The Federal Government has confirmed for the first time the Bureau of Meteorology (BOM) was the target of a cyber attack.
Last year, the ABC uncovered a state-based intrusion into the Bureau of Meteorology that infected its entire computer network.
The threat is persistent, aimed at stealing information, and will cost hundreds of millions of dollars to fix.
The bureau has a direct link to the Defence Department and officials have told the ABC they believe the attack was launched from China.
Prime Minister Malcolm Turnbull today confirmed the attack.
“I can confirm reports that the Bureau of Meteorology suffered a significant cyber intrusion which was first discovered early last year, and the Department of Parliamentary Services suffered a similar intrusion in recent years,” he said.
“Those organisations have worked hard with the experts at the Australian Cyber Security Centre to understand and fix the vulnerabilities.”
Mr Turnbull also admitted for the first time that the Federal Government has the ability to launch cyber attacks.
“An offensive cyber capability housed in the Australian signals directorate provides another option for Government to respond,” he said.
“The use of such a capability is subject to stringent legal oversight.”
He made the comments as part of the unveiling of his $230 million Cyber Security Strategy, aimed at beefing up the nation’s defences against online assaults on individuals, businesses and governments that some estimates say cost the economy as much as $17 billion a year.
The five-tiered plan will: continue to build a national partnership between government and business; strengthen defences; appoint an ambassador to push for an open, free and secure internet; drive innovation through an industry-led growth centre; and raise awareness and develop centres of excellence.
The Commonwealth is one of the prime targets for attacks by opportunists, criminals and other states.
Cyber security breaches are rarely confirmed by government but it is understood there is an active debate over whether to change that approach, as there is an increasing call for businesses to be more transparent about attacks on their systems.
In a clear sign there has been a change of thinking under Malcolm Turnbull, the Commonwealth has let it be known the capacity to attack is part of its array of defences.
Buried on page 21 of the Cyber Security Strategy Mr Turnbull will launch today is: “Australia’s defensive and offensive cyber capabilities enable us to deter and respond to the threat of cyber attack.”
It is the first time the Government has made the admission and the ABC has been told it is a reflection of Mr Turnbull’s deep interest in the cyber strategy and that he is trying to break down the risk-averse attitude of the bureaucracy.
Australia getting assistant minister for cyber security
The direct cost to Australians from cyber crime has been estimated at $1 billion a year, but the report says worldwide losses from cyber attacks are estimated at 1 per cent of GDP. If that measure is used, the real effect on Australia is closer to $17 billion.
But the Prime Minister’s statement in the strategy says there are opportunities as well as threats in building confidence online and that dovetails with the Government’s plan to transition to a new and more-diverse economy.
“A secure cyberspace provides trust and confidence for individuals, business and the public sector to share ideas and information and to innovate online,” Mr Turnbull says.
To build that, there will be a joint response from government and the private sector, with the Prime Minister leading an annual security meeting with business leaders and the appointment of a new assistant minister for cyber security.
The strategy says $230 million will be invested over the next four years on initiatives that fall into five themes:
• Establishing a national cyber security partnership
• Creating strong cyber defences to detect, deter and respond to threats
• Taking a global leadership role to champion a free internet and shut safe havens
• Focusing on growth and innovation
• Building a cyber-smart nation by building skills and awareness
Nearly $39 million of that will build a new home for the Australian Cyber Security Centre that gives better access to the private sector.
Another $47 million will be spent on threat-sharing centres and $36 million on lifting the intelligence and investigation capabilities. Another $30 million will establish an industry-led Cyber Security Growth Centre.