-------------------------

IT could happen in a moment, and Australia would be in deep trouble. If China disabled our GPS systems, Australia’s warship commanders would have to navigate by the stars, with sextants. If Russian hackers took out our electricity network – as they did in the Ukraine – defence insiders say we would quickly be living in a Mad Max dystopia. And if Australia’s telecommunications network was disabled, the results would be deadly chaos.

Deep inside Australia’s Department of Defence, within industry and throughout academic institutions and think tanks, cyber experts are war gaming different scenarios in which the nation’s digital networks are attacked.

And there’s a fascinating, frightening new threat – the potential for an enemy state to destroy our entire national identity. An attacker could decide to take out those mammoth databases that show who we are, such as births, deaths and marriages. Our history, legislation, health, education and immigration records are all online.

Anne Lyons is a Visiting Fellow at the Australian Strategic Policy Centre’s International Cyber Policy Centre, as well as an Assistant Director-General at the National Archives of Australia. She wants people and policymakers to start thinking about what would happen if someone hacked into our digital records – from our passport data to land titles information.

“What would happen if it was manipulated?” she says. “When someone wants to attack a country or a community, that social, cultural, historical, legal stuff is what they go for.

“If someone could get in and change or remove people from a database, or remove characteristics, and it wasn’t discovered for some time… you might be trying to get back into the country, but your eye colour no longer matches.”

Others are worried that Russia could try to affect the outcome of an election, as some believe happened in the United States. There are certainly cyber spies trying to get the secrets of major military projects.

Our information is increasingly held on the web, and Australia is under attack – all the time. Cybercriminals are constantly bombarding our systems – they’re testing out computers, smartphones, tablets, looking for any vulnerability they can exploit. The states most often mentioned as potential threats are Russia, China and North Korea.

About one in three businesses reported cyber incidents last year – that they know of. Other estimates put the number of hacked businesses as high as nine in 10. But the biggest target is the Federal Government. In 2016-17 a third of the 671 cybersecurity incidents that warranted a response were aimed at Canberra.

Cyber experts within the Federal Government are worried there are countries who have thrown away the rule book and are testing how far they can push. One worst-case scenario, according to a top-level source, would be taking down Australia’s infrastructure assets such as the power grid.

Most countries have agreed that critical infrastructure is out of bounds in peacetime, but that’s been ignored in the past, and the Government is concerned it will get worse. The most likely targets are telecommunications or power networks. This sort of attack could quickly culminate in what some call the Mad Max scenario – a bleak, dystopian Australia with people bitterly scrapping for resources.

The source says any large-scale database with personal information can lure cybercriminals – a serious concern as Australians debate whether to trust their medical records to the government’s online My Health Record.

The system is at risk for both privacy breaches and cyber threats.

The cyber expert points to the 2015 hack of the United States’ Office of Personnel Management – the Chinese are widely blamed for accessing about 14 million Federal employees’ records. That left the employees worried about identity theft and blackmail.

Fergus Hanson, head of ASPI’s International Cyber Policy Centre, says a likely attack would be “a large-scale piece of malware that shuts down whole businesses”.

“If you take out telecommunications how do you call people to come and help? Basically everything in the modern economy, the backbone is the telecommunications infrastructure,” he says. “It would bring the entire economy to a standstill.”

But like his colleague Anne Lyons, he is also concerned that Australia needs to toughen its defences to “protect the collective national identity”.

If a malicious agent did wish to destroy our archives, Hanson doubts our abilities to stop such an attack, or quickly recover from it.

Then there’s cyberespionage. The Advertiser has revealed that overseas forces – believed to be Chinese – tried to steal information about the $50 billion Future Submarine project. Those submarines will be a key part of keeping an eye on what China is up to in the South China Sea as it massively expands its forces into a blue water navy bigger – in ship numbers if not firepower - than that of the US.

There is no doubt cyberspies will be doing whatever they can to access secret information about the submarines, the Future Frigates and the supply chain for those projects.

“In a world which is totally reliant on technology, it is vital that we protect ourselves and our information from cyber-attacks,” Defence SA chief executive Richard Price says. The Marshall Government agrees complacency can make companies “vulnerable to devastating cyber-attacks that can cause immense damage in a matter of minutes”.

