Cyber spies mean business: ASIO

From: Financial Review

Christopher Joye

Australian Security Intelligence Organisation director-general David Irvine has personally warned chief executives and company directors of the risks cyber attacks pose for business and privatised power, water, electricity, transport and communication networks.

National security authorities are concerned that business in general, and specifically those which own essential services, including some ex-government utilities, lack adequate safeguards against cyber espionage. Software firm Symantec estimates cyber attacks cost society $4.5 billion a year – more than burglary and assault.

“Electronic intelligence gathering is being used against Australia on a massive scale to extract confidential information from governments, the private sector and ordinary individuals” Mr Irvine said.

“It is used to steal intellectual property, all kinds of defence secrets, weapon designs and commercially advantageous information.”

At private dinners and meetings Mr Irvine and officials from the Defence Signals Directorate have met CEOs and directors to explain the risks of cyber espionage and terrorism because they believe some chief technology officers are not taking the problem seriously.

To protect business, ASIO supports Parliament introducing national security legislation making changes to four laws which would require telephone companies and internet service providers to store for at least two years basic information, such as the type, time, duration and identifiers of messages. ASIO’s concern is that the data, which is the minimum it says it needs to investigate threats, is being discarded by smaller telecommunication companies.

Civil libertarians argue the changes would be an unjustified invasion of privacy and raise the spectre of a security state.

Australia’s intelligence agencies also want telcos to abide by a set of basic security standards in the same way banks must respect capital controls set by regulators.

ASIO and the DSD are worried that cyber attacks by foreign governments for business reasons are coming at a significant economic cost.

State-directed intrusions were “the biggest threat to networks, which makes sense when you think about [state] resources”, said DSD deputy director of cyber and information security Mike Burgess.

“In practice, at least 65 per cent of cyber intrusions . . . have an economic focus,” he said.

When BHP Billiton tried to merge with Rio Tinto in 2010, the networks of the companies and their advisers were broken into by Chinese hackers.

China-based hackers infiltrated seven law firms involved in BHP’s subsequent bid for the world’s largest potash producer.

In February 2011, Chinese agents allegedly penetrated the parliamentary email systems of 10 federal ministers, including Prime Minister Julia Gillard.

Defence Minister Stephen Smith said that in the first nine months of 2012 the number of serious cyber incidents jumped 52 per cent from the same period in 2011.

Officials caution that since most cyber penetrations go unnoticed and the theft of digital assets is a “gun that does not smoke”, the damage is often significantly understated.

While security officials do not want to publicly identify the hackers for diplomatic reasons, many believe the Chinese Communist Party’s “mercantilist” approach to controlling international trade is the cause of most state-based cyber intrusions of Australian assets.

“It’s relatively easy to link the bulk of attacks on our clients to businesses that are working with China as a customer, or competing against them,” said one leading Australian security expert, who asked not to be named.

A former deputy chief of the Royal Australian Air Force, John Blackburn, said: “Australian businesses are chronically underprepared for the spectrum of cyber threats they face. While government understands the gravity of the risks, the wider community and many in business do not.”

Attorney-General Nicola Roxon has referred the national security legislation to a parliamentary committee.

Facebooktwittergoogle_plusredditpinterestlinkedinmail

Leave a Reply

Your email address will not be published.

Please Answer: *