The strategy says, “The Australian Government will ensure law enforcement agencies have appropriate legislative powers and technical capabilities to deter, disrupt and defeat the criminal exploitation of anonymizing technology and the dark web.”
To support the new strategy, Australia will spend A$1.67 billion ($1.2 billion) over the next 10 years, Morrison said.
The increased spending is intended to fortify critical infrastructure, boost police efforts to disrupt criminal activity on the dark web, and strengthen community awareness.
The government will also invest in Australian universities to strengthen their cyber security and fund their cyber threat intelligence sharing network.
Companies will also be legally bound to ensure that their networks comply with cybersecurity standards.
In 2018 the Australian Government introduced reforms to protect critical infrastructure sectors such as “the telecommunications sector and certain electricity, water, gas and port assets” against cyber threats.
The new strategy “will build on this foundation to include” other sectors critical to the Australian way of life.
“The Government will work with owners and operators of critical infrastructure to update legislation to ensure that critical infrastructure sectors deliver their essential services with security front of mind,” Dutton said in the joint statement.
“Agencies will be equipped to help address sophisticated threats, particularly to the essential services all Australian’s rely on—everything from electricity and water, to healthcare and groceries,” he added.
Alastair MacGibbon, a former director in the ASD said the government agency would access networks to monitor and defend them, not “to spy,” reported The Sydney Morning Telegraph.
Cyber-attacks in Australia
Some controversies in Australia have risen over power given to the ASD. In 2019, government agents raided the home of a News Corp journalist who reported about the Ministry of Home Affairs attempting to use the ASD to spy on Australians. Dutton denied the allegation that his ministry sought ASD powers to spy on Australian people.
Cyber-attacks on businesses and households in Australia cost about A$29 billion ($20.83 billion) or 1.9 percent of Australia’s gross domestic product (GDP), Morrison told reporters in Canberra.
During the COVID-19 crisis, malicious cybercriminal activity intensified targeting Australian households and businesses with a goal to steal personal information and distribute malware through COVID-19 themed phishing emails. The ASD “used its offensive cyber capabilities to disrupt foreign cyber criminals” behind those attacks, disabled their infrastructure and prevented them from accessing stolen information.
According to data provided by the new strategy, the most targeted sector in the country within the 12 month period ending in June was the Australian government, where over 400 cybersecurity incidents occurred, and Australian state and local governments which reported more than 350 incidents.
Individuals reported almost 200 incidents and the health sector more than 150. The lowest number of incidents occurred in water, communications, transport, and mining sectors.
Morrison said in June that a “sophisticated state-based actor” had spent months trying to hack all levels of the government, political bodies, essential service providers, and operators of critical infrastructure.
Sources told Reuters that Australia views China as the chief suspect, a suggestion swiftly dismissed by Beijing.
Much of Australia’s cyber policy to date has focused on bolstering the defenses of government agencies after an attack on the parliament in 2019, but malicious cyber activity is increasing against small and medium businesses, universities and households, Morrison said.
The ASD determined China was responsible for hacking Australia’s parliament and will be given new funding to counter foreign cyber-attacks.
