It was a moment of farce just hours after a sombre-sounding Australian prime minister delivered the grim news that a wide range of the nation’s public and private sector organisations “are currently being targeted by a sophisticated state-based cyber actor”.
What, journalists wanted to know, did Scott Morrison mean by “currently” experiencing these attacks?
“I mean currently,” Morrison replied curtly.
Pressed on the fact there were headlines reflecting the interpretation Australia was under cyber-attack right now, Morrison observed that the government “doesn’t write the headlines” – which technically is correct, even though it was his announcement in Parliament House’s “Blue Room” on Friday that sparked those very headlines.
Reporters who gathered at the site of the Snowy 2.0 project later that morning for Morrison’s originally scheduled press conference persisted; they informed the high-vis-vest-wearing PM they were only seeking clarification because there had been a lot of anxiety generated since the announcement.
Almost too perfectly, the prime minister’s official transcript recorded his response to that final question as “[Inaudible]”, given the noisy earthmoving equipment operating in the background to the presser. (For the record, he said he thought he had been “very clear” in his earlier statements.)
In one sense, Morrison’s reluctance to be drawn on the details is understandable, given the sensitivities involved. But the curious way in which this latest national security threat was presented to the public invited a raft of follow-up questions, in that the prime minister noted simultaneously that the frequency of the malicious activity had been increasing “over many months” and was a cause for extra vigilance, but that he wouldn’t use the word unprecedented. While it was deemed important enough to spark an early-morning press conference, it was “not a surprise” that such threats were present in the current world.
We weren’t to be told when these particular intrusions began and when Morrison was first briefed.
If nothing else, Morrison’s decision to go public helped shine attention on newly issued advice from the Australian Cyber Security Centre about the routine housekeeping that businesses and organisations across the country should be doing to reduce the risk of a security breach.
The centre noted that because all of the exploits used by the attacker had patches or mitigations already available, it was a reminder to organisations to ensure their systems were kept up to date with any fixes promptly installed. And it reaffirmed the essential advice that multi-factor authentication should be switched on across all remote-access services. As my colleague Josh Taylor notes, this is basic cyber hygiene.
The wake-up call is timely: while government and military systems are already likely to have tight defences, Australian security agencies are well aware of potential weak points in businesses, academia and other organisations that hold troves of information that could be valuable to a hostile intelligence service.
But some observers well-versed in security matters think there is something else going on here, and that the truly intended audience was overseas. Note how Morrison indicated the “malicious” intrusions were carried out “by a state-based actor with very, very significant capabilities” and “there are not a large number of state-based actors that can engage in this type of activity”.
Peter Jennings, head of the Australian Strategic Policy Institute and a former senior defence official, says he believes the government is raising the matter publicly without openly naming the chief suspect – China – in an attempt to send a signal to Beijing to moderate its behaviour after recent diplomatic tensions.
“I think what’s going on here is we’re attempting to apply a little bit of pressure back to China after they have been pressuring us. But there is also a point in the Morrison approach which says to China, ‘Look, we won’t name you.’ Maybe the view is ‘if you started playing a little nicer with us, we won’t do that’.”
For what it’s worth, Jennings thinks this particular attempt to influence China has “almost zero” chance of succeeding. But his view about the government’s thinking is backed up by former Office of National Intelligence analyst Ben Scott. Writing for the Lowy Institute’s Interpreter, Scott notes that Australia – like many countries – is wrestling with how to manage growing cyberspace-based rivalry and looking for a way to “deter adversaries without provoking them”.
This accords with some of Morrison’s final words in the Blue Room. He didn’t want to concern Australians, he insisted, but to reassure them that agencies understood what was happening and would keep plugging away. “We know it’s going on. We’re on it.”
In other words, the message for domestic consumption is: keep calm and carry on (and, by the way, no more questions).