PM recruits Trump aide Kirstjen Nielsen for cyber war

Kirstjen Nielsen, who led the global campaign against Huawei, will prepare Australia’s cyber security strategy.

Geoff ChambersFEDERAL POLITICAL CORRESPONDENT

4 min read

9:25PMJune 23, 2020.

Updated 7:52AMJune 24, 2020

Kirstjen Nielsen was an early mover on cyber security who called out the threat posed by ‘actors’ linked to the Chinese Ministry of State Security. Picture: Reuters

Former US secretary of homeland security Kirstjen Nielsen, who led the global campaign against Huawei, has been recruited by the Morrison government to prepare its cyber security strategy amid rising tensions with China and mass cyber attacks targeting Australian governments and companies.

Ms Nielsen, an early mover on cyber security who called out the threat posed by “actors” linked to the Chinese Ministry of State Security, is working with the government’s advisory panel chairman, Telstra chief Andy Penn, to develop Australia’s 2020 Cyber Security Strategy.

The former White House deputy chief of staff has worked closely with Australian politicians and national security chiefs in recent years, attending a Five Eyes meeting hosted by Home Affairs Minister Peter Dutton on the Gold Coast in 2018.

Mr Dutton’s spokeswoman told The Australian: “Ms Nielsen brings a wealth of cyber security knowledge to the panel from her experience in defending US government and critical infrastructure networks from cyber security attacks. She will provide valuable insights on how Australia can work with its international partners to address global cyber security threats from nation states and criminal groups.’’

Ms Nielsen, who was appointed homeland security chief by Donald Trump in late 2017, has been supporting the advisory panel’s work from the US since her appointment on December 18.

The urgency to finalise the new strategy was highlighted last Friday after Scott Morrison revealed Australia was under sustained attack from a “sophisticated state-based cyber actor”, who was actively targeting critical infrastructure and all levels of government.

The Prime Minister, who did not name China as the state-based actor, flagged that “significant investment” would be pumped into the cyber security sector, with the new strategy to be released ahead of the October 6 budget.

With a spike in cyber threats during the COVID-19 pandemic, AusTender documents reveal the Australian Signals Directorate and other government bodies, including the Department of Education and Australian Securities and Investments Commission, have spent more than $4.2m engaging private cyber security firms since late April.

In early 2018, Ms Nielsen briefed former prime minister Malcolm Turnbull on US strategies to “mitigate risks to our supply chain, which is being targeted by sophisticated adversaries with increasing regularity”.

Malcolm Turnbull walks with Kirstjen Nielsen at CSIS, in Washington D.C, in 2018.

Mr Morrison, as acting home affairs minister, and former communications minister Mitch Fifield, banned Huawei from involvement in Australia’s 5G network in August 2018.

Mr Turnbull said on Tuesday it was clear that China had the “industrial scale” capacity to have been involved in the mass cyber attacks targeting Australia.

“China has the largest cyber espionage operations in the world,’’ he told the ABC. “They operate at industrial scale. They don’t particularly care if they get caught so they can be very brazen. We know all countries engage in foreign intelligence-gathering and espionage. But the level, the scale, of the cyber activities from China are really at an industrial level.”

Mr Turnbull said Mr Morrison would need to be “100 per cent” right in accusing China of involvement, describing the relationship with Beijing as “a complex one”.

Ms Nielsen, a former adviser to George W. Bush, quit as US secretary of homeland security in April last year. She was appointed to the influential US Energy Department advisory board in March.

Of the 213 submissions lodged with the advisory panel, which also includes NBN Co chief security officer Darren Kane and Tesla board chair Robyn Denholm, businesses, universities, local governments and tech experts call for a major overhaul of the nation’s cyber security infrastructure and a build-up of greater technical capacity to protect Australian companies and individuals.

US President Donald Trump clasps hands with Kirstjen Nielsen after nominating her to be Homeland Security Secretary in the East Room of the White House in Washington.

The Commonwealth Bank and National Australia Bank strongly urged the panel to tackle the exposure of small and medium-sized businesses, and individuals, to cyber threats.

The CBA said cyber safety principles should be included in primary school curriculums and pushed the government to commission and release advice on shortages in the cyber security workforce, which industry sources predict needs an extra 17,000 professionals over the next five years.

“We need to start early: cyber safety is a foundational skill and must be integrated into primary school education. High school curriculums must provide both male and female students with the skills and capabilities they need to fully participate in the digital economy,” the CBA submission said.

“Australia will need to develop a strong network of universities that each offer a world-class, comprehensive cyber security education, and partner closely with industry to produce graduates who are ready to tackle our future cyber security challenges.”

US President Donald Trump walks with then Homeland Security Secretary Kirstjen Nielsen.

Australia’s peak science agency CSIRO told the panel cyber threats were “increasing while our environments are becoming more complex”. CSIRO, which has been targeted by hackers, said cyber threats fuelled by emerging technologies included the stealing of sensitive research and data, the compromising of third-party suppliers and “quantum supremacy”, using quantum computers to “solve problems that classical computers practically cannot”.

The research organisation said the government should consider “enforcement of penalties on cyber offenders” and look at introducing “significant legal consequences to deter malicious actors”.

PwC experts reported on Tuesday a “significant increase” in requests for help with “threat actors now compromising large numbers of Australian businesses and government agencies by acquiring unauthorised access through systems with vulnerabilities”.