In an exclusive interview with The Australian, the head of the new Australian Cyber Security Centre, Stephen Day, also revealed that a cyber-terrorist attack was “an absolute possibility” as rogue groups become better resourced.
Major General Day said a high-level review of the nation’s cyber-security strategy being conducted by the Prime Minister’s Department was “sensible” given the speed at which the threat was evolving.
“We are in an arm-wrestle between those who are trying to defend and those who are trying to get around us (and) at the moment, because there is a general lack of awareness, those who would do us harm are at an advantage,” he said. “But we are going to catch them.”
General Day, who was appointed to the national role last November, said state-sponsored espionage was a growing concern, with foreign governments now regularly targeting public and private networks.
“There is a troubling increase in nation states stealing intellectual property from not only government, but also from industry,” General Day said.
“I don’t know if all countries are doing it, but an increasing number of nation states are playing in this space.”
Targeted areas include diplomacy, defence and national security information, along with Australian corporate know-how.
“The risk has always been there, espionage has been around for a long time … but the level of activity going into the stealing of intellectual property from big corporations is at a greater level than we have seen before.”
General Day said the rising threat was being addressed by telecommunication companies, resource companies and banks, but they were “islands of experience ... in a sea of blissful ignorance”.
The warning comes as The Australian can reveal a 20 per cent increase in cyber-security “incident responses” last year, of which more than half were state-sponsored.
Most of these targeted the non-government sector, but 35 per cent of the 1131 incidents targeted federal government departments and 8 per cent state and local government.
An incident response is activated only for the most serious attacks, and can include defence specialists being deployed to prevent intrusion into Australian networks.
General Day said while Australian governments had made progress co-ordinating defence efforts, the community was still vulnerable.
The three main threats facing the country were foreign espionage, online crime — ranging from opportunistic online theft to organised-crime syndicates, and so-called “hactivists” seeking mass disruption.
General Day said only well-resourced terror groups posed a potential threat, given the sophistication now required to mount an effective attack.
“But some terrorist groups are very well resourced and it is an absolute possibility that they could create significant troubles for national security or economic prosperity,” he said. “We have been working for some years now on improving the defences of the government, but there is a lot of work to be done, there is no doubt about that.”
The government is reviewing its cyber-security strategy for the first time since 2009, with a report expected to be released mid-year.
netizens left a footprint.