations Security Council Australian economy forestry food labelling Drugs welfare systems Indonesia children Constitutional reform local government codes of conduct terrorist financing homelessness Parliamentary remuneration money laundering Trafficking in Persons Report energy social inclusion human rights paternalism administrative law universities TAFE Ireland election timetable citizenship asylum seekers early childhood education Canada Financial sector national security fuel disability employment Tasmania integrity standards NATO Australian Secret Intelligence Service sexual abuse World Trade Organization Australia public health housing affordability bulk billing water health policy Governor-General US economy trade unions export liquefied natural gas foreign bribery question time speaker superannuation public housing expertise climate Intergovernmental Panel on Climate Change Department of Agriculture Fisheries and Forestry Pacific Islands reserved seats new psychoactive substances synthetic drugs UNODC carbon markets animal health middle class welfare Indigenous constitutional recognition of local government referendum consumer laws PISA competition policy royal commission US politics language education baby bonus Leaders of the Opposition citizen engagement policymaking Australia Greens servitude Trafficking Protocol forced marriage rural and regional alcohol entitlements ministries Hung Parliament social citizenship maritime Iran ANZUS regional students school chaplains federal budget 2011-12 salary Medicare Locals primary care Building the Education Revolution Double dissolution Senators safety vehicles Foreign affairs ODA MYEFO Pathology tertiary education Taiwan Xi Ma meeting family violence government financial advisers financial planners Financial System Inquiry Murray Inquiry China; Economic policy; Southeast Asia; Africa housing Speaker; House of Representatives; Parliament Defence High Court; Indigenous; Indigenous Australians; Native Title ACT Indigenous education Norfolk Island External Territories emissions reduction fund; climate change child care funding refugees immigration asylum procurement Indigenous health e-voting internet voting nsw state elections 44th Parliament 2015 ABS Age Pension Death penalty capital punishment execution Bali nine Bali bombings Trade EU China soft power education Fiji India Disability Support Pension Antarctica Diplomacy by-elections state and territories Bills anti-corruption fraud bribery corporate ownership whistleblower G20 economic reform innovation Members of Parliament Scottish referendum Middle East; national security; terrorism social services Criminal Code Amendment (Misrepresentation of Age to a Minor) Bill 2013 online grooming sexual assault of minors ACT Assembly smoking plain packaging tobacco cigarettes Asia; Japan; international relations Work Health and Safety Migration; asylum seekers; regional processing China; United States; international relations fiscal policy Racial Discrimination Act; social policy; human rights; indigenous Australians Foreign policy Southeast Asia Israel Palestine asylum refugees immigration political finance donations foreign aid Economics efficiency human rights; Racial Discrimination Act employment law bullying Animal law; food copyright Australian Law Reform Commission industry peace keeping contracts workplace policies same-sex marriage disorderly conduct retirement Parliament House standing orders prime ministers sitting days First speech defence budget submarines workers Somalia GDP world heritage political engagement leave loading Trade; tariffs; safeguards; Anti-dumping public interest disclosure whistleblowing Productivity Commission limitation period cancer gene patents genetic testing suspension of standing and sessional orders live exports infant mortality honorary citizen railways disciplinary tribunals standard of proof World Health Organisation arts international students skilled graduate visas temporary employment visas apologies roads Italy national heritage NHMRC nutrition anti-dumping Rent Assistance obesity evidence law sacrament of confession US presidential election international days DFAT UN General Assembly deregulation Regulation Impact Statements small business Breaker Morant regional engagement social determinants of health abortion Members suspension workplace health and safety marine reserves hearing Victoria astronomy resources sector YMCA youth parliament Korea rebate Australian Greens presidential nomination Racial Discrimination Act political parties preselection solar hot water Financial Action Taskforce Horn of Africa peacekeeping piracy Great Barrier Reef Stronger futures political financing political education Social Inclusion Board early childhood National Quality Framework for Early Childhood Education and Care Murray-Darling Basin sanctions Norway hospitals republic President Barack Obama Presidential visits qantas counselling Korean peninsula Work Choices biosecurity hendra environmental law federalism federation preselection therapeutic goods Therapeutic Goods Administration plebiscites computer games pests suicide nuclear COAG Ministerial Councils floods ADHD stimulant medication advertising electricity extradition conscience votes poverty preventative health rural health coastal erosion Parliamentary Budget Office work-life balance

Show all
Show less
Back to top