ANDREW HASTIE: Good morning, everyone, and welcome to the Perth Joint Cyber Security Centre here in Western Australia. Today, I’m launching the theme of email security as part of our Act Now, Stay Secure Australian Cyber Security Centre campaign to protect Australian businesses, organisations and our country as a whole – because our digital sovereignty, as we know, is under attack. It has been under attack, and we need to do more to protect Australians.
Business email compromise is a huge problem. In 2019 the Australian Institute of Criminology estimated that cyber crime is costing the Australian economy $3.5 billion, and last financial year alone, business email compromise has affected more than 4,500 Australian businesses and cost them more than $80 million. So this is a big, big problem.
Today we want to alert businesses to the problem of business email compromise: fraudulent invoices being made, business employees or companies being impersonated, and being used to steal data and incur financial losses against Australian businesses. It’s a big problem, and there are very simple things that people can do. Number one, they can use complex passwords. Number two, they can use multifactor authentication. Number three, they can update their account recovery details in the event of ransomware attacks. And finally, they can back up their data.
So, today, I want to just make sure that everyone knows about email security, the risk it poses to Australian businesses, particularly the cost it can incur, and I want people to act and to do basic things – as I said, update their account recovery details, use complex passphrases, and use multifactor authentication.
A comment or two about the attribution the Australian Government made last night to the Chinese government in cyber espionage. As you’d be aware, last night in consultation with our partners, the Australian Government made attribution to the Chinese Government for exploiting the vulnerabilities in the Microsoft Exchange software that was identified back in January. The Chinese Ministry of State Security has exploited that and has also incentivised cyber criminals online to attack Australian businesses and to exploit the vulnerability.
More troubling, still, we’re also seeing the Chinese Ministry of State Security use contract hackers to steal Australian intellectual property to give the Chinese Government commercial leverage, a commercial advantage. And the reason why we have made attribution is because a line has been crossed and it’s time it stopped. And so we are calling on all nations, including China, to act responsibly in cyber space. It’s very simple. We have a relationship with China. We value that relationship. But there are boundaries and that’s why we’re making this public, because it has to stop.
Australian digital sovereignty is critical. We know that we have borders – territorial sovereignty – but we also have digital sovereignty, and every single person has a role to play in that. Whether you’re a private citizen with your phone, or a business with an online presence – you are a potential target. And if we care about our country and our digital sovereignty, we need to work together to protect our sovereignty. That’s why we’re launching today the email security campaign with the Australian Cyber Security Centre, and we want all Australians to uplift their cyber security practices and keep our country safe.
JOURNALIST: Given the condemnation of China, is the government prepared for any hacks that might occur in retaliation or any other form of retaliation, say, tariffs?
ANDREW HASTIE: Look, we’re working very hard across Australian society to prevent cyber attacks, through getting Australians to take responsibility for their cyber security and uplift their practices. We’re investing a huge amount of money over the next decade, particularly through the Australian Signals Directorate. They’re going after cyber criminals offshore to keep them off balance and to give our people space. That’s what they do – they’re very good at offensive cyber operations. So we’re taking a number of actions to protect Australian businesses. But today is about increasing the awareness for everyday Australians, the risk that cyber criminals pose to them, particularly through email security.
JOURNALIST: Is China engaging in cyber warfare with Australia? Has it reached that level?
ANDREW HASTIE: Look, we’ve always thought about warfare in terms of air, land, and sea. Increasingly we’re thinking about space, but now more than ever we’ve got to start considering cyber as a new battlefield of sorts. So whether it’s espionage, or outright cyber-attacks, this is a big problem the world over. It’s not just Australia. You’ll note that our partners also made attribution last night. President Joe Biden did, Boris Johnson in the United Kingdom, our New Zealand friends, Canada, among other nations. So, this is something that is affecting everyone, and that’s why we need to come together, call this behaviour out and reaffirm that there are boundaries in our relationships and they must be respected.
JOURNALIST: What real-life impact are we going to see with the attribution?
ANDREW HASTIE: Well, I think there’s significant reputational damage for the Chinese Government for this to be made public. And, of course, we’re setting a boundary. We’re saying a line has been crossed and it’s got to stop. And that’s really important. Transparency is critical. I think transparency is a really important part of this process of protecting our digital sovereignty, and it will help make our businesses particularly who are the targets of this cyber espionage more aware and will hopefully see an uplift across Australian society of cyber security.
JOURNALIST: Are you concerned about retaliation in the form of trade sanctions or restrictions specifically from China?
ANDREW HASTIE: Look, we’re going to keep doing what we’re doing – and that is being a responsible, global, and regional neighbour to all our countries. We want to live peacefully with all. We want to trade with all. We want to maintain good relationships, and so we’ll keep doing what we’re doing – that is, doing what Australia has always done: being a great global and regional citizen.
JOURNALIST: Should Australia go further than just attributing? For example, expelling diplomats?
ANDREW HASTIE: Look, we’ve made attribution. That’s what we’ve done. That’s the course of action we’ve revealed overnight, and that’s what we’re doing at the moment.
JOURNALIST: Are you aware of any response from Beijing?
