Cyber attacks target defence industry

Assistant Minister for Cyber Security Dan Tehan and the latest threat report from the Australian Cyber Security Centre (ACSC) have revealed cyber intruders hacked into the computer system of a defence contractor last year.

The new report found 47,000 cyber incidents over the past financial year — a 15 per cent increase — with 734 the ACSC responded to being incidents that targeted infrastructure or other private systems of national interest.

Assistant Minister Tehan confirmed that the cyber thieves had access to the IT network of the defence contractor for a long period of time and stole large amounts of the defence supplier's data. ACSC became aware of the incident last November and helped end the attack.

Assistant Minister Tehan said the government was unsure of who launched the attack, but could not rule out a foreign government.

The report takes a special look at defence industry, noting the industry is heavily targeted by state actors.

"Defence contractors and companies involved in the design, manufacture and maintenance of defence capabilities continue to be targeted by state cyber programs," the report said.

"Cyber adversaries often target the networks of defence-affiliated organisations, such as commercial contractors. This targeting seeks to access information that would be difficult to obtain from more secure government networks, or to exploit trusted network relationships to facilitate access to, or targeting of, more secure networks."

ACSC, which is the focal point for the cyber security efforts of the Australian Signals Directorate (ASD), Computer Emergency Response Team Australia, the Defence Intelligence Organisation, the Australian Criminal Intelligence Commission, the Australian Federal Police, and the Australian Security Intelligence Organisation, said the ASD Essential Eight provides a prioritised list of practical actions that organisations can take to make their computers and networks more secure.

The Essential Eight, updated in March to include four more mitigation strategies, is now considered to be the baseline for Australian organisations, according to the report.

The Australian National Audit Office (ANAO) Cybersecurity Follow-up Audit, published in March, found some government agencies, like the Australian Taxation Office and the Department of Immigration and Border Protection, are not considered "cyber resilient".

The ANAO's report failed these agencies on mandatory whitelisting and software patching requirements proposed by the ASD.

The agencies were found to have varying compliance with the ASD’s top four cyber mitigation strategies: whitelisting, application patching, OS patching and the restriction of administration privileges based on user duties.



Cyber attacks target defence industry
lawyersweekly logo

more from defence connect

Mar 22 2019
Private Equity backs Australian defence SME sector
Sydney-based CHAMP Private Equity is poised to make a rare investment in Australia’s growing defen...
Dr. Malcolm Davis, Australian Strategic Policy Institute
Mar 21 2019
PODCAST: The challenges and opportunities facing the Australian defence sector, Dr Malcolm Davis, Australian Strategic Policy Institute
In this special episode of the Defence Connect Podcast recorded live on-site at the Avalon Internati...
Mar 22 2019
MOU forges closer ties between Naval Shipbuilding College and RAN
The Naval Shipbuilding College will work in close partnership with the Royal Australian Navy to ide...
Recommended by Spike Native Network