“The ANU cyber attack was a sophisticated effort with specific goals in mind. Rather than stealing intellectual property, personal information was the aim,” says political columnist MICHAEL MOORE. 

WORRIED about cyber attacks? The reality is that these attacks are scary. 

Put yourself in the shoes of the 300 or so Australian National University graduates and students who received an email from the university to let them know that their files had been hacked.

The ANU cyber attack was a sophisticated effort with specific goals in mind. Rather than stealing intellectual property, personal information was the aim. 

Intellectual property would be understandable with one of the world’s leading research facilities. Targetting personal details is much more sinister.

Sinister attacks are becoming more common. Victorian rural health facilities were also recently hit by “ransomware” attack with patients in serious need of treatment for cancer, for example, transported from La Trobe to Melbourne for treatment. Surgery was cancelled in some hospitals.

Labor’s spokesperson on Cyber Security Tim Watts pointed out the lack of preparedness of the Federal government. He accused the Morrison government of a series of failures in the implementation of the 2016 Cyber Security Strategy. A minister had been appointed on this issue by Malcolm Turnbull, as was consistent with the strategy.

However, when ousted by Scott Morrison the specific ministerial position disappeared. The four-year strategy was taken over by Home Affairs and the government claims to have invested $230 million. Consultation is now under way on the 2020 strategy which will also be for four years.

The government itself points out: “Since the release of the 2016 Cyber Security Strategy, the cyber-threat landscape has shifted and evolved dramatically. 

“The magnitude of the threats faced by Australian businesses and families has increased. They will become more acute as our society and economy become increasingly connected”. Scary enough?

The government adds “as the threat evolves, so too must our response”. On the flipside, according to Tim Watts, speaking on ABC Radio National to Hamish Macdonald, reports of the auditor-general indicate that only 27 per cent of Federal departments are appropriately cyber secure, that “they have taken the kind of steps necessary to protect them against these attacks”. Watts goes on to suggest that “it is probably worse for state, territory and local government”.

The auditor-general also urged government entities to avail themselves of the Australian Cyber Security Centre.

The ANU has made public its report in the hope of raising awareness of the style of attacks that are possible. In that case there were four waves of “spear phishing” attacks, indicating increasing sophistication. Additionally, the attackers had spent significant effort to cover their tracks.

These sort of attacks raise significant issues for ordinary individuals. Many understand the importance, for example, of having a shared medical health record. For the individual there is convenience and access in a medical emergency. Governments can use the epidemiological data to make more effective decisions regarding the appropriate use and targetting of resources.

However, if an individual’s private health information is vulnerable to cyber attack, then more and more people will opt out of the personal My Health Record system. With around three quarters of government departments assessed as not being “cyber-resilient” by the National Audit Office, why would ordinary citizens trust the government with such information?

Our vulnerability goes further. Do Canberrans wonder where their information goes when they put registration information into some of the Wilson car parks? 

Wilson Offshore Group Holdings (BVI) Limited is the entity that ultimately controls all Wilson’s Australian operations. It is not just parking. Wilson also holds contracts with multiple government departments including some of Australia’s offshore detention centres as well as with Defence, the Australian Tax Office and the Department of Prime Minister and Cabinet.

The reality is that Australians are cyber vulnerable; personally, through their governments and through many of our institutions. This might explain Tim Watts’ call for a “threat-sharing portal” and his frustration in not being able to “see how a number of proposals from that (2016) strategy were followed through”.

The issue of cyber security is real. It is scary. Spending in defence against this threat might just be a better investment than the billions spent on yet another submarine.