Tag Archive for: cyber crime

State-sponsored economic cyber-espionage for commercial purposes: Assessing the preparedness of emerging economies to defend against cyber-enabled IP theft

Introduction

Strategic competition is deepening existing tensions and mistrust between states and prompts nations to develop capabilities that they consider central to sovereign national power. Technological capabilities sit at the centre of this. It’s therefore not surprising that governments around the world are seeking technological advantage over their competitors and potential adversaries. In this context, safeguarding intellectual property (IP) has become necessary not just because it’s an essential asset for any modern economy—developed or emerging—but because it’s also increasingly underwriting national and regional security.

Today, middle-income countries1 ‘World Bank country and lending groups’, World Bank, 2024, online. that are seeking to progress in the global value chain are home to vibrant knowledge-intensive sectors. Some of the world’s largest science and technology clusters are located in São Paulo and Bengaluru, for example.2 Other exemplars include the biochemical industry in India, information and communication technology (ICT) firms in Malaysia and petroleum processors in Brazil. In fact, countries such as Brazil, India, Indonesia, Mexico and Vietnam have emerged as increasingly major producers of knowledge and innovation.3

Perhaps reflecting that changing reality, it’s middle-income countries that are confronted by increasing attempts to deprive them of their economic crown jewels. In our report State-sponsored economic cyber-espionage for commercial purposes: tackling an invisible but persistent risk to prosperity, ASPI estimated that the number of state-sponsored cyber incidents affecting private entities in Southeast Asia, South Asia, Latin America and the Middle East increased from 40% in 2014 to nearly 60% in 2020.4 To be clear: economic espionage isn’t new. But it’s the growing scale and intensification of economic cyber-espionage for commercial purposes—and as an integrated tool of statecraft—that is a cause for concern.

The promise of 2015

In September 2015, a bilateral summit between Chinese President Xi Jinping and then US President Barack Obama laid the foundation for an international norm against cyber-enabled theft of IP for commercial gain. The joint communique produced at the end of the summit highlighted that China and the US had reached an understanding not to ‘conduct or knowingly support cyber-enabled theft of IP, including trade secrets or other confidential business information, with the intent of providing competitive advantages to companies or commercial sectors’. This—critically—recognised a distinction between hacking for commercial purposes and hacking for national-security purposes. Building on that apparent progress, the 2015 G20 Antalya leaders’ communique on ICT-enabled theft of IP established bounds for responsible state behaviour in cyberspace—what was described at the time as a landmark moment.

However, the promise of that seemingly historic moment has not been realised since. Rather than seeing this practice stop, cyber-enabled theft of IP quadrupled between 2015 and 2023. Higher barriers to market access across China, the US and Europe—the result of tit-for-tat behaviour seeking to bolster local technological capabilities, reduce dependence on high-risk vendors, achieve greater strategic autonomy and/or counter unfair advantage—have combined to incentivise irresponsible behaviour by malign states.

China’s and the US’s adherence was always going to be critical to the continued strength and legitimacy of any international norm against cyber-enabled economic espionage. However, bilateral relations between Beijing and Washington devolved in the period after 2015. During the first Trump administration, the US drew a clearer connection between economic and national security. That included explicitly calling out in 2020 China’s theft of American technology, IP and research as a threat to the safety, security and economy of the US. The Trump administration also established the China Initiative, which investigated and prosecuted perceived Chinese spies in American research and industry. While the Biden administration closed the China Initiative, it has continued efforts to protect American IP. That includes through the passing of the Protecting American Intellectual Property Act of 2022, which empowers the US President to sanction entities seen to benefit from or sponsor trade-secret theft.5

For its part, China may never have intended to uphold its commitment to the norm over the long term. China may have endorsed a commitment against economic cyber-espionage as a strategic move to accelerate domestic initiatives, such as rooting out corruption in the People’s Liberation Army and refining Chinese hacking methods to be more sophisticated and less conspicuous.6 Alternatively, the lack of a clearly articulated distinction between hacking for competitive advantage and hacking for national-security purposes under Obama and Xi’s agreement may have contributed to the current situation. In any case, the threat of economic cyber-espionage continues to spiral rapidly, increasingly affecting emerging economies as well.

Emerging economies in the Global South, including members of the G20, have been the most vulnerable to that backsliding. India, Vietnam and Brazil have become important and impactful IP-producers, but their means to protect that innovation have lagged—unfortunately creating an expanded attack surface without the commensurate resilience. Still coming to terms with the scope and nature of the threat, they and other similar governments have so far introduced higher-end requirements and support arrangements for their own systems, and for operators of critical infrastructure and critical information infrastructure. However, most other industries—even when they’re substantial contributors to national GDP, high-value IP holders and the enablers for economic advancement—have been left out.

