The Australian Signals Directorate (ASD), the nation’s digital spy agency, has issued a stern warning about the potential surge in state-sponsored cyber espionage aimed at Australia’s submarine program. The alert comes in the aftermath of the AUKUS pact, a tripartite agreement between Australia, the United States, and Britain. Through this pact, the U.S. has agreed to share cutting-edge nuclear submarine technology with Australia, turning the spotlight onto the nation’s cyber defense capabilities.
Unprecedented Rise in Cybercrimes
The ASD’s annual online threat assessment has painted a worrying picture of the cyber landscape in Australia. The report noted a significant 23% rise in cybercrimes, accompanied by a 14% increase in the cost of each crime. This increase in cyber activities places not only the private sector but also critical infrastructure at risk. The report specifically mentioned the hacker group Volt Typhoon, backed by China, known for targeting U.S. critical infrastructure. The ASD expressed concerns that similar tactics could be used against Australian targets, significantly the AUKUS initiative.
It estimated there was a hack on Australian assets every six minutes.
In May, the Five Eyes intelligence alliance and Microsoft (MSFT.O) said a state-sponsored Chinese hacking group was spying on U.S. critical infrastructure organisations. The U.S., Canada, New Zealand, Australia and the UK make up the Five Eyes intelligence sharing network.
Techniques used by the China hacking group could be used against Australia's critical infrastructure including telecommunications, energy and transportation, the report said.
“The AUKUS partnership, with its focus on nuclear submarines and other advanced military capabilities, is likely a target for state actors looking to steal intellectual property for their own military programs,” the report said.
“Cyber operations are increasingly the preferred vector for state actors to conduct espionage and foreign interference,” it added.
The spike in cyber intrusions prompted the government in February to set up an agency to help coordinate responses to hacks. It is also overhauling federal cyber laws - details of which are due to be released next week - and the government has said it will make it compulsory for companies to report ransomware incidents.
The average cost of a cybercrime to its victim rose 14%, the report said.
"This sort of evidence gives the government the requirement to have a much closer relationship between industry and government," said Matthew Warren, director of the RMIT University Centre for Cyber Security Research and Innovation.
"Some of the statistics are quite frightening."
The Australian Securities and Investments Commission also said this week that a survey of 700 companies had found 44% did not manage risks associated with third parties like supply chain partners accessing confidential data. It also found that 58% had limited or no measure to protect confidential data and 33% had no cyber incident response plan.
Cyber attacks against Australia will continue to rise until organisations started putting more effort into security and the risk management of their information assets, said Nigel Phair, cybersecurity professor at Monash University.
This month, a cyber incident at DP World Australia, one of the country's largest ports operators, forced it to suspend operations for three days.
The shakeup of the country's cyber security rules was triggered by the 2022 data theft at telecoms provider Optus, which exposed personal information of 10 million Australians.
The rise in cyber breaches is by no means isolated to Australia. However, of significant concern is how relatively large it is as compared to other countries with much larger populations as the chart below (World Economic Forum data) shows:
The extraordinarily high US figure must be of particular concern to Australia if the AUKUS partnership results in the necessary military data sharing likely to be part and parcel of the arrangements.
Some Horror Stories from September 2023
Japan's national cyber defence agency has been infiltrated by hackers, who may have had access to information for as much as nine months, the Financial Times reports. The attack on Japan's National Center of Incident Readiness and Strategy for Cybersecurity began last autumn, with Chinese state-backed hackers thought to be behind it.
The Five Eyes intelligence alliance has detailed how Russian state-sponsored hackers Sandworm are using an Android malware called Infamous Chisel to attack Ukranian soldiers' devices, scan files, monitor traffic and steal sensitive information.
Microsoft has identified seven emerging hybrid warfare trends from Russia's cyberwar with Ukraine. These include weaponising pacifism by amplifying discontent about the war and stoking fears of World War III. Other tactics include demonizing refugees and mobilizing nationalism. "Weaponising" is an appropriate word, given that the outcomes of those trends is likely to result in increased weapons spending.
Cybersecurity Profits Soar
Perhaps learning lessons from the military industrial complex (MIC), the cybersecurity industry is seeing record profits.
The global cybersecurity technology market grew by 11.6% year over year to $19.0 billion in Q2 of 2023. Palo Alto Networks led the market, followed by Fortinet, Cisco, CrowdStrike, Check Point, Okta, and Microsoft.
This along with a less-hawkish Fed made cybersecurity ETFs winners lately. Wisdomtree Cybersecurity Fund WCBR, Global X Cybersecurity ETF BUG, Nasdaq Cybersecurity ETF CIBR and ETFMG Prime Cyber Security ETF HACK – all touched a 52-week high on Nov 14, 2023.
Gartner has recently updated its forecast for corporate spending on cybersecurity, and the numbers are significant. In 2024, Gartner predicts a substantial 14% increase, pushing the total spending on cybersecurity to an impressive $215 billion.
This upward revision is more robust than previously anticipated, with an initial forecast projecting an 11% growth rate. This growth surpasses most other categories of information technology spending.
One notable area of growth in cybersecurity spending is in cloud security products and services. Gartner predicts a whopping 25% jump in spending in this category for 2024, reaching a total of $7 billion. This increase underscores the growing importance of securing cloud-based systems and data.
Gartner anticipates increased spending on cybersecurity services in 2024 to combat evolving threats effectively. CIOs are increasingly prioritizing cybersecurity, with 80% planning to boost spending on cyber/information security in 2024.
Australia Bolsters its Cyber Defense
In response to the escalating cyber threat, Defense Minister Richard Marles announced plans to bolster the capacity of the ASD. The government has earmarked an investment of 10 billion Australian dollars over the next decade to fortify the nation’s cyber defenses. The decision underscores the government’s commitment to protect not only its critical infrastructure but also intellectual property related to the AUKUS pact.
Navigating the Complex Australia-China Relationship
The rise in cyber threats comes at a critical juncture in Australia-China relations. Prime Minister Anthony Albanese recently visited China, marking the first visit by an Australian leader in seven years. The ongoing efforts to improve bilateral relations are fraught with complexities. China is Australia’s largest trading partner, offering immense economic potential. However, it also poses significant security concerns, particularly in the realm of cyber espionage.
The Bottom Line
Cybersecurity/cybercrime is big business. It is no doubt buoyed by the increased focus on military security and its associated "secrets" - a direct result of the hawkish activities of the military industrial complex.
This will be a major, if not THE MAJOR concern of AUKUS Pillar 2 which involves co-development on technologies such as artificial intelligence, quantum computing, cyber, undersea capabilities, hypersonic weapons, information-sharing and electronic warfare (EW). Marles' paltry 10 billion Australian (taxpayers') dollars over the next decade to fortify the nation’s cyber defenses will be a mere drop in the ocean.
Again, look who are the major shareholders/investors in the top end of the IT industry. It would be no surprise to find that the Big Three (Vanguard, BlackRock, State Street) names will figure prominently amongst them. They are major shareholders of Alphabet, Amazon, Apple, Broadcom, Google, Microsoft, IBM, Facebook, Nvidia, Tesla and AT&T for a start.
It's always about the money.
Comments
Post a Comment