Australia’s Assistant Minister for Defence Andrew Hastie has said that the country needs to begin thinking about cyber security as a battlefield populated with “grey zone tactics” after both the Australian government and media company Nine Entertainment were hit by cyber attacks.
"We're sitting in the midst of great change,” Hastie told 3AW’s Neil Mitchell during a radio interview on 29 March. “The Prime Minister last year in July gave a speech at the Australian Defence Force Academy, which was the Defence Strategic Update and he mentioned that the Indo-Pacific region is changing.
“We're seeing militaries modernise, we're seeing greater competition. But we're also seeing what we call grey zone tactics, and that is coercive activity below the threshold of conventional war – and cyber is such a tactic, it's part of the grey zone tactics that we talk about.
“And so we need to start thinking about cyber as a battlefield, and we are seeing criminals from one end, to state actors at the other end, looking to undermine Australian individuals, businesses, our parliament, you name it,” he added.
Moreover, Hastie suggested that Australia needed to start thinking and talking about what it means for the country to retain and protect its digital sovereignty.
The comments come after a weekend that saw both the federal government and Nine Entertainment hit by cyber attacks. On Sunday 28 March, the Channel 9 television network told viewers that a cyber attack on its systems had disrupted live broadcasts.
Meanwhile, Hastie has revealed there was an issue over the weekend resulting in Parliamentary email experiencing an outage. Specifically, the government was reportedly forced to cut access to IT systems and emails at Parliament House to protect against a cyber attack.
According to Hastie, the attack was related to an external provider, as yet unnamed.
“The government acted quickly to defend the integrity of the system. So of course, the Australian Cyber Security Centre is working with government, and also Nine, and I'm confident that things are in a good place at the moment,” Hastie said.
Australia’s Parliament was the target of a successful cyber attack in 2019. Reuters subsequently reported that Canberra had determined China was responsible for the hacking attack on Parliament, although Australia never publicly identified that source of the attack, and China denied it was responsible.
In June last year, Prime Minister Scott Morrison said a "sophisticated state-based actor" had been attempting to hack a wide range of Australian organisations for months and had stepped up its efforts recently, again without explicitly naming the source of the attacks or their country of origin.
Now, with yet another attack on Parliament, Hastie has remained tight-lipped on the identity of the culprit.
“Well, it’s actually quite difficult,” Hastie replied, when asked how hard it is to determine which threat actor launched the attack. “And it's a very technical question...and one that I can't really go into here.
“Suffice to say, the Australian Signals Directorate, the Australian Cyber Security Centre, and many of the private enterprises hire the best minds out there, both to defend and also do the forensic work post-hack to work out who was behind it.
“And that takes time. And it's a very challenging thing, but certainly, there are patterns that are emerging and I have full confidence that our intelligence people have a good understanding of what's going on. Like all things, to talk about attribution, we can only do so when it's in the national interest and it's clear, and that's a matter of judgment for the Prime Minister and the Cabinet,” he said.
Regardless, Hastie reiterated the federal government’s $1.3 billion investment in protecting Australia’s digital sovereignty.
“If you can shut down hospitals, if you can shut down our water assets, our power grid, you can cause huge damage, and so that's why we really need to think about this,” he said.