As a recap, Australian prime minister, Scott Morrison, spoke about the recent cyber attacks at a conference in Canberra (Hurst, 2020). He stated that, “malicious cyber-activity was ‘increasing in frequency, scale, in sophistication and its impact,” but did not attribute an attacker (Hurst, 2020). Morrison did state, however, that the attacker was “state-based” and had “very significant capabilities” (Hurst, 2020). Targets ranged from every level of government, to education and health organizations, and more (Hurst, 2020).
According to the Guardian, the 2020 Cyber Security Strategy Industry Advisory Panel is meant to, “provide strategic advice and guidance on the development of the 2020 Strategy,” and consists of six members. Members include:
- Andrew Penn (Chair) – Chief Executive Officer and Managing Director, Telstra
- Mr Robert Mansfield AO – Chair, Vocus Group
- Ms Robyn Denholm – Board Chair, Tesla
- Mr Chris Deeble AO CSC – Chief Executive, Northrop Grumman Australia
- Mr Darren Kane – Chief Security Officer, NBN Co
- Ms Kirstjen Nielsen (appointed on 18 December 2019) – Former US Secretary of Homeland Security
(Australian Department of Home Affairs, 2020)
Some of the recommendations pushed forward by the panel include calls for more transparency about cybersecurity, more consistent communication from the government, more proactive cooperation between government and industry, and attribution of cyberattackers, when possible (Taylor, 2020).
The panel, “called on the federal government to adopt a more ‘forward-leaning posture’ on the attribution of attacks, and deterrence, including using industry-provided information in order to alert the public of cybersecurity incidents. They also criticized the government for their lack of centralized, and inconsistent, communication to the public (Taylor, 2020). The panel also called for allowing companies like Telstra, a telecom company, to, “block malicious websites and other sources of attacks on Australian internet users” (Taylor, 2020). In addition, these companies need to be protected when they are under cyber attack, and should fall under safe harbour laws when sharing information, even classified, with government agencies (Taylor, 2020).
Lastly, the panel set their sights on, “using attribution as a form of deterrence” (Taylor, 2020). Along with utilizing economic and diplomatic sanctions, the panel plainly states that attribution is an important deterrent, and, “countries that conduct cyber attacks against Australia should be named and face serious consequences” (Taylor, 2020). However, the panel did state that attribution is, “‘very complex’ due to the nature of international affairs, and that there is a right time and way to do it (Taylor, 2020).