Australia spending nearly $1 billion on cyberdefense as China tensions rise
By Damien Cave
Confronting a surge of cyberattacks attributed to the Chinese government, Australia moved to bolster its defenses Tuesday, promising to recruit at least 500 cyberspies and build on its ability to take the battle overseas.
The investment of 1.35 billion Australian dollars ($930 million) over the next decade is the largest the country has ever made in cyberweapons and defenses.
It follows what Prime Minister Scott Morrison has described as a sharp increase in the frequency, scale and sophistication of online attacks — and, more broadly, a steady deterioration in relations between Australia and China.
“The federal government’s top priority is protecting our nation’s economy, national security and sovereignty,” Morrison said Tuesday. “Malicious cyberactivity undermines that.”
The new initiative points to growing frustration in Australia with what current and former intelligence officials have described as a relentless, increasingly aggressive campaign by China to spy on, disrupt and threaten the country’s government, vital infrastructure and most important industries.
The full details of attacks that appear to have come from China are still mostly hidden — Australian officials remain wary of provoking Beijing by naming and shaming culprits — but the public record now includes several examples of elaborate hacking that has less to do with theft for profit than growing aggression against a rival government.
In January of last year, for example, hackers found their way into the computer systems of the Australian Parliament. A year before that, security experts said that tools commonly used by Chinese hackers had been deployed in attacks on Australia’s Defense Department and the Australian National University.
Two weeks ago, Australian officials said a wide range of political and private-sector organizations had come under attack by a “sophisticated state-based cyberactor” — a reference that most cybersecurity experts took to mean China.
And there are hints that the tools being deployed are increasingly ambitious and dangerous.
In one attack earlier this year, hackers used a compromised email account from the Indonesian Embassy in Australia to send a Word document to a staff member in the office of the top leader in the state of Western Australia.
The attachment contained an invisible cyberattack tool called Aria-body, which had never been detected before and had alarming new capabilities. It allowed hackers to remotely take over a computer, to copy, delete or create files, and to carry out extensive searches of the device.
A cybersecurity company in Israel later linked Aria-body to a group of hackers, called Naikon, that has been traced to the Chinese military.
Peter Jennings, a former defense and intelligence official who heads the Australian Strategic Policy Institute, said Beijing had leapfrogged other countries in its cyberabilities and the frequency of its attacks.
“It’s just reaching unprecedented heights of activity,” he said. “Yes, it’s true countries do spy on each other; the problem here is the all-pervasive nature of what China is doing. In many ways, big and small, there are hints of bullying and coercion.”
The attacks, while constant, have become more troublesome since Australia angered China by calling for an international inquiry into the roots of the coronavirus outbreak. In Beijing, any questioning of the official narrative that China defeated the virus as quickly as possible is seen as an insult.
The rising tensions between the two countries have already affected trade — with China cutting imports of barley and beef — and neither country has made a public effort to reconcile. China has also tried to turn the cyberspying accusations back on Australia, with its state media claiming that Beijing disrupted an Australian operation two years ago.
The response on the cyberfront that Australia outlined Tuesday starts with personnel. Roughly a third of the funding will go toward hiring hundreds of cybersecurity experts to study and share information about the evolution of emerging threats, and to create countermeasures of their own.
The Australian Signals Directorate and the Australian Cyber Security Center will build up their capacity to defend against attacks and their connections with the companies that run the country’s digital networks.
The defense minister, Senator Linda Reynolds, said in a statement that the investment aimed to create a rapid-response process that would “prevent malicious cyberactivity from reaching millions of Australians by blocking known malicious websites and computer viruses at speed.”
Jennings said the investment was substantial and needed. He added that it would most likely be a down payment.
“The need for more investment in cybersecurity, both defense and offense, will keep growing,” he said. “This won’t be the last investment, I’m sure.”