{"id":60184,"date":"2020-11-04T10:00:25","date_gmt":"2020-11-03T23:00:25","guid":{"rendered":"https:\/\/www.aspistrategist.ru\/?p=60184"},"modified":"2020-11-04T09:44:51","modified_gmt":"2020-11-03T22:44:51","slug":"government-must-take-cyber-threat-to-democracy-seriously","status":"publish","type":"post","link":"https:\/\/www.aspistrategist.ru\/government-must-take-cyber-threat-to-democracy-seriously\/","title":{"rendered":"Government must take cyber threat to democracy seriously"},"content":{"rendered":"
<\/figure>\n

With voting underway in the US, the eyes of the world are focused on America\u2019s democratic process.<\/p>\n

Unfortunately, so is the attention of groups of state-backed hackers from around the world as the US\u2019s adversaries seek to interfere in the election.<\/p>\n

In the last fortnight, the FBI, the Director of National Intelligence and the Department of Homeland Security\u2019s Cybersecurity and Infrastructure Security Agency publicly attributed another cyberattack on the 2020 election to Iranian hackers.<\/p>\n

Emails using the threat of violence to coerce voters\u2019 behaviour began arriving in the inboxes of registered Democrats in Alaska, Arizona and Florida. They purportedly came from the far-right Proud Boys group, but actually originated from Iranian state-backed hackers.<\/p>\n

This attack follows the successful hack-and-leak campaign undertaken by Russian-backed hackers against the 2016 US election and are part of an accelerating trend we\u2019re seeing around the world. One where nation-state hackers are targeting the IT systems of non-governmental democratic institutions in an effort to interfere in other countries\u2019 democratic process.<\/p>\n

As ASPI\u2019s recently released report Cyber-enabled foreign interference in elections and referendums<\/em><\/a> notes, these operations have emerged as a high-impact and increasingly common threat to sovereignty in democracies.<\/p>\n

Similar attacks have occurred since 2016 in the United Kingdom, France, Germany and many other democratic nations.<\/p>\n

Indeed, ASPI has found that 41 elections have been targeted by cyber-enabled operations in the last decade.<\/p>\n

They are a salutary warning for Australia.<\/p>\n

More often than not, the targets of these hacks are not government or parliamentary IT systems, but other institutions of democracy\u2014political parties, media outlets, research institutes and non-governmental organisations.<\/p>\n

A recent report from Microsoft found that NGOs were the most common targets<\/a> for state-backed cyber operations, constituting 32% of all targets.<\/p>\n

Australia is currently unprepared for cyberattacks on democratic institutions outside government. Something similar to Iran\u2019s \u2018Proud Boys\u2019 effort would be easily replicable in Australia through attacks on the IT infrastructure of Australia\u2019s political parties.<\/p>\n

After the February 2019 cyberattacks on the networks of Australian Parliament House and the major political parties, Prime Minister Scott Morrison told parliament that our democratic process was \u2018our most critical piece of national infrastructure\u2019.<\/p>\n

But today, while the government does consider the IT systems of Parliament House and the Australian Electoral Commission critical infrastructure, it doesn\u2019t extend this to the IT systems of the other organisations targeted in this attack\u2014Australia\u2019s political parties.<\/p>\n

The Morrison government has offered band-aid fixes to this problem over the past three years, including $2.7 million over four years allocated to the major parties\u2019 cybersecurity in the 2019 Mid-Year Economic and Fiscal Outlook.<\/p>\n

However, Australia lacks an ongoing institutional framework to build resilience against cyberattacks on non-governmental democratic institutions.<\/p>\n

The cyber resilience of these institutions falls through the cracks of our current security arrangements.<\/p>\n

Government security agencies provide robust cybersecurity protections for parliamentary email systems, but these protections stop when MPs use private emails, social media accounts, privately hosted websites and smartphone apps.<\/p>\n

Home Affairs, the Australian Security Intelligence Organisation, the Australian Signals Directorate and the Department of Parliamentary Services all have some indirect responsibility here, but none take ownership of the issue.<\/p>\n

While I\u2019m sure there would be a significant incident response in the wake of a successful attack, there\u2019s little being done to prevent attacks in the first place\u2014or to build resilience through our information system to mitigate the impact of such attacks once they occur.<\/p>\n

There\u2019s no capacity-building program for our democratic institutions, no targeted cyber hygiene training, no real-time sharing of threat intelligence, no assistance with vulnerability assessments, no monitoring of logs.<\/p>\n

