Education minister Dan Tehan says a new taskforce intended to combat “foreign interference” in universities will include a cyber security working group.
Universities must act “to protect the valuable information they hold where it is in the national interest to do so,” the minister said during an address today at the National Press Club. “On cyber security and foreign interference, the sector has responded in a way that demonstrates it is taking the issue very seriously, in line with community concerns.”
Tehan said the government was working with the university sector to “develop best practice guidelines for dealing with foreign interference”.
“We are doing this together because it is in everyone's best interests to do so,” he said. “According to the latest advice from the Australian Cyber Security Centre, the targeting of Australian universities continues to increase.
“This advice says universities are an attractive target given their research across a range of fields and the intellectual property this research generates.”
He said that “state-sponsored cyber adversaries” may also use university networks as to help conceal their activities in Australia “to their reliability and high and varied traffic”.
“When it comes to foreign interference we are providing clarity at the intersection of national security, research, collaboration and a university’s autonomy,” Tehan said.
Universities and government agencies have produced a “roadmap” for the development of guidelines to address security issues, Tehan said.
Last month the Australian National University announced that it had uncovered details of a major data breach. Some 19 years of university data including the personal details of staff, students and victors was accessed by what ANU described as a “sophisticated operator”.
In a separate incident, in 2018 ABC reported that Chinese-based hackers were believed to have illicitly accessed ANU systems.
Also in June this year, the Australian Catholic University revealed that a number of staff email accounts and some of its systems had been compromised by a phishing campaign.
Defence Trade Controls Act
Tehan said that today that work is underway to “develop practical risk-based legislation proposals to address identified gaps in the Defence Trade Controls Act”.
“The act is designed to prevent the transfer of defence and dual-use technology to those who may use it contrary to Australia’s interests,” the minister said.
The work on Australia’s defence exports regime involves representatives from government agencies, universities and industry, Tehan said.
In notes prepared for an address at the Defence and Industry 2019 Conference, held earlier this month, secretary of the department, Greg Moriarty, warned that the “time it takes for new technologies to get weaponised is reduced”.
“We are seeing now a different scale, one that’s no longer industrial and can involve much smaller actors. How do we protect against this?” Moriarty said.
“Ministers are thinking a lot about how we prioritise protecting the technology produced by Australia. Security is about much more than cyber or robust security arrangements. There are a range of security threats, they are changing and evolving. We must be increasingly cautious of vulnerabilities.”
“It is very much part of our partnerships and how we share this risk,” he said.
“We must adjust to deal with contemporary threats. “How we manage this – refresh legislation – must not stifle innovation and agility – the real and shared challenge is striking the right balance.”
Cryptography is among the ‘dual-use’ technologies covered by the defence exports regime. Earlier this year the Defence Export Controls office came under fire after it decided to not renew a general permit allowing relatively unrestricted international collaboration on cryptography research.
The Department of Defence has indicated it is considering the reintroduction of “two-step” permit system, which was first launched in 2017 on a trial basis.