The soft underbelly of Australian political computing has been targeted by what Prime Minister Scott Morrison has branded a "sophisticated state actor", as the PM disclosed that the nation's political parties were also hit in an online attack earlier this month that forced a password reset of all Australian Parliament House network users, including politicians and all of their staffers.
Speaking on Monday morning, Morrison said the networks of the Liberals, Labor, and Nationals were affected, that the nation's security agencies are securing those systems, and that there is no evidence of electoral interference.
Australia's political parties do not have to adhere to the Privacy Act, and hence disclose when data on citizens is breached.
Morrison added that the Commonwealth has contacted electoral commissions, anti-virus companies, and state and territory authorities responsible for cybersecurity.
"The Australian government will continue to take a proactive and coordinated approach to protecting Australia's sovereignty, our economy, and our national security," Morrison said. "Our political system and our democracy remains strong, vibrant and is protected.
"The government has chosen to be transparent about these matters. This is in itself an expression of faith by our government in our democratic system and our determination to defend it."
In response, Labor leader Bill Shorten pointed out that political parties are typically small organisations with few full-time staff that have "large amounts of information" on voters and communities.
"These institutions can be a soft target, and our national approach to cybersecurity needs to pay more attention to non-government organisations," Shorten said.
When password reset was initiated by the Department of Parliamentary Services, it said there was no evidence to suggest data has been taken or accessed.
Recently, the Australian Signals Directorate (ASD) said that over the course of the last three financial years, the federal government's networks have been the subject of cyber incidents 1,097 times.
"ASD response is required when an incident achieves any degree of success, which can have varying impacts from significant data exfiltration and degradation of the network through to no harm being realised," it wrote.
"The nature of the response varied depending on the incident, and ranged from telephone conversations through to deployment of staff resources and tools to assist in mitigating the incident."
At the same time that the Prime Minister was making his statement to Parliament, the Joint Committee of Public Accounts and Audit announced a new inquiry into the cyber resilience of Commonwealth agencies.
"Effective implementation of a comprehensive cybersecurity framework across Commonwealth agencies is critical to protect Australians' privacy and Australia's social, economic, and national security interests from emerging cyber threats," Senator Dean Smith said in a statement.
Submissions to the inquiry are open until March 4.
Department of Parliamentary Services says there is no evidence to suggest data has been taken or accessed, or that the incident is part of a plan to influence electoral processes.
After just two hours of debate, Australia's encryption law amendments are now stalled in the Senate until April. Only one key amendment was passed, but both government and opposition can claim a win.
Russia's internet contingency plan gets closer to reality.
DMARC email authentication can significantly reduce the risk of phishing attacks, but only 5.5 percent of Australia's main government domains have deployed it. That's set to change.