The federal government should make a routine of publicly attributing nation-state cyber attacks rather than leaving it to media leaks, according to ASPI’s Fergus Hanson, as a new report suggests China was behind a “sophisticated” breach of Parliament earlier this year.
Reuters reported on Monday morning that the Australian Signals Directorate had found that China’s Ministry of State Security was responsible for a “sophisticated” cyber attack on Parliament and Australia’s three largest political parties last February.
Five sources spoke to Reuters for the report, and said that government had known since March that Australian intelligence agencies believe China was behind the attack, but it is yet to make a public attribution.
It was revealed in February that a “sophisticated” hacker, believed to be a nation-state, had breached the network of Parliament, and also accessed the networks of the Liberal, Nationals and Labor parties.
According to Reuters, the ASD report recommended keeping the findings secret to avoid a dispute with China and damaging trade with the economic powerhouse.
But Mr Hanson, the director of the Australian Strategic Policy Institute’s International Cyber Policy Centre, said all signs point to the government leaking the information to the media.
“It looks to be a deliberate leak from the government. You don’t normally get five officials lining up on an official decision just by chance, and there are no claims that they’re going to investigate it,” Mr Hanson told InnovationAus.com.
“It looks very squarely deliberate with an intent to let the public know it was China behind the attack. And the way this has been done, through a leak to a media outlet, is consistent with all the other cases of China breaching our systems.”
It has also been previously reported that the Chinese government was to blame for cyber attacks on the Bureau of Meteorology, the Australian National University and a number of military subcontractors, but the federal government also did not go public with these claims in these cases.
The lack of public attribution would do little to deter further attacks in the future, Mr Hanson said.
“We haven’t reached that point of making the attribution to China ourselves, and that’s a bit of a shame,” he said.
“Without being able to do that you can’t create deterrents, and you’re left with a permissive environment. It’s signalling that you’re not confident to make the declaration, and that effectively creates an overall permissive environment.”
It should be common practice for the federal government to go public with these attributions, he said.
“We need to make it routine to do attributions in serious cases, and we should be country-agnostic about it. We’ve done it for Russia and North Korea, there’s no reason we can’t do it for China. We need to make it routine,” Mr Hanson said.
“The first one is a bit of a threshold to get over, but we need to do it as standard practice and call them out. We need to be clear that this behaviour is unacceptable.”
At the end of March, the federal government unveiled a new $44 million foundation to “turbo-charge” bilateral ties with China, likely after the Coalition had been told that its intelligence agency believed China was behind the cyber attack on Parliament.
“That’s very unusual timing that you’d announce the establishment of that fund right after reaching the conclusion that they’d busted into your Parliament and political parties. That’s pretty mixed messaging,” Mr Hanson said.
In a statement, China’s foreign ministry denied that it was behind the February cyber attack on the Australian Parliament and three major political parties.
“When investigating and determining the nature of online incidents there must be full proof of the facts, otherwise it’s just creating rumours and smearing others, pinning labels on people indiscriminately,” it said.
“China hopes that Australia can meet China halfway, and do more to benefit mutual trust and cooperation between the two countries.”