Building capacity to defend against cyber-enabled theft of IP

This report is a first-ever analytical exercise that examines the vulnerability of emerging economies in the face of economic cyber-espionage. It’s a culmination of two years of research and stakeholder engagement across the Indo-Pacific and Latin America. The focus has been on investigating perspectives on the threat of economic cyber-espionage and the degree to which major emerging economies are prepared to respond. The first of the three reports in the compendium—published in late 2022—examined state practices of cyber-enabled theft of IP. It found that, since 2015, the number of reported cases of economic cyber-espionage had tripled. Further, it found that the scale and severity of incidents had grown proportionally with the use of cyber technology as a tool of statecraft for securing economic and strategic objectives.

This specific report is the second in the compendium of three. It considers Chinese and US perspectives in the first instance—recognising their criticality to the effectiveness of any international norm. It goes on to assess the level of vulnerability across Argentina, Brazil, Colombia, India, Indonesia, Malaysia, Mexico, Peru, the Philippines, Thailand and Vietnam. This is because it’s those economies in South Asia, Southeast Asia and Latin America that are experiencing some of the world’s most rapid knowledge and innovation production. Each country has been assessed and given a risk label indicating its vulnerability based on a diagnostic tool developed by ASPI.

The third of the three reports in the compendium goes beyond analysing the problem. Through a mapping of responses, it identifies and presents a capture of best practice. The purpose is to support vulnerable states in defending their economic ‘crown jewels’—that is, critical knowledge-intensive industries. It offers a capacity-building checklist intended to help policymakers make sense of the cyber-threat landscape and respond to protect private entities from economic cyber-espionage.

References

  1. ‘World Bank country and lending groups’, World Bank, 2024, online. ↩︎
  2. ‘Science and technology cluster ranking 2023’, World Intellectual Property Organization (WIPO), online.
    ↩︎
  3. ‘2023 Global Innovation Index’, WIPO, online.
    ↩︎
  4. Gatra Priyandita, Bart Hogeveen, Ben Stevens, State-sponsored economic cyber-espionage for commercial purposes: tackling an invisible but persistent risk to
    prosperity, ASPI, Canberra, 2022, online. ↩︎

  5. ‘Protecting American Intellectual Property Act of 2022’, US Congress, online. ↩︎
  6. Jack Goldsmith, ‘US attribution of China’s cyber-theft aids Xi’s centralization and anti-corruption efforts’, Lawfare, 21 June 2016, online. ↩︎

Tag Archive for: cyber crime

Myanmar’s scam centres demand ASEAN-Australia collaboration

China’s crackdown on cyber-scam centres on the Thailand-Myanmar border may cause a shift away from Mandarin, towards English-speaking victims. Scammers also used the 28 March earthquake to scam international victims.

Australia, with its proven capabilities to disrupt cybercrime networks, should support the Association of Southeast Asian Nations’ efforts to tackle this kind of transnational organised crime. Doing so would also help ease pressure on Australian policing and cyber capabilities, which deal with thousands of cybercrime reports each year.

Myanmar’s border regions, particularly around Myawaddy, are infamous for scam compounds. Victims—often lured by fake job ads on social media—are trafficked to these sites. Upon arrival, they’re forced to hand over their IDs and mobile phones, and are then forced to engage in love scams, crypto fraud, money laundering and illegal online gambling. The United Nations estimates around 120,000 people are trapped in Myanmar alone, with another 100,000 in Cambodia and unknown numbers in Laos, the Philippines and Thailand.

For years, Chinese authorities ignored this criminal enterprise. But when Chinese actor Wang Xing disappeared, a viral plea from his girlfriend on microblogging site Weibo triggered action. Within hours, Xing was released, sparking outcry on the social media from families of 1800 missing Chinese nationals believed to have been trafficked.

Xing’s rescue highlights the power of grassroots mobilisation but also exposes the systemic law enforcement failures on the border. While Nay Pyi Daw tolerates these scam centres, the operations persist due to selective enforcement from authorities in neighbouring China and Thailand, leaving the power networks behind them unscathed.

After public pressure, Chinese President Xi Jinping took action and met with Thai Prime Minister Paetongtarn Shinawatra in February. Following the high-level meeting, Thailand immediately cut electricity, internet and gas supplies to five towns known for harbouring cyber-scam centres. However, these efforts remain largely performative as Myanmar junta-allied actors also position themselves as part of the crackdown, such as Saw Chit Thu‘s  Border Guard Force, despite its complicity in scam compounds. While more than 7000 people have been released, far more remain trapped. Syndicates continue to evolve, securing alternative electricity sources, switching to Starlink satellite connections, and potentially relocating their operations elsewhere.

China’s shifting approach towards Myanmar complicates matters. Its increased support for Myanmar’s military regime pushed the cyber-scam syndicates into areas controlled by the junta and its allied ethnic militias. Criminal activities accelerated and diverted their recruitment to English-speaking targets.

