Former ASIO boss David Irvine is right
David Irvine, the former director of ASIO has described Australia’s cyber defences as relatively weak and uncoordinated.It is not exaggerating to consider a cyberattack where computers are infected across Australia as criminal and an act of terrorism, due to their impacts.In Australia, the malware attacks always affect critical resources and in such interconnected country like Australia such damage is perhaps beyond most people’s imagination, but the brouhaha the former spymaster has created should serve as yet another reminder of the danger. David Irvine, who was head of ASIO until four years ago, in a submission to a parliamentary inquest evaluating the “impact of new and emerging information and communications technology” was spot on on the dangers facing Australia.Irvine submission, written on behalf of the Cyber Security Research Centre, calls for the creation of a “single Commonwealth-led cooperative agency” charged with countering cybercrime in Australia. Australia’s national capacity to counter threats and criminal activity using cyber investigative tools is relatively weak, uncoordinated, and dispersed across a range of agencies in both Commonwealth and state jurisdictions. “Countering cybercrime in Australia will be most effective when investigative support mechanisms are concentrated and coordinated on a national basis, utilising skills and technical capabilities developed in the national security area to strengthen law enforcement activity, and vice versa”.The Cyber Security Research Centre suggests a new agency would provide “expert technical cyber investigative services in support of legal law enforcement and national security investigations carried out by Commonwealth and state agencies”. The Cyber Security Research Centre stresses its proposed new agency would “support, rather that supplant or duplicate the proper functioning of those agencies” but does not specify where the organisation should sit. “Such an agency might fall within the ambit of the Department of Home Affairs, either as a separate entity or associated with the Australian Cyber Security Centre or the Australian Federal Police and Australian Criminal Intelligence Commission, and with a close working relationship with the skills-intensive Australian Signals Directorate.”
David Irvine who is one of the most experienced Australian diplomats was also the head of the overseas intelligence agency ASIS and therefore his comments should be taken seriously.Australian federal government certainly deserves credit for quickly responding to the escalating cybersecurity threat. While disseminating manuals to prevent infections, authorities have also prevented panic that would only exacerbate the crisis and trigger unnecessary actions by businesses and individuals affected by cyber crime.Reading between the lines on David Irvine submissions, since hackers will never stop their attempts to break into and seize control of Australians computer systems, be it for personal pride or for profit as in the current ransomware cases or even for political reasons, and since both state and non-state actors can launch such attacks, strengthening Australia’s cyber defense is non-negotiable.There have been reports of attacks involving Australia, a country well known for its advanced cyber army, which clearly shows that the battleground among nations extends to the binary world and authorities ought to listen to David Irvine. As a cyber security expert once told me, no blood will be shed in the new form of war, at least directly, but its impacts could be just as devastating as those of the two world wars witnessed in the first half of 20th century. With the war occurring covertly and silently, the frequently asked question is whether Australia has protected itself well.The David Irvine submission is further evidence of Australia’s vulnerability to cyberattacks and there’s need to ask all parties, in particular strategic public institutions, including the banking sector, to increase their cybersecurity to prevent themselves falling prey to ransomware or other forms of attack. Also, an integrated information security system that could detect any attack as early as possible.In the wake of the ransomware threats witnessed recently and in the face of intensifying cyber warfare, Australia may need to put the initiative back on the table and seek the advise from the likes of David Irvine or heed his advise on the need for a “single Commonwealth-led cooperative agency” to counter cybercrime.