The Prime Minister said Australia’s cyber security capacity had scaled up dramatically since revealing in June that a “sophisticated state-based actor” was launching mass cyber attacks targeting governments, companies and critical infrastructure operators.

Mr Morrison said while cyber hackers would “still try it on”, Australian governments and the private sector would be ready to respond.

In the cyber security strategy released on Thursday, Home ­Affairs Minister Peter Dutton said “well-equipped and persistent state-sponsored actors are targeting critical infrastructure and stealing our intellectual property”.

The strategy says Australia must use both “offensive and defensive” tactics to thwart threats from nation-states and state-sponsored actors seeking to compromise networks to obtain economic, policy, legal, defence and security information “for their advantage”.

“These actors tend to be sophisticated, well-resourced and ­patient adversaries, whose ­actions could impact Australia’s national security and economic prosperity,” the strategy said.

In 2019-20, 35.4 per cent of incidents reported to the Australian Cyber Security Centre were linked to attacks on governments and agencies, with 35 per cent targeting critical infrastructure operators across the banking, health, education, water, transport and energy sectors.

Mr Morrison said “there are many state actors who are active in this space and we have to be able to come to terms and deal with that”.

“It (the cyber security strategy) is about Australia. It’s about protecting Australia. And it’s about protecting Australians from wherever potential threats come and whatever form those threats might take,” he said.

Mr Dutton said new powers for the Australian Federal Police and Australian Criminal Intelligence Commission, which the government aims to legislate before the end of the year, would target criminals using the dark web and encrypted devices and not affect everyday Australians.

He said the enforcement measures would allow the AFP and ACIC to obtain warrants targeting servers from “Seattle to Sydney” and offensively disrupt and shut down international paedophile, terror and criminal networks. “If you’re part of the Australian community, the 99 per cent of people that aren’t involved in those activities, I don’t think you have anything to concern yourself with,” he said.

Mr Dutton — who The Australian revealed will be handed new powers to direct the Aus­tralian Signals Directorate to protect critical infrastructure from cyber attacks — said Australian laws that apply in the “real world” should apply online.

Telstra boss Andy Penn, who chaired the panel, said the nat­ional cyber blueprint and scale of investment highlighted “just how significant an issue cyber ­security is”.

“Ultimately we need to help consumers build their own level of awareness of the cyber risks they face, so they can adopt practises to mitigate their risk. This goes much deeper than just investment,” he said.

“This has been a very effective process, because there was very deep consultation, both through formal submissions and workshops, and there is very strong alignment between the recommendations we made and the initiatives the government is intending on implementing.”

Alistair MacGibbon, Australia‘s former federal cyber security chief, welcomed Australia’s new strategy in particular its focus on ‘clean pipes.’

“There are no silver bullets in cyber, but this will reduce some of the threat surfaces for small businesses,” MacGibbon said.

“It means I can worry less about links I click on or attachments I open, because they have been scanned for known malware, and that‘s a good thing. It’s not going to protect me completely but it’s certainly going to help.”

MacGibbon added that the government’s commitment to new legislation, including privacy and data protection reform, would lead to certain technology being labelled ’fit for purpose’ and force companies across Australia to think more closely about cyber risk.

“A shift in our culture is what’s necessary, and that’s what this document will do.”

The new strategy includes a $1.67 billion investment over ten years, the largest ever financial commitment to cyber security in Australia.

Some industry members said the strategy doesn’t go far enough to support small business. “While it’s great to see a lot more attention and some worthwhile direct support for small businesses, for example the small business hotline, the strategy largely depends on larger organisations and the broader business ecosystem helping small businesses,” Cynch Security co-founder and CEO Susie Jones said.

“There’s very little being proposed to help the growing number of business owners that recognise the risk they’re sitting on and want to take action to protect their customers, partners and livelihoods.”

Rachael Falk, the chief executive of the Cyber Security Cooperative Research Centre, said that the strategy had an important focus on critical infrastructure systems.

“If one of these systems was brought down by a cyber attack it has a cascading effect and can inflict significant damage across the supply chain and impact our way of life,” she said. “That’s why expanding what defines critical infrastructure is important. We congratulate the federal government for looking at this issue holistically, with a long-term view.”

The industry also largely welcomed the strategy’s opportunity for more cyber skills development in Australia. The Cyber Security Strategy earmarked a total of $77 million for a Cyber Security National Workforce Growth Program and a Skills Partnership Innovation Fund.

Aidan Tudehope, managing director at Macquarie Government, said COVID is the greatest economic crisis in 100 years.

“The cyber security sector is a key sector to provide the jobs of the future,” he said. “The various government agencies responsible for implementing the strategy need to use it to help address the mass levels of unemployment being experienced across Australia. We can’t afford to wait two-to-three years when it will be too late to innovate our way out of this crisis.

Antoine Acklin, Head of Architecture and Professional Services at Rackspace Technology, said the increased public visibility of cyberwarfare has become the catalyst for the Australian government’s refocus on its strategy.

“The response does a good job of providing statements to an area of digital strategy that has long been underserved and possibly forgotten,” Acklin said. “Unfortunately, it falls short of addressing the data privacy or governance concerns in a manner that is both actionable and measurable. It’s not a matter of ‘if’ but ‘when’ Australia will see forces that will truly threaten our national security and current way of life.”

More related stories

Nation

‘Instruments of fear’: Fresh anti-Semitic attacks prompt calls for tougher penalties

Anti-Semitism is ‘an evil still spreading in our neighbourhoods’ said the Anti-Defamation Commission chair, as multiple vehicles and properties were plastered with graffiti in Sydney’s eastern suburbs overnight.

Read more

Politics

Dutton slams PM’s office leaks for police silence on caravan terror

The Opposition Leader has attacked the Albanese government's integrity, claiming repeated leaks would deter authorities from sharing investigations, including the thwarted caravan terror attacks on major Jewish sites.

Read more