China’s response is also inherently reactionary and limited, doing little for victims in other countries such as Cambodia and Laos. While China’s diplomatic influence has led to some progress, victims from other countries, such as the Philippines and Indonesia, lack similar leverage to pressure host governments.

This calls for a more holistic and coordinated regional approach. It should focus on preventing modern slavery and combatting cyber and cyber-enabled crimes, and should include ASEAN as well as partners such as Australia.

ASEAN has a rudimentary structure to facilitate intra-regional intelligence sharing, joint investigations and coordinated rescue operations. ASEANAPOL and INTERPOL’s Singapore-based operations support coordination among regional police forces. While this has led to many arrests and seizures of assets, the overall effort falls short of dismantling criminal enterprises.

Last year’s launch of the ASEAN Computer Emergency Response Team was a positive move, strengthening the region’s ability to address cybersecurity incidents. But efforts to dismantle cyber-scam networks in Myanmar remain limited due to protection from junta-backed militias.

This situation should prompt greater Australian involvement. Australia’s offensive cyber capabilities helped disrupt cyber-crime networks, such as Lockbit and ZServers. In November, the Australian Federal Police, working with Philippine authorities, took down a major scam syndicate in Manila under Operation Firestorm, seizing digital evidence to trace Australian victims and disrupt global fraud operations.

With thousands of Australians falling victim to scam operations, Australia’s cybercrime-fighting efforts should prioritise taking down overseas scam networks. This could be done by strengthening skills and capabilities of cyber detectives and offensive cyber operators in the region, for instance through capacity-building workshops and mission-specific training. However, the government should also be prepared to use its political and economic heft to pressure host nations that allow such criminal activities, using tools such as ministerial interventions, attributions and cyber sanctions.

The Fifth ASEAN Digital Ministers’ meeting earlier this year stressed the need for international collaboration on implementing additional measures to prevent cross-border scams. While the roles of China, Japan, the United States and Russia were mentioned, Australia is not yet engaged. This is an opportunity for Australia to increase its collaboration with ASEAN, especially in the wake of the recent Myanmar earthquake, which scammers exploited through fake clickbait donations and malicious links.

Australia has committed to provide $2 million for Myanmar’s disaster response. Yet, targeted initiatives to address cyber scams would bolster defences against transnational cybercrime and create a safer global environment.

The threat spectrum

 

Information operations

Australia has banned cybersecurity software Kaspersky from government use because of risks of espionage, foreign interference and sabotage. The Department of Home Affairs said use of Kaspersky products posed an unacceptable security risk to the Australian government, networks and data. Government agencies have until 1 April 2025 to remove the software from all systems and devices. The ban follows a February decision to ban Chinese-owned AI platform DeepSeek from all government systems and devices.

Among members of the Five Eyes intelligence partnership, Canada, Britain and the United States had already announced restrictions on use of Kapersky products. The US banned sales and licensing of Kaspersky products within the US or by US citizens last year over fears of Russian control and influence over the company. Kaspersky said the US decision arose from the current geopolitical climate rather than technical assessments of its products.

Follow the money

Talks in Canberra last week over the future of Darwin Port and its lease to Chinese infrastructure operator Landbridge Group ended in a fizzle. Northern Territory officials met with federal counterparts after federal Labor member of parliament Luke Gosling said the government was examining options for buying back the 99-year lease. The federal opposition supported that proposal, citing the strategic significance of the port for Australian and US defence posture in the country’s north.

But last week’s meeting ended with no clear pathway forward. Northern Territory Infrastructure Minister Bill Yan expressed dismay that the federal government, citing election timing, declined to make concrete commitments about the port.

The meeting followed recent uncertainty over Darwin Port’s finances. Last November the Port disclosed a $34 million net loss for the financial year 2023–24. The port company also said Landbridge had defaulted on corporate bonds worth $107 million and might sell some of its Chinese assets in coming months.

Terror byte

A new report from Australia’s eSafety Commissioner reveals that between April 2023 and February 2024 Google received 258 user reports of suspected deepfake terrorist content made using its own AI software, Gemini. Commissioner Julie Inman Grant characterised these and other gaps in Google’s content moderation as ‘deeply concerning’.

The commissioner issued transparency reporting notices to Google, Meta, WhatsApp, X, Telegram and Reddit in March 2024 requiring each company to report on its progress in tackling harmful content and conduct online. X challenged the notice in the Administrative Review Tribunal, and Telegram has been fined over $950,000 for its delayed response. The commissioner’s report, released last week, finds Big Tech’s progress on content moderation unsatisfactory, highlighting slow response times, flawed implementations of automated moderation, and the limited language coverage of human moderators.

