Australian Electoral Commission battens down the cyber hatches
When looking at the global threat landscape, high on the priority list for Prime Minister Malcolm Turnbull is the need to thwart the efforts of foreign powers to influence the outcomes of democratic elections, Jacob Boyle from the Department of the Prime Minister and Cabinet told the Emerging Cyber Threats Summit in Sydney on Wednesday.
Using the alleged interference from Russian actors in the lead up to the 2016 United States presidential election as his reference, Boyle said it's the "hack and release of sensitive information from the US Democratic National Committee" that has emerged as a game-changer for democratic governments across the world, including in Australia.
"The 2016 US presidential election demonstrated how targeted disclosures -- stolen information -- can interfere with processes," he explained. "This interference broke new ground for unacceptable behaviour and tested concepts around public attribution, response, and effective deterrence."
The issue, Boyle explained, is broader than just malicious cyber actors hacking and publishing emails of political parties to embarrass and cause doubt; rather it extends to influencing the outcomes of elections.
"In an Australian context, instead of influencing the outcomes of just a few marginal electorates, any number of electoral commission and political party ICT systems this could have significant effects on our electoral outcomes," he added. "So our office, essentially through Alastair, is taking steps to understand the vulnerabilities of our electoral systems."
While Boyle's official title is Cyber Policy Adviser at PM&C, he is part of a small team that provides support to Australia's Special Adviser to the Prime Minister on Cyber Security Alastair MacGibbon.
"Just last week, Alastair and I met with the Australian Electoral Commissioner and all the state and territory commissioners basically to talk about this and the cyber threats they're facing," he explained.
"We're working closely with the Commissioner to better understand the vulnerabilities and what steps it should be taking to mitigate against these risks."
The Australian Strategic Policy Institute (ASPI) produced a report last month titled Securing Democracy in the Digital Age. The report [PDF], explained that although recent technological developments have expedited the international flow of information, improved freedom of speech in many areas of the world, and increased the quality of interaction, accountability, and service delivery from democratic governments to their citizens, such benefits must be balanced against a longstanding vulnerability of democracy to manipulation that cyberspace has enhanced.
It also says that the proliferation of cyberspace and rise of social media have enriched and strengthened the application of democratic governance.
According to Boyle, ASPI's report -- which also uses the US presidential election as its reference -- is a really good summary of the threats in this context.
"If we look at what's happening overseas there's kind of two broad challenges we face: One is threat to infrastructure ... and also the way information is used prior to elections," he explained.
"That's a much bigger challenge I think that governments can't solve. It has to be a lot of engagement with the social media companies to work out how to validate and fact check a lot of that information.
"We're working closely with the AEC to help with their infrastructure and to make sure they're getting the best possible guidance they can. So like any other organisation they can make judgements about what they need to do to secure their systems because they're best placed."
When asked if the government feels the AEC would come out on top if it were to be faced with something similar to what happened in the US, Boyle said nothing is 100 percent perfect and that the threat is a "growing area of concern".
Also in Boyle's remit is to assist MacGibbon in driving the implementation of Australia's AU$240 million Cyber Security Strategy, which is aimed at defending the nation's cyber networks from organised criminals and state-sponsored attackers.
Just over 12 months into the four year program, Boyle said on Wednesday that those involved have completed six of the 33 initiatives that MacGibbon previously called ambitious. He explained there has also been "pretty good" progress against 11 of the initiatives.
Even though the strategy is only a quarter of the way through, it is undergoing review.
"I think there's a parallel there with how a business would think about cybersecurity," Boyle explained. "They shouldn't just be putting a strategy in place for four years and thinking that's going to solve all their problems. If they don't continue to look at it and assess -- the landscape is evolving much quicker."
According to Boyle, the government is constantly looking at what is and what is not working and looking for ways it can improve, which is done through MacGibbon "talking to as many people in the ecosystem" as he can.
"Our office is continually doing that ... We're always looking to review it to make it as effective as possible," he added.
Although tight-lipped on the specifics, Boyle said his department will be soon publishing a report into the threat landscape from the Internet of Things.