NEIL MITCHELL: The Assistant Minister for Defence, Andrew Hastie.
THE HON. ANDREW HASTIE MP, ASSISTANT MINISTER FOR DEFENCE: Good morning, Neil. Good to be with you and your listeners.
NEIL MITCHELL: Thanks for your time. This is chilling stuff. What is the most dangerous example that you've come across to this country? What is the most dangerous thing?
ANDREW HASTIE: Well, there are a number of very serious incidents that have taken place over the last year and the headline of this report is that the online world for Australians is a dangerous place. But I think one of the most troubling statistics is one in four attacks – cyber attacks – are conducted against Australian critical infrastructure, which deliver all our essential services. So you can imagine what would happen if we had our electricity taken out, our water messed with, or any of those things that we take for granted. So the point of the report is that, in the last year, cyber as a threat has increased, and that's largely happened because the pandemic has driven us online. There has been a virtualisation of Australian life online – and that makes us a big cyber target for criminals, for state-sponsored actors, for cyber spies, you name it. It's a dangerous world out there, Neil.
NEIL MITCHELL: Well, the fiddling with infrastructure, the one in four cases, 25 per cent in critical infrastructure. Is that by state-based actors, by state-based operators, or is it gangs or crooks who have done it?
ANDREW HASTIE: It's a combination of different actors – certainly state-based actors, but also very sophisticated criminal syndicates – who are seeking to undermine confidence in the Australian government or state governments as it may be. It's very difficult to work out exactly who but there's a clearer picture emerging, and that is that there are state-based actors out there, there are criminals out there, and every single day, they're undermining not only our digital sovereignty as a country, but they're scamming people, they're stealing intellectual property, money, a whole range of things that we need to protect.
NEIL MITCHELL: Why would a foreign power want to fiddle in our electricity or water? It would have to be for nefarious purposes wouldn’t it?
ANDREW HASTIE: Well, that's right: strategic advantage, to coerce us, to disrupt our lives, and undermine governments. That's why they do these things. And there are other examples across the world. For example, you think about in Ukraine in 2015, when the power was cut at the height of winter; if you just look at the US recently, with the hack of the Colonial Pipeline, JBS Meatworks. A lot of these big businesses or pieces of infrastructure, are attacked, not only for the ransom that can be leveraged from the attacks, but also to undermine confidence in some of these critical services.
NEIL MITCHELL: Do we know which foreign countries are doing it, or do we know how many foreign countries? Is it one that's a major player or can't you even identify that much?
ANDREW HASTIE: Well, every country out there which understands cyber has its own cyber capabilities – as we do through the Australian Signals Directorate, the Australian Cyber Security Centre – they play a very important role in protecting Australians and our organisations. In terms of countries that we've made attribution for cyber attacks, well, since 2017, we've made attribution to North Korea, Iran, Russia, and more recently, China as you'd be well aware. So, there are a number of countries out there which need to act responsibly in the realm of cyber. We'll call them out. And we'll call out bad behaviour, because it's in our national interest. You’d remember, Neil, only a couple of months ago that the Australian Government joined more than 30 other nations from Five Eyes, the EU and across the world to call out China for its exploitation of the Microsoft Exchange vulnerability. So there's a lot to be done, but there are things that everyday Australians can do, Neil – and that is to protect themselves: use complex passphrases; back up their data; if they have an iPhone or an iPad or an Android, make sure that they upload their software and they upload the security patches; and then, finally, use multi-factor authentication. We're seeing a lot more Business Email Compromise – that's where people impersonate a business, or someone in the supply chain, and use multi-factor authentication. We do that for our banking: you don't just log on, you often have to get a text with a codes for important transactions as well. People should start doing that with their business as well. ‘Trust but verify’ is the message I’d send to all our small business people listening this morning.
NEIL MITCHELL: Just running through those countries you mentioned who'd been active – China, Russia, Iran, North Korea. So have those countries been active over the past year, that is covered by this report?
ANDREW HASTIE: Look, Neil, that's a question that involves a bit more detail. Suffice to say, I think all those countries are very active online, and that's not stopping anytime soon, and where it compromises our interests, we'll call out bad behaviour as we have done so.
NEIL MITCHELL: When, we are heading towards a vaccination passport, it seems, when we talk about this sort of cybercrime – I wonder how secure that can be? What's your view of that?