The eSafety commissioner has repeated calls for platforms to implement stronger regulatory oversight and increase transparency on harm minimisation efforts. This follows the latest annual threat assessment from the Australian Security Intelligence Organisation, which stressed the importance of stricter content regulation in prevention against radicalization and highlighted the role that tech companies can play in this domain.

Democracy watch

The New South Wales state government introduced new hate-crime laws into parliament in response to rising antisemitic and Islamophobic violence, including a 580 percent increase in Islamophobic incidents and threats against places of worship. These laws, which the parliament passed, expanded offences of advocating or threatening violence, imposed mandatory minimum sentences and strengthened measures to prevent ideologically motivated attacks. While intended to safeguard public safety and national stability, they have sparked concerns regarding possible infringement of democratic principles, particularly freedom of expression.

While these laws aim to curb hate-fueled violence, critics argue that they may limit free expression. Others say they create loopholes. The legislation permits individuals to cite religious text in discussions, shielding certain forms of extremist rhetoric from prosecution. Additionally, the introduction of mandatory minimum sentences has been criticized for potentially undermining judicial discretion and disproportionately affecting marginalised groups.

Planet A

Tropical Cyclone Sean forced Rio Tinto to shut down Dampier port in Western Australia for five weeks in early 2025, costing 13 million metric tons in lost exports. In 2019, Cyclone Veronica closed Port Hedland, reducing Rio Tinto’s iron ore production for the year by an estimated 14 million metric tons. More recently, in February 2025, Cyclone Zelia closed Port Hedland and Dampier, disrupting iron ore shipments and halting operations at BHP, Rio Tinto, and Fortescue Metals.

An ASPI report released on the 50th anniversary of Cyclone Tracy recommended that disaster resilience must go beyond infrastructure reinforcement. To mitigate climate risks, the country also needs advanced predictive technologies, such as satellite monitoring, and early warning systems.

Reaction isn’t enough. Australia should aim at preventing cybercrime

Australia’s cyber capabilities have evolved rapidly, but they are still largely reactive, not preventative. Rather than responding to cyber incidents, Australian law enforcement agencies should focus on dismantling underlying criminal networks.

On 11 December, Europol announced the takedown of 27 distributed platforms that offered denial of service (DDoS) for hire and the arrest of multiple administrators. Such a criminal operation allows individuals or groups to rent DDoS attack capabilities, which enable users to overwhelm targeted websites, networks or online services with excessive traffic, often without needing technical expertise.

The takedown was a result of Operation PowerOFF, a coordinated and ongoing global effort targeting the cybercrime black market. While the operation has demonstrated the evolving sophistication of international law enforcement operations in tackling cyber threats, it has also exposed persistent gaps in Australia’s cyber enforcement and resilience. To stay ahead of the next wave of cyber threats, Australia must adopt a more preventative approach combining enforcement with deterrence, international cooperation, and education.

Operation PowerOFF represents a shift in global cybercrime enforcement, moving beyond traditional reactive measures toward targeted disruption of cybercriminal infrastructure. Unlike previous efforts, the operation not only dismantled illicit services; it also aimed to discourage future offenders, deploying Google and YouTube ad campaigns to deter potential cybercriminals searching for DDoS-for-hire tools. This layered strategy—seizing platforms, prosecuting offenders and disrupting recruitment pipelines—serves as a best-practice blueprint for Australia’s approach to cybercrime.

The lesson from Operation PowerOFF is clear: Australia must shift its cyber strategy from defence to disruption, ensuring that cybercriminals cannot operate with impunity.

One of the most effective elements of Operation PowerOFF is its focus on dismantling the infrastructure of cybercrime, rather than just arresting individuals. By taking down major DDoS-for-hire services and identifying more than 300 customers, Europol and its partners effectively collapsed an entire segment of the cybercrime market.

This strategy is particularly relevant for Australia. Cybercriminal operations frequently exploit weak legal frameworks and enforcement gaps in the Indo-Pacific region. Many DDoS-for-hire services, ransomware networks and illicit marketplaces are hosted in jurisdictions with limited enforcement capacity, allowing criminals to operate across borders with little fear of prosecution.

Australia must expand its collaboration with Southeast Asian law enforcement agencies on cybercrime, ensuring that cybercriminal havens are actively targeted rather than passively monitored. Without regional cooperation, Australia risks becoming an isolated target rather than a leader in cybercrime enforcement.

Beyond enforcement, Australia must integrate preventative strategies into its cybercrime response. The low barriers to entry for cybercrime mean that many offenders—particularly young Australians—are lured in through gaming communities, hacking forums and social media.

Targeted digital deterrence, including algorithm-driven advertising campaigns, could disrupt this pipeline, steering potential offenders toward legal cybersecurity careers instead of cybercrime. An education-first approach combined with stronger penalties for repeat offenders, will help prevent low-level offenders from escalating into hardened cybercriminals, while helping to ensure that those cybercriminals face consequences.

