Gillard hack a test run for new ASIO unit?

analysis The Federal Government has kept mum on an alleged cyber-espionage hack on computers owned by Prime Minister Julia Gillard and several cabinet ministers, but it should be well prepared to investigate the attack.

(Get Smart image by Gab, CC BY-SA 2.0)

News Ltd papers reported China-based state-sponsored attackers broke into the parliamentary email accounts of the Prime Minister, Foreign Minister Kevin Rudd and Defence Minister Stephen Smith, retaining access for up to a month. The accounts were not used to disseminate sensitive emails, according to the reports.

The Federal Government has not denied the attacks, nor said if its fledgling cyber counter-espionage unit within the Australian Security Intelligence Organisation (ASIO) has been asked to take the lead on an investigation.

The department said only that it is "the long standing practice of successive Australian Governments not to comment on the operations of security and intelligence agencies".

The new counter-espionage unit would be the logical choice to spearhead any investigation.

Over the years, the Federal Government has been building cyber defence capabilities for attacks on its assets.

At the initial signs of an attack, government security boffins rally at the first point of contact — the Cyber Security Operations Centre (CSOC) within the Department of Defence.

The CSOC is a coordination unit which makes use of information security operatives from the Attorney-General's Department including the Computer Emergency Response Team (CERT) Australia and the ASIO counter-espionage unit, as well as staff within the Defence Signals Directorate (DSD).

The attacks would be de-constructed to determine if it is an attack on the private sector, critical infrastructure, or national security including espionage. Depending on the outcome, one of those units will be chosen to lead the investigation, while the other units offer support.

In the case of ministerial computer attacks such as this one, ASIO's counter-espionage unit would likely spearhead an investigation along with defence operatives if the hacking is state-sponsored, which it reportedly is.

The unit was established to monitor and investigate espionage attempts against national security interests and relay attack alerts to select agencies and critical infrastructure owners.

If, on the other hand, the attacks are deemed to be a matter for the critical infrastructure or the private sector, it would fall into the realm of CERT Australia. This agency was created in late 2009 and disseminates non-espionage-related information security alerts to critical infrastructure owners and produces limited consumer advisories.

Last year, that agency fielded 187 "cyber incidents" which ZDNet Australia understands ranged from serious attacks against national infrastructure to minor service interruptions.