Prime Minister Scott Morrison, Home Affairs Minister Peter Dutton and Defence Minister Linda Reynolds have issued a joint statement outlining a “significant state-based cyber attack” against Australian business, government and political organisations.
The opening paragraph of the statement set the scene and, concerningly, revealed Australia's worst fear: "Based on advice provided to the government by our cyber experts, the Australian Cyber Security Centre (ACSC), Australian organisations are currently being targeted by a sophisticated state-based cyber actor.
"This activity is targeting Australian organisations across a range of sectors, including all levels of government, industry, political organisations, education, health, essential service providers, and operators of other critical infrastructure."
The government’s 2016 Cyber Security Strategy – backed by a $230 million investment over four years – has strengthened Australia's cyber security foundations, stimulated private sector investment in cyber security and positioned Australia as a regional cyber security leader.
As part of the joint statement, the three expanded on the evidence of a state-based actor, stating, "We know it is a sophisticated state-based cyber actor because of the scale and nature of the targeting and the tradecraft used.The Australian Government is aware of and alert to the threat of cyber attacks.
"The ACSC has already published a range of technical advisory notices in recent times, to alert potential targets and has been briefing states and territories on risks and mitigations. Regrettably, this activity is not new – but the frequency has been increasing.
"Our objective is to raise awareness of these specific risks and targeted activities and tell you how you can take action to protect yourself."
The joint statement added, "The government will release a new Cyber Security Strategy in the coming months, which will include significant further investments."
As part of the advice given, the Prime Minister, Home Affairs Minister and Defence Minister stressed the following:
"Cyber security is a shared responsibility of us all. It is vital that Australian organisations are alert to this threat and take steps to enhance the resilience of their networks.
"All Australian organisations who might be concerned about their vulnerability to sophisticated cyber compromise can take three simple steps to protect themselves:
1. Patch your internet facing devices promptly – ensuring any web or email servers are fully updated with the latest software.
2. Ensure you use multifactor authentication to secure your internet accessible infrastructure and cloud-based platforms.
3. Become an ACSC partner to ensure you get the latest cyber threat advice so you can take the earliest possible action to protect yourself online."
The government also invested a further $156 million to build cyber resilience and expand the cyber workforce as one of our election commitments and we invested additional funding for a whole-of-government cyber uplift program.
The work of the government’s Critical Infrastructure Centre and Trusted Information Sharing Network has also been focused on the threats to critical infrastructure and other systems of national significance.
But there is more to do and we must do this work together – cyber security is a whole of community effort – government, industry and individuals.
The risks are present and will continue to be present. That is why these investments are necessary and the protections we put in place necessary. The Australian government will continue to do everything to keep Australians safe.
The government encourages organisations, particularly those in the health, critical infrastructure and essential services, to take expert advice, and implement technical defences to thwart this malicious cyber activity.
Further information on how you can protect yourself and your business from cyber threats is available at www.cyber.gov.au