Australia’s cybercrime laws must also evolve to address the entire cybercriminal supply chain, not just the most visible offenders. Operation PowerOFF showed that cybercrime is not just about the hackers who launch attacks, but also the administrators, facilitators, and financial backers who enable them.

Australian law enforcement should target financial transactions supporting cybercrime, using crypto-tracing and forensic financial analysis to dismantle cybercriminal funding networks. Harsher penalties for those who fund or facilitate DDoS-for-hire services could create a more hostile legal environment for cybercriminal enterprises, ensuring that they cannot simply relocate to more permissive jurisdictions. At the same time, youth diversion programs should be expanded, offering first-time cyber offenders rehabilitation options rather than immediate prosecution, preventing them from becoming repeat offenders.

Operation PowerOFF’s success is a win for international cybercrime enforcement, demonstrating that proactive, intelligence-driven disruption can dismantle even the most entrenched criminal networks.

But it is also a warning: without continuous vigilance, cybercriminals will regroup, rebrand, and relaunch. Australia must act now to strengthen its cyber enforcement, combining international cooperation, legal reform and preventative education to ensure that cybercriminals see Australia as a hostile environment for their activities, not a soft target.

Transnational serious and organised crime: we need a white paper

Transnational serious and organised crime (TSOC) has profound economic, social, political and humanitarian costs for Australia and Australians, with impacts that are felt every day. It constitutes a formidable global challenge with multifaceted implications that transcend borders, communities and social-economic divides.

While Australia has had a National Strategy to Fight Transnational, Serious and Organised crime since 2018, it’s clear that our current policies, strategies, laws and law-enforcement capacity aren’t stopping the growth in TSOC costs. Australian federal, state and territory governments need to promote public policy discourse on how we ought to respond to this challenge. A good way to start would be to commission Australia’s first white paper on TSOC.

Economically, TSOC directly affects both developing and developed economies globally. Drug trafficking, human trafficking, cybercrime and money laundering inflict substantial financial costs on Australian citizens. Those losses manifest in direct economic damage, including reduced productivity, weakened market integrity and distorted competition. The World Economic Forum estimates that transnational crime and corruption siphon off up to 5 percent of global GDP.

In 2015 the Australian Criminal Intelligence Commission (ACIC) estimated that serious and organised crime had cost Australia $36 billion in the 2013–14 financial year, including both crime and prevention and response costs. In 2022 the ACIC reported that in the 2020–21 financial year the direct and indirects costs could total up to $60.1 billion. Despite all the policies, legislation and enforcement, serious and organised crime costs have dramatically increased.

However, there’s been no effort to update our national strategy. And there’s little reason to doubt that the cost will be significantly higher the next time it’s measured. The numbers suggest that our current strategy is not preventing, mitigating or disrupting this threat.

The challenge is that serious and organised crime has become increasingly transnational in its linkages and costs over the past two decades.

TSOC fosters environments conducive to corruption, weakening governance structures and eroding public trust in institutions. Collusion between criminal networks and corrupt officials perpetuates a cycle of criminality, hindering the efficient functioning of markets and impeding socio-economic development. The costs associated with combating corruption, implementing robust regulatory frameworks and restoring institutional integrity further exacerbate the economic burden imposed by TSOC. Unfortunately, Australians are not just victims of crime; our demand for illicit commodities, the laundering of proceeds of crime from Australian criminal activity, and Australian criminals are also responsible for exacting these costs on developing nations. Australians might not see these kinds of costs daily, but our nation’s demand for illicit drugs plays a big part.

While the amount of money involved is vast, it’s important to remember that TSOC also has indelible impacts on communities, families and individuals that can’t be measured in dollar terms.

Drug trafficking engenders addiction, health crises and societal upheaval. The opioid epidemic in various regions exemplifies the devastating consequences of drug-related crime, including overdose deaths, strained healthcare systems and social disintegration. The violence associated with drug trafficking exacerbates community tensions, undermines public safety and fosters a climate of fear and insecurity.

Cybercrime has emerged as a pervasive threat with far-reaching social implications in the digital age. Cybercriminal activities such as hacking, identity theft, ransomware attacks and data breaches compromise individual privacy, erode trust in digital platforms and disrupt societal norms. The proliferation of cybercrime undermines economic stability through financial losses and business disruptions. It erodes public confidence in digital technologies and connectivity.

Politically, TSOC poses significant challenges to governance, stability and the rule of law. Corruption, facilitated by criminal enterprises, undermines democratic processes, erodes institutional legitimacy and perpetuates a culture of impunity. Weak governance structures, porous borders and inadequate law-enforcement capacities create fertile ground for transnational criminal networks to operate with relative impunity, evading justice and perpetuating criminal activities across jurisdictions.

