The war in Ukraine has shown infrastructure destruction remains a fundamental part of modern warfare. But unlike past shooting wars, that destruction can be carried out either by explosives or by cyber.
Accordingly, whether we realise it or not, Australia is at war. And it is a war where incredible damage can be inflicted on our basic infrastructure, the business community and individuals.
For a long time, Australia and other nations have been exposed to cyber attacks instigated by criminals looking to make a quick dollar and to damage individual organisations.
Both the Optus and Medibank attacks were in that category. These attacks were not war but they have alerted the community to the current relentless volley of attacks that are far more intense than simply criminals looking to make money by disclosing data.
Australia is more vulnerable to such attacks than most other countries because our banking system is concentrated in only four organisations. When organisations like Optus and Medibank are breached, the issue is essentially about confidential data.
But if the banking system is broken the consequences are far more serious. If any major bank is crippled it will bring vast areas of the business community to a halt because money transactions will be frozen. The repercussions will spread far beyond the bank that has been brought down. We have seen the consequences of bank computer problems when systems go down for half a day. But if a major cyber attack causes a major bank to go down for a week it means that transactions are stopped, and people can’t get access to their money.
The bank would need to recover its transaction records.
I have no doubt that all our major banks have plans in place to minimise the damage and to get back online as quickly as possible but there would be substantial collateral damage. And the same thing would happen if key parts of the government were successfully attacked.
All our major banks are now under relentless daily attack so there are now much greater efforts to determine where these attacks are coming from. It is not hard to guess the culprits – Russia, China and to a lesser extent North Korea. It is much harder to determine exactly who is pulling the trigger and the nations themselves are able to deny any involvement. And of course, for all we know it is possible that cyber bullets are being fired from Australia. Ukraine has responded to cyber attacks on its infrastructure with counter attacks.
The new government initially had very little understanding of the depth of the danger and responded by creating enormous penalties to those that were hi – fines equal to the greater of $50m, 30 per cent of adjusted turnover for the period, or three times the financial gain from the misuse of data.
These business destroying penalties are made worse by vague statements about what constitutes an offence. They will encourage companies to keep cyber attacks secret and pay the bribes so making Australia an even more attractive target.
Nevertheless organisations around the country are working feverishly to improve their security. Those that are doing it properly are not only improving their actual systems but undertaking defensive training of staff.
And we are beginning to realise that the idea that recording confidential data like licence numbers and birthdates as the security point for data entry is not only dangerous but stupid.
Fortunately, new systems of security checking are being introduced.
And we have an potential advantage. Australia is an island. History has shown that islands are harder for conventional armies to gain control. And the same applies to cyber armies.
There are only 17 cables that come to Australia, and all are owned/operated by our telecommunications companies led by Telstra. There is also entry to Australia via satellite but it is much smaller. Thankfully, there is now serious activity taking place to try and block the cyber-attacks by filtering material passing through the telecommunications pipelines.
The previous government appointed the former chief executive of Telstra, Andy Penn, to head a committee looking into Australia’s cyber security. Penn was critical of the that government.
To their credit the new government appointed him to head a similar committee. There is no one better placed to help the government gain greater cyber security via better controls over those 17 pipes than an ex Telstra chief executive.
It was also good to see Medibank have the courage to shut its systems down and undertake the necessary changes but that is much harder if you are a bank.
Like most developed countries, Australia now runs on the net and the cloud and we have to realise that we are under attack and respond accordingly.
More Coverage
MinRes plummets as Ellison revelations spark crisis
Mining giant Mineral Resources is in crisis talks with investors after shock revelations around its governance and the conduct of its talisman founder and managing director Chris Ellison.
Read more
The Cat’s lair gets a visit from the corporate cop
The Byron Bay home of media entrepreneur Antony Catalano was raided by ASIC investigators last week, allegedly in relation to trading in asset manager Magellan.
Read more