ANDREW HASTIE: I’m not aware of any response thus far.
JOURNALIST: When do you expect to be called as a witness in the Ben Roberts-Smith trial?
ANDREW HASTIE: That’s for the court to decide.
JOURNALIST: Sorry, back on cyber, I guess, with this attribution, what impact is the Australian Government hoping that will have? Obviously, you know, there have been boundaries that have been crossed already. Is this calling out behaviour, do you think that would actually stop what has been going on or is alleged to have gone on?
ANDREW HASTIE: Look, these sorts of things flourish in darkness, and so what we’re bringing is light to the problem, and transparency, and that’s why we’ve done it with our partners across the world, to bring light on to this problem – and that is, that the Chinese Government, through the Chinese Ministry of State Security has exploited the vulnerabilities in the Microsoft Exchange software that’s led to financial losses from Australian businesses and businesses globally. It’s got to stop, and by making attribution we’re alerting the world to this problem, and people can then take action to safeguard their own commercial interests and their own data, and their own private security. And that’s what’s really important.
We’re also putting on notice cyber criminals who are contracted to the Chinese Government, and we’re going to work very hard to make sure we disrupt their business model, because it can’t continue – it’s as simple as that. That’s why the ASD is there. The ASD, they have a significant role in conducting offensive cyber operations on offshore cyber criminals. And they are legitimate targets. And we will do whatever we can to disrupt their business practice and make it difficult for them to attack Australian businesses, and government for that matter.
JOURNALIST: You said the Chinese government has contracted cyber hackers to target Australian businesses. Is Australia receiving special attention from Beijing in this space or are they doing that sort of globally?
ANDREW HASTIE: Look, this is a global problem. That’s why we’ve done this in consultation with our partners and that’s the main thing.
JOURNALIST: If there was a cyber attack today, what would you do?
ANDREW HASTIE: Well, if there’s a cyber attack today and you’re a small business – well, the best thing we can do is prevent a cyber attack, and that is by using complex pass phrases, multifactor authentication, backing up your data, making sure your recovery details are updated and, of course, joining the Australian Cyber Security Centre in their partnership program so you get regular threat updates. And I’d encourage all Australians to go to cyber.gov.au. All the information that you need is there. And, of course, we have a 24/7 taskforce that is stood up in Canberra which can respond to an emergency or a cyber attack and that’s what they’re there for. So make sure you go to that website – cyber.gov.au, and information will be there to help small businesses, medium businesses, and anyone else for that matter who wants to uplift their cyber security.
JOURNALIST: I guess in terms of, you know, if there was another cyber attack today, would the Australian Government look to – what would the Government do?
ANDREW HASTIE: Well, we work closely with people who need help and that’s what the Australian Cyber Security Centre is there for. That’s why we’ve established the Joint Cyber Security Centres in our capital cities – because we want the private sector collaborating with government on this. I mentioned digital sovereignty. Digital sovereignty is not just the responsibility of government; it’s the responsibility of everyone. So if you have a hand held device, whether it be a laptop or a phone or a tablet, and you’re online, you’re a potential target. And so you need to get better cyber security. If you’re a small business owner, you need to think about cyber security. And if we all do that together we present a harder target as a country and our digital sovereignty is protected.
JOURNALIST: Just a few questions on Afghanistan. Yesterday, a small number of veterans set fire to their medals to protest the slow progress of getting Afghan staff to Australia. What’s your message to these veterans?
ANDREW HASTIE: Well, I think it’s really important to look at the data, and the Australian Government is not leaving anyone on the battle field in Afghanistan. Since 2012 we’ve had a special visa program for Afghans who’ve worked closely with the Australian Government and we’ve already had 1,500 people resettled here under the special visa program, 300 of those people in the last three months alone – 300 in the last three months alone. Now, since combat operations ceased in 2013, all the interpreters who went on combat operations – who went on patrols, who were shot at or potentially exposed to risk from IEDs – all their cases have been resolved. And I can tell you about one who’s living right here in Perth – Samir. He was a tailor down in Halls Head up until recently; he’s moved further north. But he was an interpreter in the Chora Valley with Australian soldiers and he was resettled here with his family and he’s gainfully employed and an Australian citizen. So we’ve been doing that over the last decade.
Since 2015 there have been 5,000 humanitarian visas issued to Afghans who have worked with the Australian Government. So to suggest that we’re leaving people on the battle field is just not true. It’s just not true. And I tell you what – I won’t be burning my medals any time soon.
JOURNALIST: And just specifically on the security guards who were working at the Kabul embassy until it recently shut down, do you have a message for them? I suppose the figures in the US and UK show that they’re getting a few more of them than Australia?
ANDREW HASTIE: Look, the Department of Defence has finalised 99.2 per cent of the cases that have come before it for certification. So, we are doing a lot of work to help Afghans who’ve applied for resettlement here in Australia. And, as I said, under the special visa program set up for those who worked closely with our troops, with our diplomats, with our aid workers, we’ve issued 1,500 of those – 300 in the last three months. So we’re not leaving people on the battle field as some are suggesting.
Thanks very much.