Home affairs has warned of grave health consequences if parliament doesn’t approve more critical infrastructure protection.
Cyberattacks Pose Dire Coronavirus Threat In Australia
CANBERRA, Australia — Imagine Australia fighting the coronavirus pandemic without electricity.
That is the dire scenario Home Affairs boss Michael Pezzullo has warned politicians about unless security agencies are given more powers to fight cyberattacks on critical infrastructure.
A bill to give national security agencies powers to intervene in some companies’ networks to block significant risks is before federal parliament.
Pezzullo said the situation was perilous, describing the risk level as deeply concerning,
“Covid’s been dreadful. Covid’s been terrible given the deaths. Imagine trying to do Covid without electricity,” he told a Senate committee in Canberra. “It is as immediate, it is as realistic, and it is as credible a threat as that.”
Parliament’s powerful intelligence and security committee is considering the legislation, which the government wants to be passed by the end of next month.
Pezzullo said international criminal groups and state-based actors were already threatening hospitals and vaccine data in Australia.
He said while cyberattacks on businesses were common, there were major risks for the nation’s critical health, finance, and fuel pipeline infrastructure.
“It is a pressing, urgent problem,” said Pezzullo.
Under the draft laws, companies operating hospitals, communications networks, electricity, transport, banking, food supplies, and defense would face more stringent reporting obligations.
Pezzullo said more connectivity across critical infrastructure made business sense but also left Australia more vulnerable to attacks.
“We see this with hospital systems, we see it with vaccine data, we see it with healthcare providers,” he said. “Cybercriminals tend to be very business savvy, so they will chase opportunity. Typically, the more critical a system, the more critical a data set, the more the critical opportunity there might be.”
“That’s before you get to state actors, and there’s a combination effect of state actors working with criminal actors.”
As per reports by the Australian Cyber Security Center, malicious cyber activity against Australia’s national and economic interests is increasing in frequency, scale, and sophistication. Phishing and spear-phishing remains the most common methods used by cyber adversaries to harvest personal information or user credentials to gain access to networks or to distribute malicious content.
“Cybercriminals follow the money,” states the report. “Australia’s relative wealth, high levels of online connectivity, and increasing delivery of services through online channels make it very attractive and profitable for cybercrime adversaries. Of particular concern are transnational cybercrime syndicates and their affiliates, who develop, share, sell and use sophisticated tools and techniques.”
“There are lucrative underground marketplaces offering cyber crime-as-a-service or access to high-end hacking tools that were once only available to nation-states. These marketplaces also offer less technical but equally valuable cybercrime enablers including personal information and other sensitive data such as compromised user credentials.”
As a consequence, illicit tools, services, and data can be purchased and used with minimal technical expertise to generate alternative income streams, launder the proceeds of cybercrimes and traditional crimes, or undertake network intrusions for non-financial purposes.
(Edited by Vaibhav Vishwanath Pawar and Saptak Datta)