Friday, February 19, 2016

China and Russia step up cyber attacks on Australia

China and Russia step up cyber attacks on Australia

  • THE AUSTRALIAN
The Australian Signals Directorate and Attorney-General’s Department are urging federal agencies to move faster to encrypt data.
Chinese and Russian spies, as well as other hackers, have stepped up the number of attacks on the government’s secure communications network in Canberra.
The steep rise in serious cyber attacks, running at hundreds of attempts a month, has alarmed the government, forcing the 97 agencies that use the Intra Government Communications Network to encrypt more of their data than ever before.
The Australian Signals Directorate and Attorney-General’s Department are urging federal agencies to move faster to ­encrypt data in the face of a ­perceived reluctance on the part of some agencies to take the growing threat seriously.
The Finance Department rev­ealed in November that a scoping study found 17 government agencies were not using encryption over the ICON system. Sources say this has made the data held by those agencies, the identities of which have not been revealed, vulnerable to hacking by foreign states or ­individuals.
The Australian has been told there are now hundreds of serious attempts each month to hack government information carried on the ICON system.
Suspected foreign espionage accounts for much of this figure, with attacks sourced from China being the most prevalent, followed by Russia and Indonesia.
The government denies its communications are vulnerable and does not admit to cases of successful penetration, although it concedes agencies are encrypting ever larger amounts of their communications.
Finance Minister Mathias Cormann said: “The government treats the maintenance of the security of its information very seriously. All government communications networks are protected in that they are subject to appropriate security and encryption regimes, matching the requirements for the security classification of information trans­mitted across them.”
Sources claim the Department of Finance has been reluctant to fund the extra costs to allow all government agencies to have more secure encrypted communications across the ICON system. This has been the subject of internal squabbles between ASD and the Attorney-General’s Department, which have both pushed for more vigorous and widespread encryption of government communi­cations, and the Finance Depart­ment. Government communi­cations in Canberra are trans­mitted via 160,000km of point-to-point fibre connecting about 400 buildings.
The system, ­established 25 years ago, claims it can safely ­secure relatively low-level “protected” information, but that agencies need to take further steps to encrypt information passing through the ICON system if they feel it could be vulnerable.
Sources say the system is uniquely vulnerable to hackers ­because there are numerous pits around Canberra defended only by a padlock where the network can be physically accessed and ­potentially tapped.
The government says such a method of espionage would be easily detected, but insiders believe it is inherently vulnerable to increasingly sophisticated methods used by hackers.
Independent senator Nick Xenophon, who wants an upper house inquiry on cyber security, said the news of the rise in cyber ­attacks was deeply disturbing and more needed to be done.
“There has to be more encryption of government communications,” Senator Xenophon said. “It exposes the commonwealth not only to national security risks, but also commercial risks by this information being exposed.
The Turnbull government is expected to release its cyber-­security strategy in the first half of this year. It is expected to herald a tougher cyber-security regime across government and business.
In the world of foreign espionage, cyber warfare is fast taking over from more expensive and risky human agents as a means of uncovering military, political and economic secrets.
In December, China was ­believed to be responsible for a major attack on the computers at the Bureau of Meteorology. The bureau provides services to a host of sensitive government agencies, including Defence. The attack was seen as an attempt to gain information about the bureau’s clients.
Last year, the government considered selling the ICON system, but chose to keep it because, ­Senator Cormann, said it was “a strategic asset” and “highly valued by government agencies for its low-cost and high-volume bandwidth’’.