‘Tighten cyber security or risk pact’s secrets’, say experts
Australia needs to dramatically raise its cyber security preparedness to ensure it isn’t the ‘weakest link’ in protecting US and British nuclear secrets, top cyber security experts warn.
Australia needs to dramatically raise its cyber security preparedness to ensure it isn’t the “weakest link” in protecting US and British nuclear secrets, top cyber security experts have warned.
The push follows a succession of major data breaches of Australian companies, including Medibank and Optus, and comes amid growing fears that domestic AUKUS players will become prime targets for Chinese hackers.
Cyber experts’ worst fear is the loss of critical AUKUS blueprints, such as the 2013 theft by Chinese-linked operatives of plans for ASIO’s $631m Canberra headquarters
CyberCX chief strategy officer Alastair MacGibbon said the AUKUS partnership was “an amazing achievement” that came with “with huge responsibility”.
“We can’t be the weakest link. We need to treat the information and the (intellectual property) shared by the Americans and the British with the same degree (of caution) that they would. These are among their most strategic secrets,” Mr MacGibbon said.
He said “the size of the prize” on offer to malicious cyber actors – the “crown jewels” of Western military technology – would require a major strengthening of the nation’s cyber security capabilities.
Mr MacGibbon pointed to CyberCX projections of a 30,000-worker shortfall in the nation’s cyber security workforce over the next two years, well before the nuclear submarine enterprise is due to start.
It was vital that Australian policymakers ensured the nation’s cyber industry was ready to support the AUKUS agreement because the “heavy lifting” would be done by the private sector.
“We know that our capabilities are insufficient for today’s problems, let alone tomorrow’s,” Mr MacGibbon said.
“There’s no country with a surplus of skilled cyber security professionals. And frankly, unless they’re coming from the US and the UK, they’re going to be no use to us anyway, under these regimes.
“This is not about cyber start-ups, as cool as they always are for government. This is about cyber scale-ups.”
Successive Auditor-General’s reports have identified major cyber security failings in key government agencies, including finding in December that the Department of Foreign Affairs and Trade – which will oversee international AUKUS engagements – failed to monitor the cyber security compliance of its external contractors.
Another report, in March 2021, found 72 per cent of non-corporate federal agencies had not fully implemented the government’s protective security policy framework in 2018-19.
The Australian president of Crowdstrike, one of the world’s biggest cyber security companies, warned AUKUS made Australia “more of a target” for malicious hackers.
Mike Sentonas said a “significant uplift” would be needed by the nation’s public and private sector to ensure Australia was ready to keep its allies’ most closely guarded secrets.
“The government obviously has recognised that they need to do more, but organisations are going to need to do the same thing,” Mr Sentonas said.
“They’re going to need to step up and they are responsible to keep their customer data and their businesses safe.”
Australian Strategic Policy Institute executive director Justin Bassi said the effectiveness of AUKUS as a long-term deterrent would “require a careful combination of transparency and secrecy”.
“The security of the classified material within AUKUS is of the utmost importance, which means prioritising cyber security but also protecting against human vulnerabilities, both witting and unwitting,” Mr Bassi said.
He said Australia needed to apply rigorous processes that reduced “permission creep” for classified material.
“The key is to ensure only those who actually require access have it. Equally ‘crown jewels’ (data) should be encrypted so (its) commercial or IP value isn’t lost if it is stolen,” Mr Bassi said.
Cyber Security Co-operative Research Centre chief executive Rachael Falk said cyber security would be “paramount” to fulfilling the AUKUS vision.
More Coverage
Join the conversation
Labor ‘is naive on threat of evil axis’
One of the country’s leading defence analysts says the Albanese government has gravely underestimated the threat posed by the growing alliance of China, Russia, Iran and North Korea.
Read more
Keating takes swipe at AUKUS ministers meeting
Former prime minister Paul Keating has slammed the AUKUS alliance partners for failing to respond to concerns about the future of Australian military sovereignty.
Read more