The Australian private and public sector organisations are being targeted in a sophisticated cyber-attack by a foreign entity.
The nation’s Prime Minister told reporters at Parliament House on 19 June 2020 that protecting Australia’s economy, national security and sovereignty is the government’s top priority.
He noted that Australian organisations are currently being targeted by a sophisticated state-based cyber actor.
This activity is targeting organisations across a range of sectors across all levels of government, political organisations, education, health, essential service providers and operators of other critical infrastructure.
While the attacks were not new, the frequency had been increasing in “frequency, scale, sophistication and its impact”; Australians and organisations are being advised so they can take action to protect themselves.
Morrison said the advice he had received indicated there had not been any large-scale personal data breaches.
The Minister of Defence has outlined urgent advice for all Australians “to protect themselves”.
All the salient organisations must be alert to this and take steps to take protect the network. The advice is as follows:
- Patch your internet-facing devices properly, ensuring that any web or email servers are fully updated with the latest software.
- Ensure you always use multi-factor authentication to secure your internet access, infrastructure, and your cloud-based forms.
- Become an ACSC partner to ensure you get the latest cyber threat advice to protect your organisation online.
In addition, a technical advisory prepared by the Australian Cyber Security Centre Centre and the Department of Home Affairs is available at here.
Just yesterday, OpenGov Asia reported that the Australian Strategic Policy Institute (ASPI) advised Australian national security agencies to rapidly develop a national security cloud and finally catch up to the private sector in terms of cloud adoption.
ASPI had argued that agencies’ slow adoption of cloud services due to initial concerns about the security of cloud technology has left them years behind the adoption curve.
“For agencies that rely on cutting-edge high technology for their capability edge, this is disastrous,” the report stated.
Unless this is addressed rapidly and comprehensively, Australia will quite simply be at a major disadvantage against potential adversaries who are using this effective new technology at scale to advance their analysis and operational performance.
Australia will also fall further behind its allies, ASPI said, arguing that the US national security community has a lead of at least five years over Australian partner agencies.
This change must be driven by ministers and agency heads rather than CIOs and security staff, ASPI said.
The report states that this is because security accreditation standards and processes can’t lead technological change. By definition and by design, security standards are lag controls, based on what’s already understood and formed from experience with past and present technical systems.
Ministers and agency heads have both the responsibility and perspective to look beyond the important current technical security standards and rules and think about the capability benefit that cloud computing can bring to Australia’s national security.
ASPI also advised against what it anticipates as a tendency to adopt cloud infrastructure at the lower levels of classification first before more highly classified data.
The institute argued that combining valuable top-secret information with the huge trove of lower classification and open-source data is a source of distinctive advantage that agencies can offer the government.
As the Australian government now reckons with an onslaught of cyber-attacks, the advice from ASPI seems particularly pertinent and timely.