CYBER-SPYING

Posted on by under Defence
Defence Signals Directorate

Defence Signals Directorate (Photo credit: Wikipedia)

There’s a good reason cyber-spying has become so popular recently.

It’s remarkably effective – particularly if you leave your defences down.

Sadly the current situation in Australia appears to be far from happy, as this report in today’s Canberra Times suggests . . .

THE LOST BATTLE

The real point of the excellent 4 Corners report on Tuesday was not simply to alert us to China’s enthusiastic embrace of cyber-espionage. Spying has long been an integral part of our relationship with Beijing, ever since the Hawke government decided to go ahead with a foolish project to stud the walls of the Chinese Embassy that was then being built on the shores of Lake Burley Griffin with listening devices. That’s why workers from China have been imported to build its new annex. It’s also why tents and tarpaulins have been used to cover the building site. We’ve done it; they do it too.

What has changed – and quite dramatically – is who’s winning the contest. At one time Western electronic intelligence and espionage techniques were so far ahead of the rest that a casual sense of superiority pervaded our willingness to engage. That’s not the case today.

Julia Gillard has claimed Andrew Fowler’s report was “inaccurate”. Undoubtedly she obtained some kind of legalistic opinion for this statement that will establishing that she hasn’t misled parliament. But I suspect that this relies on nitpicking pedantry in addition to the opaque walls of security that continue to prevent journalists from exposing her statement as both a fraud and a lie.

Crucially, one of Four Corners’ key revelations has largely been passed over by a media obsessing over the floor plan of the new ASIO headquarters. Some weeks ago, this column first became aware of a separate hacking attack on one of our critical national security departments. It’s has been impossible to ascertain exactly what happened; however it’s understood entry was via the back door. This means the spies used electronic communications between other government departments to effectively ‘usher’ them in.

When he was Defence Minister, John Faulkner allowed the press to visit the Cyber Security Operations Centre. Located deep in the restricted area of the security precinct at Russell Hill and operated by the Australian Signals Directorate (formerly the Defence Signals Directorate), most people assumed that this facility was guarding the electronic networks across government. It now appears that was not the case.

Apparently, bureaucratic rivalry had led one department, believed to be Prime Minister and Cabinet, to think they could do better then the specialists. Offers to co-ordinate cyber defences were rejected. High walls were established facing the front to prevent any entry from that direction. These possessed secure gates and drawbridges to ensure nothing could penetrate the defence. Unfortunately, the rear was left completely open. The cyber-spies easily hitchhiked their way in, carried on internal, inter-government communications. It’s understood that once inside the infiltrators then wandered at will through the network, compromising classified information and removing copies of massive numbers of documents for future analysis. According to one estimate more than eighty percent of the files were compromised: everything except documents protected at the highest level of security.

Defence has refused to comment publicly on this attack, except to say “Australia is experiencing increasingly sophisticated attempts to infiltrate networks in the public and private sectors”. Interestingly, however, this week the ASD was stripped of even its thin vestige of control over cyber security. Instead ASIO has been tasked with the job of protecting the networks. Some Defence insiders are reportedly flabbergasted at what they perceive to be the transfer of responsibility to an organisation they characterise as amateur hour. A person previously engaged in this area referred to the perceived inability of ASIO to manage cyber defence by caustically referring to the song “send in the clowns”. It’s understood the startling move is being justified because maintaining the security of the Internet is seen as a civilian responsibility, in the same way as securing the operation of roads and ports.

Opponents emphasise that ASIO lacks the experience and expertise that the ASD has developed over decades of operation in this area. Some suggest it will result in the duplication of some capacities while critical areas remain naked because of poor understanding of vulnerabilities.

Perhaps surprisingly, in other areas Australia’s capacity to understand this new form of warfare is remarkably developed. Earlier this year Lockheed Martin very quietly announced the opening of a cyber-warfare hub here in Canberra – one of only three in the world. A significant reorganisation of its international divisional structure has seen it expand extensively into in this field with the development of both defensive and offensive capabilities. The company, once known simply as a producer of conventional military aircraft and equipment, has recognised that the national security environment is changing. There’s nothing inherently agile about a huge multi-national, yet Lockheed Martin has managed to reform its structure to meet the requirements of a new situation.

Unfortunately significant doubts remain suggesting the government has not yet understood the new challenges of the cyber domain. Layers of security from journalistic oversight remain, providing cover for inadequate political responses and poor bureaucratic management. There is no evidence that government is developing effective measures that will allow it to deal with these new threats.

 

Leave a comment