June 11, 2021
A major company in charge of critical infrastructure refused to comply with Australia’s cyber spy agency for weeks after it was hit by a significant cyber attack.Australian Signals Directorate director-general Rachel Noble has revealed her agency found out about the cyber attack through media reports despite the incident having a “national impact on our country”.
The extraordinary disclosure comes as the nation’s security agencies push for new obligations on owners and operators of critical infrastructure to provide details about their networks.Prime Minister Scott Morrison last year revealed a wave of sophisticated cyber attacks on all levels of government, industry and critical infrastructure including hospitals, local councils and state-owned utilities. Australian security agencies believe China was behind the cyber raids, but the government decided not to publicly name the state actor involved.
Federal Parliament’s security and intelligence committee is currently reviewing new laws that would allow the government to declare an emergency to give agencies such as the ASD the power to plug into the networks of critical infrastructure to fend off major attacks.
Asked by the chair of the committee, Liberal senator James Paterson, whether all companies cooperated with the ASD when they had been hacked, Ms Noble said “that is not our lived experience”.While she said there were some “wonderful examples of incredible cooperation”, she wanted to tell the parliamentary inquiry what “bad looks like”.“This is a real example but I’m not going to name names, that’s really important: we find out something has happened because there are media reports,” she said.“Then we try to reach out to the company to clarify if the media reports are true, and they don’t want to talk to us.“Five days later, we’re still getting a very sort of sluggish engagement of trying to get them to provide data to us and deploy some of our tools... that goes for 13 days, this incident had a national impact on our country.“Three months later, they get re-infected, and we start again. That is the sort of scenario where this legislation actually gives us the authority through [the Department of] Home Affairs more leverage [to intervene].”Ms Noble said sometimes the ASD was forced to use its “very senior level contacts” in the government who “might know members of boards or chairs of boards to and establish trust and build a willingness to cooperate”.
“We have at times then spent nearly a week negotiating with lawyers about us even being allowed to obtain just that basic information [data from network],” she said.
The ASD boss said the threat environment in the cyber world was “definitely deteriorating“.“To give you evidence of that, there’s been a 60 per cent increase in ransomware attacks against Australian entities between this year and last year,” she said.“One of my US colleagues recently said that she thought there was a significant risk of catastrophic cyber attack in the United States. My contention is actually if you’re JBS, or if you’re Nine or you’re Toll Group – all very brave companies who have spoken publicly about what’s occurred on their networks – those catastrophes have already happened.”“We see both state-based actors and also criminals operating against Australian entities. They’re motivated by a range of different imperatives. Anything from espionage to generating influence or actual interference to preparing to or actually disrupting degrading or denying services, not to mention just the pure criminal motivation of stealing money.”
Home Affairs secretary Michael Pezzullo said cyber attacks would “soon reach global pandemic proportions”.
“This has been building for about five years but it has accelerated over the course of the global pandemic,” he said.
”Basic cyber security protections will always help, but malicious actors such as cyber criminals, state-sponsored actors and state actors themselves, will defeat the best defences that firms, families and individuals can buy.“Just as we do not rely on home security alarms and door locks to deal with serious and organised crime, we cannot leave firms, families and individuals on the field, on their own."