A “very interesting” report on the hacking of the networks of Australia’s three largest political parties and Parliament by a “sophisticated state actor” is unlikely to ever be made public, even in redacted form, according to the Senate president.
Appearing before a Senate Estimates hearing on Monday afternoon, Senate president Scott Ryan confirmed he had received a report into the hacking incident a week ago, and is now awaiting a “layperson’s briefing” because he couldn’t understand about 20 per cent of the technical aspects.
At the start of this year it was revealed that a “sophisticated state actor” was responsible for breaching the networks of the Liberal, Nationals and Labor Parties and the Parliamentary computing network.
At the time, the government confirmed that a nation-state was behind the attack.
A Reuters report in September claimed that the Australian Signals Directorate had found that China’s Ministry of State Security was responsible for the attack, and the government had been informed of this in March.
Centre Alliance Senator Rex Patrick questioned Senator Ryan over whether the government would be publicly attributing the attack.
“I’m not going to go to that content. I don’t believe it is appropriate for public consumption. I don’t think that these matters are appropriately canvassed in a public forum,” Senator Ryan told Senate Estimates.
It’s also unlikely that the final report into the hack will ever see the light of day.
“I am not convinced that publishing the report I have received, even in redacted form, will be helpful. It is purely a personal view – I haven’t discussed it with the Speaker or officials,” Senator Ryan said.
The senate president did say that the report is “very interesting”, but that he was awaiting a simplified version of it.
“I think I understood about 80 to 90 per cent of it, but there were some technical aspects to it, and I want to make sure that what I think I understood was correct,” he said.
“There are obviously implications for our future security as a parliament, as well as our cooperation with various agencies.”.
“When this happened earlier in the year, I like to think that we also led by example by disclosing as much as we could at the time and as much as was appropriate, including about mechanisms that have been put in place to attend to it. Because I agree with that approach. I think it builds confidence.”
Despite five sources telling Reuters that the government had confirmed China was behind the attack, the government is still yet to publicly attribute it, and appears unlikely to ever do so.
This comes despite Home Affairs minister Peter Dutton recently claiming that the government has a “right to call out” China on cyberattacks and intellectual property theft.
This was criticised by shadow assistant minister for cybersecurity Tim Watts, who said that while Mr Dutton is “talking tough” on the issue, the government’s approach to the issue is muddled and it’s “hard to know” how it will attribute attacks.
The federal government should be making a routine of publicly attributes attacks such as the one this year on Parliament, Australian Strategic Policy Institute International Cyber Policy Centre director Fergus Hanson said.
“Without being able to do that you can’t create deterrents, and you’re left with a permissive environment. It’s signalling that you’re not confident to make the declaration, and that effectively creates an overall permissive environment,” Mr Hanson told InnovationAus.com.
“We need to make it routine to do attributions in serious cases, and we should be country-agnostic about it. We’ve done it for Russia and North Korea, there’s no reason we can’t do it for China. We need to make it routine,” he said.
“The first one is a bit of a threshold to get over, but we need to do it as standard practice and call them out. We need to be clear that this behaviour is unacceptable.”