19 June 2020
PRIME MINISTER: Thank you for joining us this morning. I’m going to read to you a prepared statement. Protecting Australia's economy, national security and sovereignty is my Government's top priority. Keeping Australians safe. I'm here today to advise you that based on the advice provided to me by our cyber experts, Australian organisations are currently being targeted by a sophisticated state-based cyber actor. This activity is targeting Australian organisations across a range of sectors, including all levels of government, industry, political organisations, education, health, essential service providers and operators of other critical infrastructure. We know it's a sophisticated state-based cyber actor because of the scale and nature of the targeting and the tradecraft used. The Australian Government is aware of an alert to the threat of cyber attacks. Our Government's expert agency on cyber matters is the Australian Cyber Security Centre. It has already published a range and technical advisory notices in recent times to alert potential targets and has been briefing states and territories on risks and mitigations.
Regrettably, this activity is not new. But the frequency has been increasing. The ACSC has also been actively working with targeted organisations to ensure that they have appropriate technical mitigations in place and their defences are appropriately raised. Thanks to the cooperation between the affected entities, the Australian Cyber Security Service and a range of private cyber security providers, we have been working together to thwart this activity. The purpose of raising this matter here today is to simply raise awareness of these specific risks. They are not new risks but they are specific risks and the targeted activities. And to advise you how Australians, and particularly these organisations, can take action to protect themselves. The Government's 2016 Cyber Security Strategy backed a $230 million investment over four years. This has strengthened Australia's cyber security foundations and stimulated private sector investment in cyber security and positioned Australia as a regional cyber security leader. The Government will release a new cyber security strategy in the coming months, and that will include significant further investments. We have also invested a further $156 million to build cyber resilience and expand the cyber workforce as one of our large election commitments and we invested additional funding for a whole of government cyber uplift programme.
But, in this environment, of course and increasingly, there is always more to do and we must continue to work together. Cyber security is a whole of community effort. Government, industry and individuals. That is why we are raising this matter today, to raise awareness of this important issue and to encourage organisations, particularly those in the health, critical infrastructure and essential services, to take expert advice and implement technical defences to thwart this malicious cyber activity. Australia has some of the best agencies in the world on these issues. And Australians, like I, I believe, have confidence in those organisations and they are doing their job and they are doing it effectively. But that is not to diminish or discount the risks that we now face in this modern world. These risks are present. They will continue to be present. It is part of the world in which we live. That is why these investments are necessary and the protections we put in place are necessary. The way we have to work together is necessary and we'll continue to do everything we can to keep Australians safe.
I’ll ask the Minister for Defence to make a further statement and then we have time for a few questions.
MINISTER REYNOLDS: Well, thank you very much, Prime Minister. There is no doubt that malicious cyber activity is increasing in frequency, scale, in sophistication and also in its impact. This activity harms Australia's national security and also our economic interests.
It's vital that all Australian organisations are alert to this threat and take steps to protect their own networks. All Australian organisations who might be concerned about their vulnerability to sophisticated cyber compromise can take these three simple steps to protect themselves.
Firstly, patch your Internet-facing devices promptly, ensuring that any web or e-mail servers are fully updated with the latest software. Secondly, ensure you always use multifactor authentication to secure your Internet access, infrastructure and also your cloud-based platforms. And thirdly, it's important to become an ACSC partner to ensure you get the latest cyber threat advice to protect your organisation online.
Today, the Australian Cyber Security Centre and the Department of Home Affairs have published a very detailed technical advisory which is available at cyber.gov.au. Now, this advisory provides all the necessary steps that Australian organisations must take to detect and also to mitigate these threats. I'd like to take this opportunity to thank sincerely the Australian Cyber Security Centre and the Department of Home Affairs for their work on this matter. They 24/7 protect the Australian Government, Australian organisations and individuals.
Finally, can I remind all Australians that cyber security is a shared responsibility of us all. For further advice on how to protect yourself from cyber threats, I urge all Australians today to visit cyber.gov.au for all the information you need to keep your organisation and your family safe online.
Thank you, PM.
PRIME MINISTER: Thank you, Linda. Just also as a matter of process, I advised the Opposition Leader's office last night at about 7.30pm last night. I was also able to get the same message to the premiers and chief ministers and a number of them have already been involved working with our agencies on issues. And in addition to that, there will be further technical briefings conducted with the states and territories today. To reinforce the point, we raised this issue today not to raise concerns in the public's mind, but to raise awareness in the public's mind. This is the world that we live in. These are the threats that we have to deal with. The fact that these threats present is not a surprise in this world in which we now live and the actions that we are taking are the actions that we need to take, and we will continue to be as ever vigilant as we possibly can.
JOURNALIST: So Prime Minister, have Australians personal details or their financial details been compromised in this?
PRIME MINISTER: The advice I have as the investigation’s been conducted so far have not revealed any large-scale personal data breaches.
JOURNALIST: PM, has this been raised or have you raised it with any other governments, leaders overseas? Is there anything that can be done with our allies to work against this attack and protect ourselves?
PRIME MINISTER: Well, we work closely with particularly our allies and partners when it comes to managing the issues of cyber security threats. That is a common topic, as you would expect, particularly through Five Eyes partners. I spoke to Boris Johnson last night about a range of matters, including this one, and there are other engagements with our partners and allies overnight.
JOURNALIST: Which state was it and if you won’t tell us that, is this the action of a friendly nation?
PRIME MINISTER: I'd simply say this, and that is, the threshold for public attribution on a technical level is extremely high. And so Australia doesn't judge lightly in public attributions and when and if we choose to do so, it is always done in the context of what we believe to be in our strategic national interest. What I simply can confirm is there are not a large number of state-based actors that can engage in this type of activity and it is clear, based on the advice that we have received, that this has been done by a state-based actor with very, very significant capabilities.
