With global tensions rising as Russia prepares to launch its invasion of Ukraine, online activity and espionage by state-based actors has soared, says the head of the Australian Cyber Security Centre (ACSC).
Abigail Bradshaw told the MilCIS (Military Communications and Information Systems) conference in Canberra ACSC had observed a sharp rise in cyber criminal activity with the onset of the Covid pandemic.
In the same period, ACSC had observed state-based actors targeting all levels of government, private organisations and industry.
“There is a general trend which we observe and that is when global tensions rise, when there is power conflict, when there is scepticism or uncertainty about what will happen next, state-based actors and espionage all increase,” she said.
Bradshaw said that was because state-based actors were trying to obtain as much information as possible to reduce the uncertainty about what is happening next.
“In case you haven’t noticed, today, yesterday and tomorrow, it is on and it is on at a whole new level,” she said.
MilCIS heard from a range of speakers discussing the changing landscape of defence communications and information systems.
Defence chief technology officer Justin Keefe said technology and technological convergence, especially over the last few years meant that no longer could Australia assume it would enjoy a capability edge over any potential adversary.
“We are moving more and more quickly to a convergence of people, sensors and platforms and this will change fundamentally concepts such as command and control, decision making and indeed the information we rely on for those decisions,” he said.
“The processes that gave us surety and confidence, that is robust length investment pathways and detailed capability development frameworks, now work against us.”
Defence is set to release an update ICT Strategy in second quarter which will alter some longstanding assumptions.
“What I am seeking from this revised strategy is to acknowledge the fundamental shift of ICT from what I would contend we viewed in the past as a corporate enabler to a core capability that generates warfighting effects for the ADF,” Keefe told the conference.
He said previous ICT strategies focused on the Chief Information Officer Group (CIOG) as a backroom corporate enabler, with commensurate resources and funding.
“We need to pivot. Our reference strategy will be accompanied by an action plan that will prioritise our effort on transforming the secret environment, improving connections across security domains and interoperability with our domestic and international partners,” he said.
“We need to evolve our procedures and processes, otherwise we will not keep up with the speed of the threat.”
Rob Doughty, assistant secretary for ICT architecture within CIOG said the threat landscape was ever evolving and the risk continued to escalate.
“How we protect against exploitation by adversaries and nefarious actors is a real risk and therefore should be at the heart of everything we do,” he said.
Doughty said in this environment there was always more that we could be doing. New and emerging technologies and were changing tools to support different missions.
He said all that provided a foundation for moving to a zero trust network, which took the approach of never trust always verify. All networks, no matter the location, were always assumed to be hostile and monitored continuously.
“This is a fundamental change in approach to security,” he said.