Statement on malicious cyber activity against Australian networks
Protecting Australia’s economy, national security and sovereignty is the Government’s top priority.
Based on advice provided to the Government by our cyber experts, the Australian Cyber Security Centre (ACSC), Australian organisations are currently being targeted by a sophisticated state-based cyber actor.
This activity is targeting Australian organisations across a range of sectors, including all levels of government, industry, political organisations, education, health, essential service providers, and operators of other critical infrastructure.
We know it is a sophisticated state-based cyber actor because of the scale and nature of the targeting and the tradecraft used.
The Australian Government is aware of and alert to the threat of cyber-attacks.
The ACSC has already published a range of technical advisory notices in recent times, to alert potential targets and has been briefing States and Territories on risks and mitigations.
Regrettably, this activity is not new – but the frequency has been increasing.
Our objective is to raise awareness of these specific risks and targeted activities and tell you how you can take action to protect yourself.
Cyber security is a shared responsibility of us all. It is vital that Australian organisations are alert to this threat and take steps to enhance the resilience of their networks.
All Australian organisations who might be concerned about their vulnerability to sophisticated cyber compromise can take three simple steps to protect themselves:
- Patch your internet facing devices promptly – ensuring any web or email servers are fully updated with the latest software.
- Ensure you use multifactor authentication to secure your internet accessible infrastructure and cloud-based platforms.
- Become an ACSC partner to ensure you get the latest cyber threat advice so you can take the earliest possible action to protect yourself online.
The ACSC and the Department of Home Affairs has published a more detailed technical advisory with advice for Australian businesses and organisations to protect themselves, which is available.
The ACSC has also been actively working with targeted organisations to ensure that they have appropriate technical mitigations in place and their defences are appropriately raised.
The Government’s 2016 Cyber Security Strategy – backed by a $230 million investment over four years – has strengthened Australia’s cyber security foundations, stimulated private sector investment in cyber security and positioned Australia as a regional cyber security leader. The Government will release a new Cyber Security Strategy in the coming months, which will include significant further investments.
The Government also invested a further $156 million to build cyber resilience and expand the cyber workforce as one of our election commitments and we invested additional funding for a whole-of-government cyber uplift program.
The work of the Government’s Critical Infrastructure Centre and Trusted Information Sharing Network has also been focussed on the threats to critical infrastructure and other systems of national significance.
But there is more to do and we must do this work together – cyber security is a whole of community effort – government, industry, and individuals.
The risks are present and will continue to be present. That is why these investments are necessary and the protections we put in place necessary. The Australian Government will continue to do everything to keep Australians safe.
The Government encourages organisations, particularly those in the health, critical infrastructure and essential services, to take expert advice, and implement technical defences to thwart this malicious cyber activity.
Further information on how you can protect yourself and your business from cyber threats is available at www.cyber.gov.au.