NewsBite

Advertisement

This was published 4 years ago

Cyber spy agency to be called in to protect critical infrastructure

By Anthony Galloway

Operators of the nation's critical infrastructure will be forced to pass on information about cyber attacks to the Australian Signals Directorate in real time, and potentially allow the cyber spy agency into their networks to fend off major hacks.

Company directors will also have legal duties to ensure a reasonable standard of cyber security - in the similar way to how they are already responsible for workplace health and safety - under a $1.66 billion boost to the nation's cyber defences.

Australia has experienced a wave of cyber attacks from a sophisticated state-based actor.

Australia has experienced a wave of cyber attacks from a sophisticated state-based actor.Credit: Kacper Pempel

Prime Minister Scott Morrison released the nation's new cyber security strategy on Thursday, which will give new powers to the ASD to protect the country's critical infrastructure such as ports, water, power plants, telecommunications and defence industry.

The new plan also redefines what is deemed "critical infrastructure" with universities, finance and banking, health and the food and grocery sectors added to the list.

While the new laws are still to be negotiated with industry and worked out in Parliament, the government plans to set up a direct line between the ASD and operators of critical infrastructure. At the lowest level, this would impose an obligation on companies to send the ASD "signatures" - a file containing a data sequence used to identify an attack on the network - when they are being attacked.

Under the approval of Home Affairs Minister Peter Dutton, the ASD could also be given access to the network to monitor and defend against significant cyber attacks.

Telstra chief executive Andy Penn said the new powers to allow ASD into the networks of critical infrastructure operators were needed, but they should be done "with close and careful consultation" with industry.

"I look at the cyber world through the lens of the physical world. If a nation state was under attack – every body would expect their government to come in - the defence forces would come in and protect that part of the country," he said.

Advertisement

"In the cyber world it may manifest differently … and that's why governments need to be able to have some degree of ability to step in."

The Morrison government wants to pass the new laws before the end of the year.

Alastair MacGibbon, former head of Australian Cyber Security Centre, said the ASD would go into systems to monitor and defend the network, not "to spy".

"They take that pretty seriously. They would be looking at network defence," he said.

Mr MacGibbon, now chief strategy officer of CyberCX, said the move to impose a fiduciary duty on company directors would send a signal to the market that "it's time to start treating cyber security risk seriously".

"This sends the strongest signal I have ever seen sent to the market to get your house in order and that change is coming," he said.

"The analogy I use is workplace health and safety - I imagine at the time they said you can't force these responsibilities onto company boards … no one sees that as bad idea now."

Loading

The cyber strategy also includes new powers for the Australian Federal Police to track and disrupt servers being used by paedophiles, terrorists and other serious criminals.

Mr MacGibbon said the capability for the AFP was needed as federal and state police had been vacant in the cyber space for too long.

"Cyber crime has had a rollicking good time for too long," he said.

The strategy also calls on internet service providers and other web companies to put in place systems that automatically block malicious websites and activity, along the lines of the "cleaner pipes" initiative Telstra has already put in place.

Sarah Sloan, from global cyber security company Palo Alto Networks, said all Australian ISPs and telcos needed to automatically block cybersecurity threats in real-time.

"We appreciate Australia's record financial investment and commitment to partnering with industry to make the strategy a collective effort," she said.

Get our Morning & Evening Edition newsletters

The most important news, analysis and insights delivered to your inbox at the start and end of each day. Sign up to The Sydney Morning Herald’s newsletter here and The Age’s newsletter here.

Most Viewed in Politics

Loading

Original URL: https://www.smh.com.au/politics/federal/cyber-spy-agency-to-be-called-in-to-protect-critical-infrastructure-20200806-p55j6m.html