Of concern is the possibility that some countries would seek to weaponise TSOC. A May 2024 report by the US Government’s Select Committee on the Strategic Competition between the United States and the Chinese Community Party, titled The CCP’s role in the fentanyl crisis, alleges that China has used illicit-drug warfare as an asymmetric tactic to cause social and economic costs.

The environmental cost of TSOC is also substantial, encompassing illegal activities such as wildlife trafficking, illegal logging and environmental pollution. Wildlife trafficking threatens biodiversity, contributes to species extinction and undermines conservation efforts. Illegal logging and fishing deplete natural resources, degrade ecosystems and exacerbate environmental degradation, with far-reaching ecological consequences.

Addressing the real cost of TSOC requires a multifaceted approach that integrates legal, law enforcement, diplomatic, social and economic measures. Enhanced international cooperation, information-sharing and capacity-building efforts are paramount to disrupt transnational criminal networks, dismantle illicit markets and strengthen regulatory frameworks. Investing in crime-prevention strategies, victim-support services and community resilience programs is essential to mitigate TSOC’s social and humanitarian impacts. Moreover, fostering a culture of transparency, accountability and integrity within institutions is crucial to combat corruption, strengthen governance structures and uphold the rule of law. International conventions, treaties and agreements are pivotal in coordinating responses, harmonising legal frameworks and facilitating mutual assistance among countries in combating TSOC. Getting all of that effort synchronised and coordinated requires new thinking.

Given the multidisciplinary nature of this challenge and its complexity, a TSOC white paper could play a crucial role in developing a whole-of-nation approach. At the very least, it would provide an opportunity to improve public policy discourse. Moreover, the white paper process would assist with integrating multidisciplinary insights, allowing stakeholders to understand the problem holistically and explore diverse solutions. Without new thinking, our current policies will not prevent TSOC costs from rising.

Policy, Guns and Money: Weaponised deep fakes

In this episode, Hannah Smith of ASPI’s International Cyber Policy Centre and the Australian National University’s Katherine Mansted speak about their new ASPI report, Weaponised deep fakes.

Deep fakes are digital forgeries created through artificial intelligence that can be used to make entirely new content or manipulate existing content, including video, images, audio and text.

They could be used to defame targets or impersonate or blackmail elected officials. They can also be used in conjunction with cybercrime operations.

Cyber wrap

A flurry of activity on the cyber-policy front has accompanied the one year anniversary of Australia’s Cyber Security Strategy, which was launched by Prime Minister Malcolm Turnbull on 21 April 2016.

The Australian Cyber Security Growth Network, the industry-led, not-for-profit company tasked with boosting Australia’s cyber industry, released its first Cyber Security Sector Competitiveness Plan in Sydney last Thursday. The report, developed in conjunction with AlphaBeta is intended to help Australia’s cybersecurity industry ‘reach its full potential’ by identifying and overcoming roadblocks to small business, commercialisation of research and a cyber skilled workforce.

The Minister Assisting the Prime Minister on Cyber Security, Dan Tehan, recently launched the ASX100 Cyber Health Check Report, another key deliverable of the Cyber Security Strategy. The report, which reveals how Australia’s biggest businesses approach cybersecurity, was developed by Australian Securities Exchange, the Australian Securities and Investments Commission, the Department of the Prime Minister and Cabinet, Deloitte, EY, KPMG and PwC. One of the report’s many findings is that only 11% of companies have a clear idea of what data is shared with third parties, or have initiatives designed to reassure investors and customers of their cybersecurity.

The Minister’s been busy, also publishing an op-ed calling for a ‘step change’ from passive to ‘active cyberdefence’ to combat cybercrime in Australia. The article advocates for telcos and ISPs to take more responsibility for the dangerous content they inadvertently propagate and that users should be able to opt into services that provide a filtered and more secure version of the internet. While the Minister assured readers that he knows that ‘laws must be respected’, he said the government will ‘investigate existing legislation and, where appropriate, remove any roadblocks’ that may prevent this type of active defence from being possible. The controversial article has been described as a ‘radical plan’ and has been criticised for its poor understanding of the existing services and limited powers of telcos.

Australia took some strides on the international cyber stage this week when it hosted the inaugural Australia–China High-Level Security Dialogue in the wake of Premier Li Keqiang’s March visit. At the meeting Prime Minister Turnbull, Foreign Minister Julie Bishop and Secretary of the Chinese Communist Party’s Central Commission for Political and Legal Affairs Meng Jianzhu reached the significant agreement that ‘neither country would conduct or support cyber-enabled theft of intellectual property, trade secrets or confidential business information with the intent of obtaining competitive advantage’. The pact reflects the principle of the September 2015 agreement between China and the US, which reportedly correlated with a decrease of Chinese commercial espionage. Fingers crossed for similar success Down Under.

