A state-sponsored actor, allegedly China according to sources, stole non-confidential data during a malicious cyber attack against Parliament House earlier in 2019.
The incident forced the Australian Cyber Security Centre (ACSC) to "operate at a heightened state of activity to provide advice and assistance to Australia's major political parties and government agencies after they were targeted by a sophisticated state-sponsored actor".
This saw the activation of the government's Cyber Incident Management Arrangements, which is the national co-ordination framework between federal, state and territory governments to "rapidly share threat intelligence as well as techniques, tactics and procedures used by the actor".
The ACSC also announced further implementations to strengthen cyber security arrangements following the attack, including:
- amplifying the ACSC's National Exercise Program, which supported 25 cyber security exercises across government and the energy, banking and finance, telecommunications, transport, water, health and resource sectors;
- commencing an Energy Sector Cyber Security Readiness and Resilience Program, which supported the vision outlined in the Independent Review into the Future Security of the National Electricity Market: Blueprint for the Future, (Commonwealth of Australia, 2017), for a national electricity market that has a strong cyber security posture;
- expanding the Joint Cyber Security Centre (JCSC) Program by opening new centres in Perth and Adelaide. The centres provide a tangible interface between industry and government on cyber security issues. The JCSCs are also the ACSC's primary mechanism for regular engagement with state and territory governments and, increasingly, local governments;
- initiating a whole-of-government cyber uplift for federal government systems for government agencies; and
- providing cyber security support to the Australian Electoral Commission.
While it is encouraging to see the ASCS's diligence to reacting to the cyber security incident, it raises the question as to whether Australia was lucky to get away with just having non-confidential data taken.
It is also worrying that the wording of the ASD report seems to suggest that cyber security support for the Australian Electoral Commission was cause for concern for the ACSC.
Last month, former director general of the Australian Security Intelligence Organisation (ASIO), Duncan Lewis, voiced his opinion that he considers interference in the democratic process as the biggest threat to our shores.
“It’s my view that currently, the issue of espionage and foreign interference is by far and away the most serious issue going forward,” the retiring director general said at a Lowy Institute Forum in September.
“Terrorism has never been an existential threat to established states – for weaker states, yes, but for a place like Australia terrorism is not an existential threat to the state. It is a terrible risk that our populations run and it is a very serious matter which must be addressed every day: the counter-espionage and foreign interference issue, however, is something which is ultimately an existential threat to the state.”
It's also an issue that has been specifically noted by the federal government for years, and was included in the 2017 Foreign Policy White Paper.
"The government is concerned about growing attempts by foreign governments or their proxies to exert inappropriate influence on and to undermine Australia’s sovereign institutions and decision-making," the White Paper said.
"Such attempts at foreign interference are part of a wider global trend that has affected other democracies. Foreign interference aims to shape the actions of decision-makers and public opinion to achieve an outcome favourable to foreign interests."
Reports emerged following Lewis' comments that China’s Ministry of State Security was behind the cyber attack on Australian Parliament, which was allegedly kept quiet by the government in order to preserve trade relations with Beijing.
Dr Malcolm Davis, senior analyst at Australian Strategic Policy Institute, told Defence Connect at the time that he doesn't believe it is a one-off from China.
“I think they’ve gone a fair way already. A cyber attack on Australian Parliament and key political parties, by the state of China, not just some hacker in Beijing or Shanghai, is certainly not a friendly act,” Dr Davis said.
“They have gone a fair distance already, and I think Australia has to decide how they push back. They certainly should push back.”
While no official push back against China has taken place from the federal government, the reports were notable enough to force a response from Beijing, which unsurprisingly denied the allegations, saying that "the Chinese government resolutely opposes and combats any form of cyber attacks according to law”, and “urged some people not to spill dirty water in China in everything they encounter and not to be keen on making false news for the sake of sensationalism and eye catching”.
In any case, it is obvious that such attacks, specifically levelled at Australia's electoral commission, are of tremendous concern to Parliament, who seem intent on continuing improvement on their cyber security.
While the ASD found "no evidence that this is an attempt to influence the outcome of parliamentary processes or to disrupt or influence electoral or political processes", it certainly doesn't mean that it won't be the focus of the next cyber attack.