Warning improved Australia-China relations not end to cyber interference

Australia has been warned China used the election of a new government to seek to improve the perception of Beijing, while continuing steady cyber interference.

Sarah Ison

@@sarsison

2 min read

12:00AMMarch 06, 2023.

Updated 9:05AMMarch 06, 2023

US retired Admiral Mike Rogers is the former head of the US National Security Agency. Picture: The Australian/Gary Ramage

China has used the election of a new government to seek to improve the perception of Beijing for ordinary Australians, while continuing steady cyber interference behind the scenes, the former head of the powerful US National Security Agency, Mike Rogers, has warned.

And the automation of industries such as mining provides more lucrative targets for cyber-attacks from state and non-state actors than ever before.

“(Australia has) created this amazing capacity to move massive amounts of core minerals or metals … you’ve automated the process,” he told The Australian in a broad-ranging interview. “The flip side is … you’re also increasingly a greater potential target (for attacks).” He said that Australia’s involvement in AUKUS, the Quad and other high level groupings also “increased interest” in the country as a target for cyber-attacks from nation states and criminals alike.

While agreeing there appeared to have been an improvement in the diplomatic relationship between Australia and China, Mr Rogers warned this would not flow through to the level of cyber interference Beijing conducted against Canberra.

“Historically for me as I look at the Chinese, I don’t see a direct correlation between the level of rhetoric and the level of cyber activity,” he said. “They have a sustained level and focus in cyber that is somewhat detached from the broader day to day geopolitical (situation).”

Optus suffered a major hack last year. Picture: NCA Newswire/Gaye Gerard

Medibank was also hacked. Picture: NCA Newswire/Gaye Gerard

In comments made during a visit to Australia as part of his advisory work for firms such as CyberCX and Bondi Partners – founded by former treasurer Joe Hockey – Mr Rogers cautioned against the Medibank and Optus cyber-attacks being viewed as “isolated incidents”.

“I would not view them as isolated incidents that won’t (be) repeated,” he said. “The trends I see in the rest of the world are applicable here … both criminal actors and nation states are getting more aggressive, increasing their capability and the impact of some of their activities growing in visibility and in significance.”

He said despite the strong response from the public and the government to the two major hacks conducted by criminal gangs, the outcry would act as more of an incentive than disincentive for future attacks.

“It acts almost as a bit of incentive in the sense that they (cyber criminals) see effect and they see impact and they say to themselves, hey, is this something that perhaps we could replicate?”

It comes as figures released by SECNewgate reveal two thirds of Australians are concerned about the risk of cyber criminals stealing their personal information, with most supporting stronger rules being put in place around how much data organisations should be allowed to collect.

Almost 80 per cent responded they did not believe paying a ransom to cyber criminals should be allowed, while the government currently considers whether to make paying ransoms illegal.

‘Need to do better’: ASIO ‘shrugging its shoulders’ at security camera breach

But Mr Rogers said he was personally “leery” about the paying of ransoms becoming a criminal offence.

“There are discussions in the US along the same lines,” he said.

“I’m always leery about … a one size fits all. For example, when it comes to companies thinking through should (they) pay or not, one of the things I always asked is are (they) in a situation in which the potential to not regain functionality or access to your data potentially leads to loss of life or injury?”

But Mr Rogers did welcome the recommendations of the privacy review handed to Attorney-General Mark Dreyfus that would give individuals the power to take companies to court if the personal data they handed over was breached by hackers.