Cyber attacks target defence industry
Exclusive
Major shake-up in defence SME sector:

Cyber attacks target defence industry

Assistant Minister for Cyber Security Dan Tehan and the latest threat report from the Australian Cyber Security Centre (ACSC) have revealed cyber intruders hacked into the computer system of a defence contractor last year.

The new report found 47,000 cyber incidents over the past financial year — a 15 per cent increase — with 734 the ACSC responded to being incidents that targeted infrastructure or other private systems of national interest.

Assistant Minister Tehan confirmed that the cyber thieves had access to the IT network of the defence contractor for a long period of time and stole large amounts of the defence supplier's data. ACSC became aware of the incident last November and helped end the attack.

Assistant Minister Tehan said the government was unsure of who launched the attack, but could not rule out a foreign government.

The report takes a special look at defence industry, noting the industry is heavily targeted by state actors.

"Defence contractors and companies involved in the design, manufacture and maintenance of defence capabilities continue to be targeted by state cyber programs," the report said.

"Cyber adversaries often target the networks of defence-affiliated organisations, such as commercial contractors. This targeting seeks to access information that would be difficult to obtain from more secure government networks, or to exploit trusted network relationships to facilitate access to, or targeting of, more secure networks."

ACSC, which is the focal point for the cyber security efforts of the Australian Signals Directorate (ASD), Computer Emergency Response Team Australia, the Defence Intelligence Organisation, the Australian Criminal Intelligence Commission, the Australian Federal Police, and the Australian Security Intelligence Organisation, said the ASD Essential Eight provides a prioritised list of practical actions that organisations can take to make their computers and networks more secure.

The Essential Eight, updated in March to include four more mitigation strategies, is now considered to be the baseline for Australian organisations, according to the report.

The Australian National Audit Office (ANAO) Cybersecurity Follow-up Audit, published in March, found some government agencies, like the Australian Taxation Office and the Department of Immigration and Border Protection, are not considered "cyber resilient".

The ANAO's report failed these agencies on mandatory whitelisting and software patching requirements proposed by the ASD.

The agencies were found to have varying compliance with the ASD’s top four cyber mitigation strategies: whitelisting, application patching, OS patching and the restriction of administration privileges based on user duties.

 

 

Cyber attacks target defence industry
lawyersweekly logo
Promoted Content
Recommended by Spike Native Network

more from defence connect

Feb 20 2018
Global supply chain opportunities under FFG(X) project
The US Navy has funded five potential designs, including one from Austal, for its future guided miss...
Feb 20 2018
Major shake-up in defence SME sector
Conflicts of interest have led the Defence Teaming Centre (DTC) to step down from its role as the re...
Feb 20 2018
Defence dragged into Barnaby Joyce scandal
The political scandal gripping Australia has now thrown light on Barnaby Joyce’s use of defence fo...