Please explain: why is Canberra splurging on cyber security?

Researcher
Dr Stephen McCombie
Writer
As told to Kate Cox
Date
7 July 2020
Faculty
Faculty of Arts

Share

The federal government has just announced an extra $1.35 billion in cyber security funding, in the wake of online attacks in Australia. Dr Stephen McCombie, Senior Lecturer in Cyber Security at the Department of Security Studies and Criminology, explains what's behind the spending boost.

Concern about foreign cyber interference and the potential for foreign states to cause real damage to Australia is behind the government's boost to cyber security spending. Clearly, current measures have not been enough to counter that interference and need to be bolstered.

The reality is, everybody is hacking everybody, and have been doing so for a long time. From North Korea to Russia to Vietnam to the USA and even Australia, they are all spying and being spied upon.

Obviously, there’s a not-to-be-crossed line that Western governments seem to be drawing, in that traditional espionage – if you’re finding out about things that will help your government understand the next move of an adversary – is fine, but actions such as trying to influence elections, potentially damaging infrastructure, and economic espionage seem (generally) to cross this line.

Indeed, Michael Hayden – former US National Security Agency and CIA director – characterised the China hack of the Office of Personnel Management (which looks after US security clearances) as a “legitimate foreign intelligence target” and said he would have approved a similar attack on China had he had the opportunity.

The reality is, everybody is hacking everybody, and have been doing so for a long time. They are all spying and being spied upon.

Before 2000, cyber attacks were different. Mostly it was juvenile hacker enthusiasts who were thought to be criminals, but who were essentially about showing how clever they were by breaking into computers and writing viruses and various types of malware.

But from 2000, organised crime – and later, state-sponsored information warriors, cyber activists and others – became involved and this changed the nature of the threat dramatically. The Australian High Tech Crime Centre was set up in 2003, involving the Australian Federal Police and police from every state and territory. Now, with this funding boost, the policing is swinging around to the Australian Signals Directorate.

No-one has handled it very well and essentially the government is now throwing more money at the problem. Defence have won the battle, though, and are now setting the agenda for the future of cyber security. With the rise of foreign interference threats being seen in higher education, politics and business, our new focus is clearly more about national security and defence than law enforcement: it is to attack those who threaten to bring us down by cyber means.

China is a major concern but the threat actors also include Iran, Russia and others. Whatever conflict you see in the real world is also happening in the cyber world. If we are having bad relations with China in the real world, you can bet the cyber world is having the same thing.

There are a lot of things that a foreign power can do with an offensive cyber capability. It is quicker to set up and cheaper than most other forms of warfare – think about a military aircraft or missile bombing of a uranium enrichment facility versus a cyber attack such as with Stuxnet. And you’ve got the ability to be more or less anonymous. It’s also deniable.

Is $1.35 billion is a lot of money?

It’s a lot more than previously invested. I imagine they have upped the ante: what they were doing hasn’t worked and wasn’t enough. They’re worried about defence secrets being stolen, political parties being compromised, disinformation being spread to make people vote different ways, or even our infrastructure being taken out in a war.

Technology by itself is not going to solve anything. You need really good people, using good tools, to have an impact. And skilled cyber security people get paid a lot. The government announcement said it wanted to hire 500 people, which is going to be expensive.

How do cyber attacks work?

The frequency and variety of cyber attacks has grown exponentially over the past 30 years. We are also more vulnerable. For instance, there are 18 billion IoT (Internet of Things) devices now, meaning there is more to attack, from smart irrigation to Internet banking systems.

The most common cyber attack at all levels is where bots, or internet robots, are used to take over your computer, control it and use it for a variety of purposes.

This usually happens with something as simple as an email with a link that looks interesting that you might follow and it then compromises your system. It may be used to spy on you, or someone else, or to take down a website, or put ransomware on it.

They may not immediately do anything with that data but at some time it may become relevant, to embarrass you or someone related to you, for leverage or information.

Basically, everybody’s computer is useful for various reasons. Victims are a commodity for criminals and spies. Ordinary individuals may never know they’ve been compromised by a cyber attack. They may not immediately do anything with that data but at some time it may become relevant, to embarrass you or someone related to you, for leverage or information. Usually you find out because you need to find out, as with a ransomware attack where you need to pay money to them.

Another form of cyber attack is where they try to influence ordinary people, whether it be with fake news or trying to cause societal conflict.

Cyber crime is also a huge challenge for businesses. We’re talking about criminals fraudulently obtaining hundreds of thousands of dollars from companies tricking finance staff to transfer money.

In times of major conflict, our infrastructure could be targeted, we could have our power taken out, they could be opening dams, all sorts of cataclysmic stuff. Look at Russia’s attacks on Ukraine’s power grid. They could access, change and release research and information: think about this in terms of COVID-19 and what could be done with that data.  A number of attacks have occurred against the World Heatlh Organisation this year.

What can I do?

  • Whatever operating system you are using, always make sure it is updated with all the security updates and use anti-virus products, which should also be updated.
  • Be careful with email: it is the main way people get compromised because it works, whether it’s from spies or some Nigerian crime group. Even the head of the Clinton campaign was compromised by email.

State-sponsored groups have been hitting organisations in Australia such as Rio Tinto for the past 10 years. But capabilities continue to grow around the world. It’s a bit like terrorism: you can minimise the impact but you can’t make it go away.

Whether you are government, activist or criminal, the cost to entry is so low and there are consequences to that. With nuclear weapons, only certain people had them and we knew who they were. There’s nothing like that in cyber space: everyone has the weapons, uses them and wants to keep them.

Dr Stephen McCombie is Senior Lecturer in Cyber Security in the Department of Security Studies and Criminology at Macquarie University.

Share

Back To Top

Recommended Reading