Nor are there any public awareness campaigns on the nature of this threat to our sovereignty, or any clear institutional responsibility for identifying and informing the public about cyber-enabled foreign interference. The government hasn\u2019t even given any advice on which smartphone apps to avoid.<\/p>\n

The government recently released a consultation paper<\/a> on Australia\u2019s arrangements for protecting critical infrastructure and systems of national significance.<\/p>\n

This paper frames an expanded definition of critical infrastructure as infrastructure supporting services \u2018crucial to Australia\u2019s economy, security and sovereignty\u2019.<\/p>\n

Despite the demonstrable threat that cyberattacks on non-governmental democratic institutions pose to our sovereignty, the paper fails to address this challenge.<\/p>\n

This oversight is striking in the context of a recent speech by Home Affairs Minister Peter Dutton to The Age<\/em> and Sydney Morning Herald<\/em>\u2019s National Security Summit in which he correctly warned of the threats to democratic institutions from foreign interference.<\/p>\n

Yet when the vector is a hack-and-leak campaign against these targets, the government remains blind to the threat.<\/p>\n

As a result, these non-governmental democratic institutions are left to face advanced persistent threats from sophisticated state-backed hackers largely on their own.<\/p>\n

It\u2019s not a fair fight, and the stakes couldn\u2019t be higher.<\/p>\n

The Morrison government likes to talk big on fighting foreign interference, but if it\u2019s serious it must start taking the threat of cyberattacks against non-governmental democratic institutions seriously.<\/p>\n","protected":false},"excerpt":{"rendered":"