ANDREW HASTIE: Well, there are strict privacy laws for vaccination data and the Australian Government will certainly not weaken these protections. Neil, I got my second Pfizer jab yesterday, my arm is sore as a result – but I got my update from MyGov and that certificate needs to be protected. And so the task, the Australian Cyber Security Centre, which is our standing 24/7 taskforce looking at cyber is constantly updating organisations across government and across business to make sure they have the latest alerts, and they're protecting themselves. So just like we protect our tax data, we need to protect our vaccination data. And we'll be working with the state governments to make sure that happens.
NEIL MITCHELL: I must say it doesn't worry me if somebody's sitting in Beijing or Iran or Moscow, or whatever knows that I've been vaccinated twice with AstraZeneca – that doesn't concern me much at all. But is that a reality, though, that these countries or these individual organizations, these crooks, the chances are they've got your health records and my health record?
ANDREW HASTIE: Well, there's a lot of personal information online and the way most of these criminals or spies get it is through poor cyber security at an individual level, which is why I just mentioned those four points: using complex passphrases; backing up your data; patching your software; using multi-factor authentication. When you log into your MyGov account, we use multi-factor authentication and that's another line of defence against people hacking your health data and stealing it from you. So as you would know, Neil, things are constantly changing. A week is a long time in politics, a week is a long time in cyber. Yesterday, for example, an alert was sent out across the world, for Apple, everyone was to patch their phones, because there was a vulnerability identified, but I did that yesterday. I encourage listeners if they haven't done that on their phones, or iPads, to do so: my point being, things are constantly evolving and people need to stay on top of it.
NEIL MITCHELL: We’ll get some advice on that because I certainly haven't patched mine - $33 billion you’re talking about. Who has that come from? That comes largely from business? Does any come from government?
ANDREW HASTIE: That comes out of business. It comes from civil society. I mean, your small businesses and medium businesses, big businesses, just individual Australians who have their credit card information stolen, and I've been at Australian Cyber Security Centre, I've seen a live operation where our cyber warriors disrupt criminals who are trying to steal things from Australians. The ACSC has Australia’s back. But people need to protect their own information through better cyber security.
NEIL MITCHELL: You’re talking about ransomware as well. Have ransoms being paid by Australian companies over the past year?
ANDREW HASTIE: We don't go into details about how companies have resolved their ransomware attacks. The last thing we want to do is incentivise these criminals. And so it's the same principle in war – you don’t telegraph where you've taken a hit on the battlefield, and we don’t like to talk in detail about which businesses have been hit and how they were hit, suffice to say, paying criminals a ransom is a bad thing and incentivises more bad behaviour.
NEIL MITCHELL: It was very well publicized that the company I work for, which is the Nine Entertainment network, they were a target of ransomware last year or target of some sort of disruption. Is that included in this report, is that covered in this area?
ANDREW HASTIE: There are a couple of examples that we talk about in this report, but we only mentioned entities and their examples, if we had their permission, because of course, we want to protect their right to privacy. So there's a lot of good lessons in this report, but we do go into the Colonial Pipeline and the JBS Meatworks examples in some detail, but I would encourage businesses to sign up if they're not already partners with the Australian Cyber Security Centre, sign up, or individuals can do so as well and get the regular alerts and that way they can protect themselves from these threats identified in this report.
NEIL MITCHELL: I know your background in the military, but this looks like the new battleground, doesn’t it?
ANDREW HASTIE: It absolutely is the new battleground. We've always thought about war in terms of air, sea, and land. And, increasingly, cyber is a battlefield – and if you own an iPhone, and if you're connected, not just an iPhone, if you own a phone and you're connected, you're on the battlefield and you may not even realize it. But that's why everyone has to start thinking about their personal security because as a whole that makes up our digital sovereignty and as a country we need to be better at protecting ourselves and our national interests.
NEIL MITCHELL: Good to speak to you, I appreciate your time. I know you're in Perth. Who are you supporting in the Grand Final - the real Grand Final?
ANDREW HASTIE: I’m a Dockers man, so I'm pretty agnostic about who gets up.
NEIL MITCHELL: Oh, come on. Come on. You're a politician, you’ve got to have somebody. It’s gotta be Melbourne or the Doggies!
ANDREW HASTIE: Look, I’ll go with Melbourne! I was born in Wangaratta. I'll go with Melbourne.
NEIL MITCHELL: That's a very good decision. I'm a Melbourne supporter myself. Thank you so much for your time. All the best with it. Thank you.
ANDREW HASTIE: No worries, Neil. Thanks a lot.