Experts say that private industry has been one of the most glaring vulnerabilities in Australia’s cybersecurity. Tuesday’s report, the Australian Cyber Security Center Threat Report, noted that 734 private-sector systems of “national interest” were affected by cyberattacks last year.
“Certain companies take cybersecurity quite seriously,” said Alana Maurushat, academic co-director of the Cyberspace Law and Policy Center at the University of New South Wales in Sydney. “But you have key industries to Australia who — while there may not be the same media coverage — you know through internal sources are being breached. Our mining industry has notoriously been rumored to have been breached by competitors.”
Ms. Maurushat said that Australia as a whole was not far behind the rest of the developed world’s level of cybersecurity, but emphasized concerns about its private sector.
“The crazy thing about this is that they don’t even know that they’ve been breached,” she said. “There are certain breaches that occur, and there are studies on this, where sometimes someone would be on your system for almost a year, without the breach even being noticed. That’s the stuff that keeps me up at night.”
A cybersecurity report released this year by Telstra, the country’s dominant telecommunications company, said that 59 percent of surveyed companies in Australia had detected a security breach on at least a monthly basis. A similar number reported experiencing at least one ransomware attack. Over half of Australian organizations that came under such an attack paid the ransom, the report said.
Ms. Maurushat said that, in part, Australia’s private-sector cybersecurity was lacking because of an acute shortage of skilled workers.
The government report also noted “extensive” state-sponsored activity against Australia’s government, saying that its defense contractors continued to be targeted by foreign nations’ cyberespionage efforts.
At a news conference on Tuesday, Mr. Tehan said that the government was pivoting toward offensive capabilities to “prevent and shut down safe havens for offshore cybercriminals.”
Last year, the Australian government blamed foreign actors for an attack on its online census portal.
“The whole census thing — that’s an I.B.M. mistake,” Ms. Maurushat said, referring to the technology company’s contracting role in the census. “That’s not a government mistake, that’s an industry mistake, from a company you wouldn’t expect to make those errors.”
In a settlement over the census problems, I.B.M. paid the government about 30 million Australian dollars, or about $23 million.
Not unlike vaccines and herd immunity, Ms. Maurushat said, a government’s cybersecurity is only as strong as those it chooses to share its data with.
When asked whether Australia’s lagging digital infrastructure and poor internet speeds might have a detrimental effect on its security, Ms. Maurushat said that a beleaguered attempt to speed up Australia’s internet, the National Broadband Network initiative, may prove to be a silver lining.
“It’s the opposite,” she said, adding that hackers rely on fast internet speeds. “So in some ways, if the N.B.N. is a disaster, it might be better for us.”