Prime Minister Scott Morrison this week revealed that Australia’s major political parties were the target of a recent cyber attack. The Australian Cyber Security Centre (ACSC) identified a malicious intrusion in the Parliament House computer network. It was later discovered that the Liberal, Labor and National parties had also been affected.
Intrusions and data breaches occur every day in cyberspace. Total prevention is impossible.
The government has stated that a “sophisticated state actor” is behind the attack, but has not provided official attribution.
Australia is just three months out from a national election and, while the government has stressed there is no evidence of any electoral interference, the attack serves as a warning to democracies around the globe. More than a third of the world’s population will vote in national elections this year.
Is this a security failure?
On the issue of cybersecurity, no government can give absolute guarantees.
Deterring, disrupting and denying cyber attacks should be the primary focus of governments, a responsibility also shared with private enterprise. But intrusions and data breaches occur every day in cyberspace. Total prevention is impossible. The public discussion around cyber security needs to be clear-eyed enough to move beyond technical prevention to incorporate a framework for resilience.
Like terrorism and climate change, cyber attacks are here to stay.
The hard truth is that corporate systems do get compromised and attack paths cannot always be anticipated. However, in this instance, Australia’s four major political parties (Liberal, National, Labor, and Greens) were aware of the potential threat.
In 2017, the parties were warned by intelligence officials about the dangers of state sponsored cyber espionage. In 2018 each party received grants of up to $75,000 to help improve their cyber defences.
This latest attack has been labelled “unprecedented” in its level of sophistication. It should serve as a wake-up call for each of the major parties to fund their own security and to stop relying on the public purse.
Should the cyber attack have been made public?
Despite their frequency, the West has been slow to be more transparent about cyber attacks. The received wisdom was that admitting you’re a target only makes you a bigger target.
But transparency is vital.
On the same day news broke of the cyber attack on the Australian parliament, the British parliament’s Digital, Culture, Media and Sport Committee published its final report into fake news and disinformation. On the subject of foreign electoral interference, the report found:
The speed of technological development has coincided with a crisis of confidence in institutions and the media in the West. This has enabled foreign countries intent on destabilising democratic institutions to take advantage of this crisis.
As Australia’s Prime Minister noted in his statement to the House of Representatives on cyber security:
Australia’s democratic process is our greatest asset: our most critical piece of national infrastructure.
Informing the public of the intrusion was imperative.
Will we ever know who’s responsible?
Alastair MacGibbon, Head of ACSC, has stated that there are “only a handful of states” capable of such an attack. But tracking and verifying the provenance of an adversary is never assured.
The 2019 Global Threat Report by US cybersecurity firm Crowdstrike highlights four prominent nation-state adversaries who were “continuously active” throughout 2018. They comprise China, Russia, North Korea, and Iran.
This latest intrusion throws a spotlight on the conflict shaping the international security environment and threatening democracy.
Cyber attacks occupy a space between war and peace. They sit in a “grey zone” free from the constraints of geography and territorial boundaries – asymmetric and easily deniable.
While not a violation of Australia’s sovereignty under international law, the cyber attack on Australia’s political parties is as close as it gets.