Surprise, surprise, a report out by the government’s new Australian Cyber Security Centre finds communications networks in Australia are under more threat from hackers than ever before at a time when the government would like to gain access and control to more of those networks for “national security” purposes.
The ACSC was set up last year to sit in the Attorney-General’s Department but works across a number of the AGD agencies on cyber security issues.
The agency’s 2015 Threat Report, dropped overnight to The Australian before being released to everyone else this morning, claims a range of so-called “cyber adversaries” are targeting Australia and its networks. They tend to be foreign states, organised crime, or “issues-motivated” groups, the report said.
The report found that CERT Australia — the agency responsible for dealing with cyber attacks in Australia — responded to 11,073 incidents affecting Australian businesses, with 153 of those involving “systems of national interest, critical infrastructure and government”.
Australian Signals Directorate — which is responsible for investigating attacks on Australian government networks and critical network infrastructure — responded to 1134 cyber security incidents in 2014, up 20% on the previous year.
This included one incident in which a state government agency had a remote access tool (RAT) installed on four of its servers with administrator-level access to servers and confidential files. It was only discovered and eventually removed after an annual penetration test.
The ACSC report called for partnership between the government and private sectors to ensure greater security for networks, but the timing of the report is curious as it comes as Attorney-General George Brandis is facing backlash from the telecommunications industry over the latest round of “national security” legislation giving the government even more access to private telecommunications networks.
The industry has reached the point — after being forced to bear most of the costs for the data retention scheme, the piracy site-blocking scheme, and the three-strikes codes — where telcos have had enough and are finally pushing back against the government.
At a recent telecommunications dinner, during which Communications Minister Malcolm Turnbull helpfully poked fun at Brandis’ lack of technical expertise, one industry observer referred to the impact of the government’s current obsession with national security on the telecommunications industry as Liberal red tape, or rather “blue tape”.
The latest round of blue tape — the Telecommunications Sector Security Reform (TSSR) legislation proposed by Brandis last month — would allow the secretary of the Attorney-General’s Department to dictate what telcos can and cannot do or install in their networks, and would require telcos to hand over any information the secretary wants, or face fines.
The government would also have oversight regarding what network gear companies could purchase.
This added oversight would cost the industry $558 million to set up, and cost each telco $184,000 each year in ongoing costs.
The cost, not to mention the intrusion into a company’s ability to make decisions about its own investments, appears to have been the straw that broke the camel’s back for the telecommunications industry in Australia. A draft submission from the industry representative groups including the Communications Alliance, the Australian Industry Group, and the Australian Mobile Telecommunications Association said that the legislation was a “regulatory overreach” and handed intrusive powers to the government.
They warned it would limit new private infrastructure investment in Australia — something the current government is quite keen to do — and would potentially reduce competition in a sector already being consolidated thanks to the National Broadband Network.
Brandis doesn’t appear to be backing down just yet, though. He told journalists on Friday that the legislation was developed after extensive consultation, but said more work would be done before the legislation is introduced.
“The very reason we published an exposure draft was to solicit that feedback from the industry and we will be considering carefully the observations that the industry has made in finalising the legislation,” he said.
The industry took this as an admission that the draft would be rewritten, but it seems unlikely Brandis will give in. Given his recent hyperventilating over a motion at the ALP national conference to “review” the data retention legislation it supported — something that was already built into the legislation — it’s not clear whether he will be willing to cede any ground back to the telcos.
Meanwhile, we’re just weeks away from Australian carriers having to submit their plans to the government for how they’ll comply with the data retention regime, while by all reports they’re still not aware of what exactly they’ll have to retain.