Federal and state governments are working on strengthening their abilities to prevent cyberattacks, and to recover if they do happen. “If industry is not prepared appropriately, they leave themselves open and vulnerable to large-scale ransomware attacks that could jeopardise the success of SA’s defence industry,” the State Government says.

Hanson agrees, saying a single company on the supply chain can be the weakest link. “You can’t have your subcontractors letting the team down,” he says.

Cybercrime is one of the biggest challenges facing the world. The Federal Government is concerned about the increased blurring between state and private hackers. There can be organised criminal gangs that may or may not be acting on behalf of a foreign nation. It’s not clear where cybercrime ends and cyberwarfare begins.

They are also worried about the entry of new people into the space – you no longer have to be a hacker to hack. You can go on to the dark web, browse for some software to download, and start your own enterprise. The bar for entry into the cyber underworld is much lower than it was, and will get lower.

The Federal Government source warns it’s also easier to automate processes, meaning criminals can set up a program that just scratches around looking for multiple vulnerable targets. That allows a small operation to cause mass outages.

So what can be done? In some cases “digital vigilantes” are “hacking back”. If a company’s information is stolen, they follow the trail of the thieves, find the missing files, and take them back. It’s legally dubious, and not available to most people. There are other options.

Behind the scenes, Defence is building its cyberwarfare capacity and government departments are strengthening their shields. Private companies are developing new ways to combat the evermore sophisticated threat.

But the Federal Government is also switching to a “name and shame” strategy. It might not do much to point the finger at Russia, say, from over here. But it’s part of a plan to let other nations know that Australia will point it out when they cross the line.

Businesses should all use the advice from the Australian Signals Directorate, and are now obliged to report any attacks, which will help build better information.

Individuals should think before they post private information, use different passwords, mind their security and privacy settings. Log off when they’re done. Have suspicious minds. There are lots of hints and tips online – try staysmartonline.gov.au to get started.

CHILD’S PLAY

Internet-connected toys that talk to kids might seem cute, but they’re also a potential cyber hacking tool, security experts warn

Tory Shepherd

IT’S a terrifying scenario: your child is playing in their room alone when suddenly their doll starts talking to them. “Is Mummy there?” Right now, say experts, there are dolls

on the market that can by hacked by cybercriminals who can speak through

the mouths of these sweet-faced toys.

They can ask children, for example, when Mummy and Daddy are taking them away on holidays. And they already have the address of the soon-to-be-empty home.

At the University of Adelaide, academic Cate Jerram has been working on a program called the Human Aspects of Cybersecurity with the Defence, Science and Technology Group.

She says hackers target human weakness.

And humans are weak when it comes to creating new passwords. We keep the default password or use the same one for everything. That leaves us open to identity theft.

“The most common password is still password,” she says. “Hackers know exactly where to start. It rarely takes longer than five minutes.

“While people are still terrified of their privacy being violated, they’re still too uneducated about how they can protect themselves.”

Jerram tells the terrifying tale of the doll that acts as an accomplice. The dolls are connected through the Internet of Things, which will eventually hook up billions of inanimate objects to the internet, thanks to a network of satellites.

The IoT’s main capabilities are in wide-scale projects, such as monitoring the environment, watching energy usage or in precision agriculture. Farmers are now able to use sensors to track stock, or work out what to water, and when.

But it’s also used for entertainment.

“A lot of my colleagues are most concerned about the rising ability of criminals to use

the IoT where someone will just effortlessly, unthinkingly buy their child an internet-connected doll or teddy bear that can be used to attack the house and break in,” Jerram says.

“Dolls that talk to you and ask, ‘When do Mummy and Daddy go away?’ The doll is programmed for pre-programmed answers. That can be hacked into.

“People are enthusiastically taking up things like Google Home … again, all of these things can be hacked. The biggest concern for me …

is that people are just so unwitting about this and contribute to their vulnerability.”

Jerram says most computers are attacked hundreds of times a day as criminals send out “bots” searching for weaknesses.

“There are highly organised hackers with huge computer banks available,” she says. “There is heaps of software you can put on your own machine to see how often you’re attacked.”

Or, she adds, some people specialise in a product. They might work out which dolls are susceptible to hacking, then find them in the nearby area.

“They’ll work out where it is and program that doll. People can hack your fridge,

your washing machine. Anything on the IoT,” she says.

So what does Jerram do to stay cybersafe?

“I avoid a lot of technology because I know too much,” she says.