JOURNALIST: Are these the actions of a friendly nation?
PRIME MINISTER: I’ve made my statement on the issues you’ve raised.
JOURNALIST: Prime Minister, just to understand scale, it was quite a list of sectors and levels of government that you're talking about. Can you break that down into entities? Are we talking the hundreds here, the thousands, who have been targeted?
PRIME MINISTER: Well, there are many that have been targeted. But in terms of their success, that is not as significant. And as I said, the investigations undertaken to date as I related to Mark in his questioning. So we will continue to work closely with the agencies. As I said, today is about raising the awareness. I mean, obviously, those who are engaged in this are not doing this to help us. That's certainly not their intention. And so you could describe it as malicious and that is why our awareness levels need to be raised. And I really do want to thank, particularly, the private sector operators that we've been working closely with. The ASD has a very good relationship with organisations around the country and the contact and the disclosure that takes place and the engagement of our agencies working closely with them has been excellent and I want to thank them for their vigilance. But it is a reminder again that these things don't just occur in relation to state-based actors. We are aware of criminal-based cyber activity that, as we are aware of, has been affecting other corporates at the moment. You'll be aware that there are some other cases that are going on at the moment regarding Lion and a few others. They are not related to these events. They are other events.
PRIME MINISTER: Katharine?
JOURNALIST: Prime Minister, when did the attack start and when was it brought to your attention? And also, you said you're raising it to raise awareness in the community and business and governments. But is there something about the scale of this attack that is unprecedented?
PRIME MINISTER: Well, I don't know if I'd use that word. As you recall, some time ago, I spoke of these issues in the Parliament. So this is ongoing activity. It hasn't just started. This is a constant threat to Australia, as it is to many other nations, and you'd be aware of many other nations having highlighted similar activity in their jurisdictions. So this has been a constant issue for Australia to deal with. And so I wouldn't say that there's been any one event or any one instance. I mean, we have been dealing with cyber security threats from state-based actors for some time, and I've alerted the public to that before. So it has been an issue of ongoing management, defence and cooperation, working with private operators, other governments, all levels of government and other organisations.
JOURNALIST: To follow that up, PM, has it intensified in the last week or month, is it... what has prompted you to make a statement?
PRIME MINISTER: Well, as I said in my statement, I said the frequency has been increasing. Its frequency has been increasing.
JOURNALIST: In what time frame?
PRIME MINISTER: Over many months.
JOURNALIST: PM, you say we haven't sort of reached the threshold for public attribution. That's not going to stop people speculating it's China, particularly in light of their anger and trade retaliation and things like that for your advocacy of an inquiry into coronavirus. What do you say to people who link it to China, who will naturally think it is China, given they have form in this field?
PRIME MINISTER: Well, I can only say what I've said. The Australian Government is not making any public attribution about these matters. We, though, are very confident that this is the actions of a state-based actor. We have not gone any further than that. I can't control what speculation others might engage in on this issue or frankly or any other. I've simply laid out the facts as we know them and as we've disclosed today.
JOURNALIST: Obviously you're not going to reveal which state-based actor. But to confirm, do you know which state this is coming from?
PRIME MINISTER: Well, as I just said, the threshold for attribution on these issues is very high.
JOURNALIST: I’m asking, do you know where it is coming from?
PRIME MINISTER: This is my answer. I'm saying the threshold for being able to answer your question along those lines is very high. What I can confirm, with confidence based on the advice, the technical advice that we've received, is that this is the actions of a state-based actor with significant capabilities and there aren't too many state-based actors who have those capabilities.
JOURNALIST: Prime Minister, why do you think these institutions in these sectors that you outlined have been targeted?
PRIME MINISTER: Well, it's, as I've indicated, it's quite broad-based. And we've seen similar activity across a broad base in many other jurisdictions around the world. And I think what that does is just highlights that this is part of the new world we live in. Regrettably, this is not peculiar. This is part of the many threats that Australia has to deal with. And I think that highlights, I think, the Government's early action under the former Prime Minister and I remember being there with him on the day when the Cyber Security Strategy was released. That was a forward-thinking plan, with a forward-thinking investment and they are investments that I have continued on as Prime Minister, at the time I was Treasurer. They were important investments for us to make and I'm glad we made them and we're continuing to make them and as I flagged today, we'll be making more, because this is what keeping Australia safe looks like to make those investments. There, of course, can't be any guarantees in this area. It is an area of rapidly advancing technology. But that's why our technical experts have worked so closely with the sector to be able to give the technical advice and the information that Linda has outlined to you today. And I'd encourage people to avail themselves of that. But for many of those who have already been working with us, they would already have that information.
JOURNALIST: Is the motivation of these attackers to obtain state secrets, commercial intellectual property, or is it the personal data of everyday Australians? What is the motivation?
PRIME MINISTER: Well, it's very difficult to understand what one's motivation might be for that and what is of interest to us is that it is occurring and what we are focused on is the practises that they are employing. And we have some of, if not the best agencies in the world working on this and that means that they are putting all of their efforts in thwarting these attempts. And I can confirm that they have thwarted many. But this is a very complex area and it requires constant persistence and application and that's what they're doing. So I raised this not to raise the concerns of Australians, but in many ways to reassure Australians that we understand what's going on here and we're addressing it to the best of our capabilities and we're in a position to do that better than most countries in the world. We know it's going on. We're on it. But it is a day to day task that we're applied to and we will continue to do that to keep Australians safe. And if there are further updates from I or the Minister to provide, we will be doing that and indeed any other agencies and we'll keep working closely with them. But as you know, as a result of this, I've made some changes to my programme this morning, which I'm now going to return to. I'll be standing up again later today in another context. But I appreciate you coming together this morning. Thank you very much.