Australia must prepare for a “dystopian future” in which increasingly digitally connected cities may be “held hostage through interference in everything from traffic lights to surgery schedules”, a senior minister has warned.
Clare O’Neil said the Medibank, Optus and Latitude data breaches were only the “tip of the iceberg” in the cyber threats Australia faced in the years ahead.
The minister for home affairs and cybersecurity announced the launch of a new series of exercises to respond to attacks on critical infrastructure.
O’Neil told the Sydney Dialogue conference on Tuesday that Australia faced “a scale and intensity in the threat landscape that far outstrips the recent cases we have seen”.
She described state-sponsored attackers as “the apex predators” and said Australia and other like-minded countries would “call out and attribute these threats where it is in our national interest to do so”.
“But today I want to make the case that the global gang of bad cyber actors and those operating in the grey zone between nation state intent and financially motivated criminal conduct are also just as important when considering cybersecurity as national security.”
O’Neil said financially motivated cyber actors and extortionists were “public enemy number one”.
“These groups subvert legitimate business models for financial gain, creating online portals for ‘hacking as a service’ where anyone can purchase the tools and support necessary to conduct a cyber incident or data, especially in the form of a ransomware attack,” she said.
O’Neil, who is overseeing the creation of a new 2030 cyber strategy, said she believed the conversation about cyber threats was “too much in the here and now”.
She said technology was reshaping cybercrime. While a majority of data breaches today could be traced to human error, she expected to see “more attacks that are purely technological, and that makes them harder to defend against”.
More and more aspects of life were moving online. “The Internet of Things will see billions more devices connected to the internet – from our baby monitors to our toasters – and we’ll have more digitised cities,” O’Neil said.
She said she did not want to be alarmist, because “ultimately technological shifts are at their core neutral – it is all about how you harness them”.
“Let me be clear, I’m not saying the following dystopian future will happen, but if there is one thing I’ve learned in the cybersecurity portfolio is that you need to plan for the most consequential scenario and work to stop it,” O’Neil said.
She asked her audience to “consider a world” where artificial intelligence-driven movements outpaced cyber defences and quantum computing allowed an attacker to compromise previously secure highly sensitive data.
“Instead of data breaches, we could have data integrity attacks – where small errors are induced in compromised sets with outsize implications, such as financial records,” O’Neil said. “And our interconnected cities are held hostage through interference in everything from traffic lights to surgery schedules.”
O’Neil announced that the federal government would launch a series of national cyber exercises focusing on critical infrastructure.
These aimed to “build muscle memory in how to deal with a cyber-attack – and importantly cover the types of incidents we have not yet experienced on a national scale – such as a lock-up of critical infrastructure or integrity attacks on critical data”.
O’Neil praised Australians for being steadfast “despite their data, in some cases their most sensitive information, being needlessly compromised”.
“First of all, ordinary Australians and the media didn’t even think of playing the voyeur in seeing what data they could access on the dark web,” she said. “In the national mind, diving into stolen data, people’s personal data, was a red line that very few actors had crossed.”
O’Neil was speaking at an event organised by the Australian Strategic Policy Institute. The deputy prime minister, Richard Marles, told the same event earlier on Tuesday that Australia must be at the forefront of technological innovation.
While there had been intense focus on the nuclear-powered submarine element of the Aukus agreement with the US and the UK, Marles said the three countries were also collaborating in areas such as hypersonics and artificial intelligence. He said this work on emerging tech would be “fundamentally important for our nation as well”.
• This article was amended on 4 April 2023 to change incorrect references to Medicare that should have said Medibank.