Stateside, the CIA and FBI have launched a joint investigation to identify those responsible for leaking the contents of the Wikileaks’ multi-tranche ‘Vault 7’ disclosures. Wikileaks has claimed that the documents, purporting to detail CIA cyber tools for hacking smartphones, televisions and computer systems, come from a former US intelligence contractor. Unsurprisingly, the CIA is staying tight-lipped on the investigation into the source of the leak.

Looking at the date, it appears that the Trump administration’s much-anticipated cybersecurity plan is now officially late. As President-elect, Trump promised to deliver a fresh federal cyber plan ‘within 90 days of taking office’. We’re now past 90 days and the administration still has nothing to show other than a false start and two leaked drafts. Unsurprisingly, assurances have surfaced that Trump will sign a version of the long-awaited Executive Order this week, but we won’t be holding our breath.

French presidential candidate Emmanuel Macron appears to have been targeted by the same Russian operatives behind the 2016 hack of the Democratic National Committee (DNC). A series of phishing attempts and web assaults sought to obtain the email passwords of individuals working on the Macron campaign and gain access to confidential correspondence. New research by cybersecurity firm Trend Micro has compared the digital fingerprints on the Macron system to those found after the DNC hack, finding that they were also from APT28—though the research stops short of saying who’s behind the malicious group. Not that they needed to, with US intelligence agencies having already explicitly attributed the work of APT28 to Russian intelligence services. While the efforts against the Macron campaign were reportedly unsuccessful, Macron’s digital director Mounir Mahjoubi noted ‘there was talent behind it and time went into it: talent, money experience, time and will’.

And finally, in a development unlikely to boost international confidence in democratic security, a Russian government think tank reportedly outlined a plan to influence the US election in June 2016. US officials have anonymously disclosed that the US government is in possession of a Russian strategy paper written by the Russian Institute for Strategic Studies and circulated to the highest levels of the Russian government last year. Hold on to your votes, people!

Internet or Splinternet?

Who owns the Internet? The answer is no one and everyone. The Internet is a network of networks. Each of the separate networks belongs to different companies and organisations, and they rely on physical servers in different countries with varying laws and regulations. But without some common rules and norms, these networks cannot be linked effectively. Fragmentation—meaning the end of the Internet—is a real threat.

Some estimates put the Internet’s economic contribution to global GDP as high as $4.2 trillion in 2016. A fragmented “splinternet” would be very costly to the world, but that is one of the possible futures outlined last month in the report of the Global Commission on Internet Governance, chaired by former Swedish Prime Minister Carl Bildt. The Internet now connects nearly half the world’s population, and another billion people—as well as some 20 billion devices—are forecast to be connected in the next five years.

But further expansion is not guaranteed. In the Commission’s worst-case scenario, the costs imposed by the malicious actions of criminals and the political controls imposed by governments would cause people to lose trust in the Internet and reduce their use of it.

The cost of cybercrime in 2016 has been estimated to be as high as $445 billion, and it could grow rapidly. As more devices, ranging from automobiles to pacemakers, are placed online, malicious hackers could turn the “Internet of Things” (IOT) into ‘the weaponization of everything.’ Massive privacy violations by companies and governments, and cyber attacks on civilian infrastructure such as power grids (as recently happened in Ukraine), could create insecurity that undercuts the Internet’s potential.

A second scenario is what the Commission calls ‘stunted growth.’ Some users capture disproportionate gains, while others fail to benefit. Three or four billion people are still offline, and the Internet’s economic value for many who are connected is compromised by trade barriers, censorship, laws requiring local storage of data, and other rules that limit the free flow of goods, services, and ideas.

The movement toward sovereign control of the Internet is growing, and a degree of fragmentation already exists. China has the largest number of Internet users, but its “Great Fire Wall” has created barriers with parts of the outside world.

Many governments censor services that they think threaten their political control. If this trend continues, it could cost more than 1% of GDP per year, and also impinge on peoples’ privacy, free speech, and access to knowledge. While the world could muddle along this path, a great deal will be lost and many will be left behind.

In the Commission’s third scenario, a healthy Internet provides unprecedented opportunities for innovation and economic growth. The Internet revolution of the past two decades has contributed something like 8% of global GDP and brought three billion users online, narrowing digital, physical, economic, and educational divides. The Commission’s report states that the IOT may result in up to $11 trillion in additional GDP by 2025.

The Commission concluded that sustaining unhindered innovation will require that the Internet’s standards are openly developed and available; that all users develop better digital “hygiene” to discourage hackers; that security and resilience be at the core of system design (rather than an afterthought, as they currently are); that governments not require third parties to compromise encryption; that countries agree not to attack the Internet’s core infrastructure; and that governments mandate liability and compel transparent reporting of technological problems to provide a market-based insurance industry to enhance the IOT’s security.

