Home / intel & cyber / Cyber attacks target defence industry

Website Notifications

Get notifications in real-time for staying up to date with content that matters to you.

Cyber attacks target defence industry

Assistant Minister for Cyber Security Dan Tehan and the latest threat report from the Australian Cyber Security Centre (ACSC) have revealed cyber intruders hacked into the computer system of a defence contractor last year.

The new report found 47,000 cyber incidents over the past financial year — a 15 per cent increase — with 734 the ACSC responded to being incidents that targeted infrastructure or other private systems of national interest.

Assistant Minister Tehan confirmed that the cyber thieves had access to the IT network of the defence contractor for a long period of time and stole large amounts of the defence supplier's data. ACSC became aware of the incident last November and helped end the attack.

Assistant Minister Tehan said the government was unsure of who launched the attack, but could not rule out a foreign government.

The report takes a special look at defence industry, noting the industry is heavily targeted by state actors.

"Defence contractors and companies involved in the design, manufacture and maintenance of defence capabilities continue to be targeted by state cyber programs," the report said.

"Cyber adversaries often target the networks of defence-affiliated organisations, such as commercial contractors. This targeting seeks to access information that would be difficult to obtain from more secure government networks, or to exploit trusted network relationships to facilitate access to, or targeting of, more secure networks."

ACSC, which is the focal point for the cyber security efforts of the Australian Signals Directorate (ASD), Computer Emergency Response Team Australia, the Defence Intelligence Organisation, the Australian Criminal Intelligence Commission, the Australian Federal Police, and the Australian Security Intelligence Organisation, said the ASD Essential Eight provides a prioritised list of practical actions that organisations can take to make their computers and networks more secure.

The Essential Eight, updated in March to include four more mitigation strategies, is now considered to be the baseline for Australian organisations, according to the report.

The Australian National Audit Office (ANAO) Cybersecurity Follow-up Audit, published in March, found some government agencies, like the Australian Taxation Office and the Department of Immigration and Border Protection, are not considered "cyber resilient".

The ANAO's report failed these agencies on mandatory whitelisting and software patching requirements proposed by the ASD.

The agencies were found to have varying compliance with the ASD’s top four cyber mitigation strategies: whitelisting, application patching, OS patching and the restriction of administration privileges based on user duties.



Cyber attacks target defence industry
lawyersweekly logo

more from defence connect

May 24 2019
Developing Australia’s anti-satellite capabilities as a deterrent
The increasing dependence and vulnerability of space-based intelligence, surveillance and communicat...
May 24 2019
Photo Essay: Australia’s growing amphibious capabilities
Australia’s geo-strategic reality has seen the Australian Defence Force shift its focus towards de...
Brendan Nelson, Australian War Memorial
May 23 2019
PODCAST: Commemorating Australia’s military history, Dr Brendan Nelson AO, Australian War Memorial
Dr Brendan Nelson AO’s role as director of the Australian War Memorial is one of great responsibil...
Recommended by Spike Native Network