With voting underway in the US, the eyes of the world are focused on America\u2019s democratic process. Unfortunately, so is the attention of groups of state-backed hackers from around the world as the US\u2019s adversaries …<\/p>\n","protected":false},"author":401,"featured_media":47647,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_mi_skip_tracking":false,"footnotes":""},"categories":[1],"tags":[713,2138,106,728],"class_list":["post-60184","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-general","tag-cyberattack","tag-cybersecurity","tag-democracy","tag-hacking"],"acf":[],"yoast_head":"\nGovernment must take cyber threat to democracy seriously | The Strategist<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.aspistrategist.ru\/government-must-take-cyber-threat-to-democracy-seriously\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Government must take cyber threat to democracy seriously | The Strategist\" \/>\n<meta property=\"og:description\" content=\"With voting underway in the US, the eyes of the world are focused on America\u2019s democratic process. Unfortunately, so is the attention of groups of state-backed hackers from around the world as the US\u2019s adversaries ...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.aspistrategist.ru\/government-must-take-cyber-threat-to-democracy-seriously\/\" \/>\n<meta property=\"og:site_name\" content=\"The Strategist\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/ASPI.org\" \/>\n<meta property=\"article:published_time\" content=\"2020-11-03T23:00:25+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2020-11-03T22:44:51+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2019\/05\/1605interference.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"800\" \/>\n\t<meta property=\"og:image:height\" content=\"565\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Tim Watts\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@ASPI_org\" \/>\n<meta name=\"twitter:site\" content=\"@ASPI_org\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Tim Watts\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.aspistrategist.ru\/#website\",\"url\":\"https:\/\/www.aspistrategist.ru\/\",\"name\":\"The Strategist\",\"description\":\"ASPI's analysis and commentary site\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.aspistrategist.ru\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-AU\"},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-AU\",\"@id\":\"https:\/\/www.aspistrategist.ru\/government-must-take-cyber-threat-to-democracy-seriously\/#primaryimage\",\"url\":\"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2019\/05\/1605interference.jpg\",\"contentUrl\":\"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2019\/05\/1605interference.jpg\",\"width\":800,\"height\":565},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.aspistrategist.ru\/government-must-take-cyber-threat-to-democracy-seriously\/\",\"url\":\"https:\/\/www.aspistrategist.ru\/government-must-take-cyber-threat-to-democracy-seriously\/\",\"name\":\"Government must take cyber threat to democracy seriously | The Strategist\",\"isPartOf\":{\"@id\":\"https:\/\/www.aspistrategist.ru\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.aspistrategist.ru\/government-must-take-cyber-threat-to-democracy-seriously\/#primaryimage\"},\"datePublished\":\"2020-11-03T23:00:25+00:00\",\"dateModified\":\"2020-11-03T22:44:51+00:00\",\"author\":{\"@id\":\"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/afb5fae625bf32a4de4b5325f81c0722\"},\"breadcrumb\":{\"@id\":\"https:\/\/www.aspistrategist.ru\/government-must-take-cyber-threat-to-democracy-seriously\/#breadcrumb\"},\"inLanguage\":\"en-AU\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.aspistrategist.ru\/government-must-take-cyber-threat-to-democracy-seriously\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.aspistrategist.ru\/government-must-take-cyber-threat-to-democracy-seriously\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.aspistrategist.ru\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Government must take cyber threat to democracy seriously\"}]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/afb5fae625bf32a4de4b5325f81c0722\",\"name\":\"Tim Watts\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-AU\",\"@id\":\"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/f01ce095af685535c4ccf5ceecb1fd26?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/f01ce095af685535c4ccf5ceecb1fd26?s=96&d=mm&r=g\",\"caption\":\"Tim Watts\"},\"url\":\"https:\/\/www.aspistrategist.ru\/author\/tim-watts\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Government must take cyber threat to democracy seriously | The Strategist","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.aspistrategist.ru\/government-must-take-cyber-threat-to-democracy-seriously\/","og_locale":"en_US","og_type":"article","og_title":"Government must take cyber threat to democracy seriously | The Strategist","og_description":"With voting underway in the US, the eyes of the world are focused on America\u2019s democratic process. Unfortunately, so is the attention of groups of state-backed hackers from around the world as the US\u2019s adversaries ...","og_url":"https:\/\/www.aspistrategist.ru\/government-must-take-cyber-threat-to-democracy-seriously\/","og_site_name":"The Strategist","article_publisher":"https:\/\/www.facebook.com\/ASPI.org","article_published_time":"2020-11-03T23:00:25+00:00","article_modified_time":"2020-11-03T22:44:51+00:00","og_image":[{"width":800,"height":565,"url":"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2019\/05\/1605interference.jpg","type":"image\/jpeg"}],"author":"Tim Watts","twitter_card":"summary_large_image","twitter_creator":"@ASPI_org","twitter_site":"@ASPI_org","twitter_misc":{"Written by":"Tim Watts","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebSite","@id":"https:\/\/www.aspistrategist.ru\/#website","url":"https:\/\/www.aspistrategist.ru\/","name":"The Strategist","description":"ASPI's analysis and commentary site","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.aspistrategist.ru\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-AU"},{"@type":"ImageObject","inLanguage":"en-AU","@id":"https:\/\/www.aspistrategist.ru\/government-must-take-cyber-threat-to-democracy-seriously\/#primaryimage","url":"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2019\/05\/1605interference.jpg","contentUrl":"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2019\/05\/1605interference.jpg","width":800,"height":565},{"@type":"WebPage","@id":"https:\/\/www.aspistrategist.ru\/government-must-take-cyber-threat-to-democracy-seriously\/","url":"https:\/\/www.aspistrategist.ru\/government-must-take-cyber-threat-to-democracy-seriously\/","name":"Government must take cyber threat to democracy seriously | The Strategist","isPartOf":{"@id":"https:\/\/www.aspistrategist.ru\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.aspistrategist.ru\/government-must-take-cyber-threat-to-democracy-seriously\/#primaryimage"},"datePublished":"2020-11-03T23:00:25+00:00","dateModified":"2020-11-03T22:44:51+00:00","author":{"@id":"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/afb5fae625bf32a4de4b5325f81c0722"},"breadcrumb":{"@id":"https:\/\/www.aspistrategist.ru\/government-must-take-cyber-threat-to-democracy-seriously\/#breadcrumb"},"inLanguage":"en-AU","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.aspistrategist.ru\/government-must-take-cyber-threat-to-democracy-seriously\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.aspistrategist.ru\/government-must-take-cyber-threat-to-democracy-seriously\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.aspistrategist.ru\/"},{"@type":"ListItem","position":2,"name":"Government must take cyber threat to democracy seriously"}]},{"@type":"Person","@id":"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/afb5fae625bf32a4de4b5325f81c0722","name":"Tim Watts","image":{"@type":"ImageObject","inLanguage":"en-AU","@id":"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/f01ce095af685535c4ccf5ceecb1fd26?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/f01ce095af685535c4ccf5ceecb1fd26?s=96&d=mm&r=g","caption":"Tim Watts"},"url":"https:\/\/www.aspistrategist.ru\/author\/tim-watts\/"}]}},"_links":{"self":[{"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/posts\/60184"}],"collection":[{"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/users\/401"}],"replies":[{"embeddable":true,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/comments?post=60184"}],"version-history":[{"count":5,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/posts\/60184\/revisions"}],"predecessor-version":[{"id":60186,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/posts\/60184\/revisions\/60186"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/media\/47647"}],"wp:attachment":[{"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/media?parent=60184"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/categories?post=60184"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/tags?post=60184"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}