Australia has acknowledged for the first time that it is prepared to strike back against foreign cyber attacks and take “offensive” action to protect the nation’s interests.
The message that the government is ready to “deter and respond to malicious cyber activities”, comes amid a $230 million cyber security strategy to be announced by Prime Minister Malcolm Turnbull on Thursday.
The first update to the nation’s cyber attack plan since 2009 will largely be spent recruiting 100 more police and cyber specialists to boost the fight against “foreign adversaries”, both state-sponsored and those linked to organised crime, and also widen information sharing between business and government.
China, Russia, North Korea and Iran are among the nations suspected to be the most active in launching daily “cyber crime intrusions” against government, business and people in Australia.
In the past six months, the computer system at the Bureau of Meteorology experienced a “massive breach”, believed to have originated in China, and it was reported that 97 federal agencies were told to encrypt more data amid “hundreds” of attempted intrusions a month.
The extra resources come on top of $400 million allocated over a decade in the Defence white paper to pay for cyber defence, including a team of experts with hacking experience working for the Australian Signals Directorate whose motto is “Reveal their secrets, protect our own”.
Mr Turnbull will characterise the security strategy as a way to protect and enshrine the personal freedoms associated with the online world rather than the creeping reach of Big Brother.
“The maintenance of our security online and the protection of freedom online are not only compatible but reinforce each other,” he said.
“Australia and Australians are targets for malicious actors – including serious and organised criminal syndicates and foreign adversaries – who are all using cyberspace to further their aims and attack our interests.
“The scale and reach of malicious cyber activity affecting Australian public and private sector organisations and individuals is unprecedented. The rate of compromise is increasing and the methods used by malicious actors are rapidly evolving.”
Mr Turnbull will appoint a new minister assisting the prime minister on cyber security and a new special adviser on cyber security in his department. Foreign Minister Julie Bishop will appoint Australia’s first cyber ambassador.
The Australian Cyber Security Centre, which is housed inside the headquarters of the Australian Security Intelligence Organisation in Canberra, will be moved to encourage more interaction with business.
A “joint threat-sharing centre” will be established in a capital city, with plans for one in each state capital over time.
The 46-page strategy document confirms that resources have already gone into “offensive cyber capabilities”.
“Australia’s defensive and offensive cyber capabilities enable us to deter and respond to the threat of cyber attack. Any measure used by Australia in deterring and responding to malicious cyber activities would be consistent with our support for the international rules-based order and our obligations under international law,” the strategy document states.
The United States has long used offensive cyber powers. In 2010, the US National Security Agency reportedly deployed the the “Stuxnet” worm that infected control systems and disabled Iranian nuclear centrifuges. Iran responded with cyber intrusions on US banks.