On February 18, Australian Prime Minister Brian Morrison delivered a statement to the Australian House of Representatives reporting that “the Australian Cyber Security Centre recently identified a malicious intrusion into the Australian Parliament House computer network” and that “the networks of some political parties – Liberal, Labor and the Nationals – have also been affected.” Prime Minister Morrison stated that “our cyber experts believe that a sophisticated state actor is responsible for this malicious activity.”
The Prime Minister’s announcement took place nearly two weeks after initial reports that Australian security agencies were investigating a cyber breach of the Parliament’s computer network. At the time of those initial accounts, the Australian Broadcasting Corporation (ABC) reported that their sources said “that the hackers were caught in the early stages of gaining access to the computer network.”
Prime Minister Morrison assured the House that “there is no evidence of any electoral interference.” He added that “[w]e have put in place a number of measures to ensure the integrity of our electoral system,” and that he had “instructed the Australian Cyber Security Centre to be ready to provide any political party or electoral body in Australia with immediate support, including making their technical experts available.”
To date, the Australian Government has refrained from naming any country as responsible for the attack. Some media reporting indicated that analysts deemed China, Russia, and Iran the most likely state actors behind the cyberattack, while the ABC and other media services have focused their suspicions squarely on China.
Note: This cyberattack should be of great concern to companies and government agencies because of its technical sophistication. According to the New York Times, one government cybersecurity expert observed that the attack involved the use of hacker tools ”that had not previously been seen,” which was one factor that made it difficult to identifying the cyberattackers. The Times of London reported that intelligence sources “told The Sydney Morning Herald that it bore the ‘digital fingerprints’ of Beijing and the sophistication was ‘unprecedented’.” The Times’s account also cited a story by the Australian Financial Review that “quoted an intelligence official as saying the attack had used new techniques to penetrate networks. ‘It’s been a long time since we’ve been faced with an actor with this level of sophistication,’ they said. ‘This trade craft is good. This actor is good’.”
Regardless of which state actor – China, Iran, North Korea, and Russia all being plausible candidates – is behind the attack, Chief Information Security Officers (CISOs) and Chief Compliance Officers (CCOs) should draw two lessons from this incident. First, they need to take it as further confirmation that their companies and agencies need to harden their cybersecurity defenses substantially. Second, they need to make the case to their Chief Executive Officers and boards that their companies’ cybersecurity programs need sufficient human and financial resources to meet the latest generation of sophisticated cyberthreats.
Unfortunately, many companies fall far short of that standard. As the recent Ponemon Institute survey of cybersecurity professionals stated, 44 percent of the experts surveyed responded that they were not confident that their organizations could avoid a data breach and 23 percent responded that they were only “somewhat confident,” and 67 percent said that “they do not have the time and resources to mitigate all vulnerabilities in order to avoid a data breach.” Any CISO or CCO who shares those views needs to state them immediately and plainly (and repeatedly, if necessary) to senior management, if their enterprises are to reduce the odds of future calamity from increasingly sophisticated cyberattackers.