Wikileaks reveals shaky Aussie cyber past

Australia was found to be unprepared for cyber attacks and dependent on US intelligence as recent as 2008 according to secret diplomatic cables released by Wikileaks.
Written by Darren Pauli, Contributor and  Suzanne Tindal, Contributor

Australia was found to be unprepared for cyber attacks and dependent on US intelligence as recent as 2008 according to secret diplomatic cables released by Wikileaks.

The cables, obtained by Fairfax, detail intelligence from a US ambassador between the Department of State Bureau of Intelligence and Research (INR) and the Australian Office of National Assessments (ONA) in an event held in October 2008.

According to the cables, Australian Defence Intelligence Organisation (DIO) director Major General Maurie McNarn accused Australia's shadowy cyber-security lead agency, the Defence Signals Directorate (DSD), of brushing off the risk of cyber threats and instead focused on traditional intelligence matters.

The cables state McNarn said the DSD had "the lead" for Australia in tackling the issue but was more focused on themes, and that Australian intelligence would need to stay engaged with its US counterparts to share lessons learned in the cyber arena.

It alleged that McNarn and his deputy Michael Shoebridge said the Australian intelligence community "was hard pressed to understand the full extent of the threat, let alone serve in a position to lead the coordination of any inter-agency mitigation efforts".

Australian diplomats allegedly praised the then intelligence collection of Japanese counterparts.

The event is said to have covered broad issues including terrorism threats and spanned Iran, Pakistan, Afghanistan, Japan, the Koreas, China, Russia, Indonesia and the Philippines.

Although the cables seem to give a poor picture of security in 2008, the Australian Government has since created and reshuffled cyber security agencies to handle cyber threats.

The structure now includes the Cyber Security Operations Centre and the Computer Emergency Response Team (CERT) Australia within the tight walls of the DSD.

The Trusted Information Sharing Network has also been established to open communications channels between government and the nation's critical infrastructure organisations, including water and electricity utilities, and now financial institutions.

IBRS analyst James Turner said that the cables' allegations may have been a fair assessment, but pointed out that they were someone's opinion at a certain point in time. "We don't know how accurate that was," he said.

He said that he believed that awareness in the cyber security area was increasing at a government level.

Distributed denial-of-service (DDoS) attacks by anti-filter activists earlier this year which took down government websites have also raised the profile of cyber security, he said. That visibility gives cyber defence teams an extra lever to ask for more budget, he said, allowing them to say "we couldn't even defend ourselves against a DDoS attack!"

It can be hard to find funding for security, he said, because you're spending a lot of money to stop something from happening. It'd be a surprise if Australia were ever leaders in this space, according to Turner, because of the limited resources at our disposal.

"What is reasonable for the US is going to be bankrupting for us," he said.

Editorial standards