analysis The recently released Commission of Audit report recommends that the Australian government needs to become “digital by default”. The continued shift to digital service delivery is intended to reduce costs, improve quality of service and provide greater transparency. But it will also open up new vulnerabilities to cyber attacks that could be used to access secure and confidential data, compromise the integrity of trusted authorities and disrupt critical services.
In a report launched yesterday at the CeBIT cybersecurity conference in Sydney, we outline cybercrime trends which could feasibly shut down critical utility infrastructure such as energy grids and defraud the healthcare system to the tune of A$16 billion by 2023. The recent Heartbleed security bug is a telling example of the evolving nature of cyber threats, with the vulnerability impacting many popular websites and going undetected for almost two years.
The shift towards digital commercial services will continue to play a key role in driving the economy and society forward, as these services become increasingly embedded into business operations across a wide range of industries.
The healthcare industry is looking to digitisation to reduce spiralling costs while meeting changing patient needs and improving the care experience. The adoption of electronic health records will allow physicians to easily create and share medical records and other important patient data.
Investment in cloud computing will drive efficiencies and allow interoperability between provider systems. And new diagnostic and non-invasive sensor technologies will improve remote monitoring and telehealth solutions.
Similarly, digital infrastructure will transform the energy industry. Smart grids and smart meters will allow providers to better forecast and adjust to peak demand, driving improved pricing models and optimised production. And in-home energy management devices will connect with smart appliances and allow consumers to monitor, control and optimise consumption automatically.
Alongside critical industries, consumers are also becoming more digitised, with a growing number of devices connected to the network. This goes beyond personal computers, smartphones and tablets to include wearable devices, sensors and interactive displays such as in-home energy monitors. The number of devices connected to the internet is expected to increase to as many as 50 billion by 2020.
This increased dependence on technology, combined with the evolving complexity of cybersecurity threats will increase our level of vulnerability – at a national, organisational and individual level.
The Department of Defence estimates that 5.4 million Australians were victims of cybercrime in 2012 and independent estimates put the cost of cybercrime in Australia as high as A$2 billion per year. Left unchecked, these figures will continue to rise in coming years as cyber attacks become more sophisticated and harder to detect.
As more data and processing continues to move to public networks and the cloud, traditional network boundaries are dissolving, leading to new challenges in how we secure data and infrastructure across virtual locations. The tools needed to carry out a cyber attack are becoming more widely available, opening up attack opportunities to a wide range of would-be attackers, from disgruntled corporate insiders seeking retribution, to “hacktivists” promoting a cause, to corporate espionage and criminal syndicates using cyber breaches as a means for financial gain.
An April report by the Australian Strategic Policy Institute (ASPI) ranked Australia second in cybersecurity capabilities in the Asia-Pacific region. But Australia cannot remain complacent in its approach to cybersecurity. Our strategies and tools need to evolve and keep pace with rapidly advancing cyber challenges.
To address these emerging threats, Australia will need a change in perspective, recognising that cybersecurity is not solely a technology challenge. It is also a cultural challenge; one that extends beyond traditional information security practises. Because attackers frequently exploit the weakest link, cybersecurity will need to be viewed as a shared responsibility with everyone having a role to play in ensuring the security of the entire digital ecosystem.
This will need:
- A commitment to improved education and training to make users aware of the risks and consequences of their actions
- Improved software and system design that integrates effective security as naturally and invisibly as possible
- New technologies to prevent and respond to future cyber threats.
We are working on these challenges, through improved digital identity systems that will make it easier to verify identities and establish trust in collaborative environments and through researching new homomorphic cryptography techniques that allow processing secure data without needing to decrypt it. CSIRO’s research in data analytics and machine learning could also contribute to new innovations that make it easier to detect and quickly respond to network anomalies.
Future attacks will likely be beyond the response capabilities of any one organisation. Successfully navigating the road ahead will require a whole-of-nation effort, harnessing the full range of resources available across our economy.
Alongside existing national and defence-related strategies, the research community in partnership with industry and government have a vital role to play, through applying innovation and cutting-edge technology to the people, process and technology solutions needed going forward. Through the integration of knowledge, ideas and resources, we can ensure strong cybersecurity capability is at the core of the digitally-enabled future of Australia.