A report published today by the CSIRO suggests that as Australia moves its public services infrastructure online and into the cloud, the potential for security breaches through as-yet-undetected vulnerabilities such as Heartbleed could allow online attackers to wreak digital havoc over government networks.
The report said that hackers could soon use similar vulnerabilities in computer security to shut down energy grids, disrupt public services and steal vast amounts of private data worth billions of dollars, unless institutions "take measures today to ready themselves against future Heartbleed-like threats".
The report, Enabling Australia’s Digital Future: Cyber Security Trends and Implications, looks at how a far greater number of future attackers could cause widespread disruption and financial losses by hacking into Australia's digital services and infrastructure, including public services like patient health records and taxation data.
It suggests that the damage from these cyber threats could be "immense", with the potential for the government's healthcare system to be defrauded to the tune of AU$16 billion by 2023; disabling energy grids at critical times and hacking public-sector databases to leak or sell confidential data.
"Despite recently being ranked second in the Asia-Pacific region when it comes to cyber-security capabilities, we need to recognise that our increasing reliance on digital services leaves us potentially vulnerable at unprecedented scales," said James Deverell, director of CSIRO Futures, who spoke today at the CeBIT technology conference about the report's findings.
"The sheer complexity and interconnectedness of different elements of our digital economy means we can expect rapid exponential growth in the number, speed and severity of breaches — far beyond what any single organisation can tackle on its own," he said.
According to the report, the Australian Bureau of Statistics' Personal Fraud Survey indicated that over the 12 month period from 2010-2011 Australians lost AU$1.4 billion as a result of personal fraud. The report also also highlights the recent cyber attacks against government entities.
"In 2011-2012, there were more than 400 cyber incidents against government systems requiring a significant response by the Cyber Security Operations Centre. During the same period, there were reports of 26 'serious cyber threat incidents' to inner Victorian agencies," the report said.
For Deverell, the more the Australian government moves its digital infrastructure online to drive its public services, the more exposed Australians will be to potential security threats.
"The more we rely on digital services for our basic needs like healthcare and energy, the more drastic the consequences of any breach may be,"said Deverell.
"As we begin to develop and embrace these services, it's in our national interest to ensure they're designed with simplicity and transparency in mind from the very start," he said.
The report calls on businesses, public-sector organisations and everyday Australians to embrace more open disclosure and work together when a breach occurs, work to simplify digital systems, invest in new systems to verify and protect an individual's digital identities from theft or fraud.
"As shown recently in the international response to the Heartbleed exploit, collaboration and open disclosure are essential when tackling threats that cross networks, industries and national borders," he said.