Until recently, the debate about the most appropriate approach to Internet governance revolved around three main camps. The first, multi-stakeholder approach, originated organically from the community that developed the Internet, which ensured technical proficiency but not international legitimacy, because it was heavily dominated by American technocrats. A second camp favored greater control by the International Telecommunications Union, a United Nations specialised agency, which ensured legitimacy but at the cost of efficiency. And authoritarian countries like Russia and China championed international treaties guaranteeing no interference with states’ strong sovereign control over their portion of the Internet.

More recently, the Commission argues, a fourth model is developing in which a broadened multi-stakeholder community involves more conscious planning for the participation of each stakeholder (the technical community, private organisations, companies, governments) in international conferences.

An important step in this direction was the US Commerce Department’s decision last month to hand oversight of the so-called IANA functions—the “address book” of the Internet—to the Internet Corporation for Assigned Names and Numbers. ICANN, with a Government Advisory Committee of 162 members and 35 observers, is not a typical inter-governmental organisation: the governments do not control the organisation. At the same time, ICANN is consistent with the multi-stakeholder approach formulated and legitimated by the Internet Governance Forum, established by the UN General Assembly.

Some American senators complained that when President Barack Obama’s Commerce Department handed its oversight of the IANA functions to ICANN, it was ‘giving away the Internet.’ But the US could not ‘give away’ the Internet, because the United States does not own it. While the original Internet linked computers entirely in the US, today’s Internet connects billions of people worldwide. Moreover, the IANA address book (of which there are many copies) is not the Internet.

The US action last month was a step toward a more stable and open multi-stakeholder Internet of the type that the Global Commission applauded. Let’s hope that further steps in this direction follow.

Virtual currencies: do we need a new approach?


Last December, Australian authorities searched the Sydney home of the alleged founder of Bitcoin, and in doing so brought virtual currencies back into the spotlight—this time with an Australian flavour. The search served as a timely reminder to the rest of us about the need to expand government oversight of virtual currencies.

But just what are virtual currencies? And why should we care?

A virtual currency is a digital representation of value that can be traded online and isn’t regarded as the ‘legal tender’ of any country. As the IMF explains, virtual currencies cover a wide array of ‘currencies’ including simple ‘IOUs’ (for example, internet/mobile coupons or airlines miles), those backed by assets such as gold, and cryptocurrencies including Bitcoin, Ripple and Litecoin.

According to the Financial Action Task Force, some virtual currencies can be exchanged for real (fiat) currency (for example, Bitcoin, Ripple and Litecoin) while others are ‘non‑convertible’ and can only be used on certain websites (for example, World of Warcraft Gold).

Given the pace of technology, there’s a chance digital currency will achieve wider acceptance and disrupt our traditional finance model faster than our regulatory processes can manage. Before being disbanded for money laundering activities, Liberty Reserve (a Costa-Rican money transmitter) had over ‘one million users worldwide’ and ‘handled 55 million transactions daily’, most of which were illegal. So there’s a chance that we could miss an opportunity to implement mechanisms that serve to limit the criminal and terrorist use of these technologies, and provides consumers, businesses and investors with confidence in their use.

Although virtual currencies offer potential benefits, including speed and efficiency in making payments and transfers, they also have the ability to harm society and individuals. By not requiring transactions to be monitored and verified by ‘a trusted third party’, they’re also anonymous and therefore not easily traced by law enforcement agencies.

As Tobias Feakin writes, the pseudo-anonymity offered by virtual currencies and the anonymity of dark net sites (such as Evolution and the now defunct Silk Road) provides a cover for trade in illicit goods (including drugs and child pornography) and services (like contract-assassinations).

The potential for such misuse is not lost on governments. The UK government’s 2015 National Strategic Assessment of Serious and Organised Crime commented that virtual currencies have become ‘the payment system of choice’ for individuals and organisations involved in some areas of cyber-crime. In Australia, the Australian Crime Commission’s Organised Crime in Australia 2015 report examined how victims of cyber and technology-enabled crimes paid ransoms in Bitcoin.

While ‘traditional’ (non-cyber) criminals might appreciate their value for laundering funds and paying for illicit goods and services, some cases are emerging on how virtual currencies are also being used to support terrorist organisations.

For instance, Ali Shukri Amin—a 17 year old from Virginia (US)–was sentenced to 11 years imprisonment in June 2015 after pleading guilty to providing material support and resources to ISIS, including instructions on how to use Bitcoin to conceal donations to the terrorist organisation.

Governments around the world have taken a variety of approaches when it comes to regulating virtual currencies, ranging from a complete ban on their use (China, Russia), proposals to introduce new anti-money laundering and terrorist financing laws (Canada), and developing regulations covering digital currency firms (New York State).

In Australia, the Attorney-General’s Department described virtual currencies as a ‘powerful new tool’ at last year’s Senate inquiry into digital currencies. At the inquiry, ASIC said it was aware that some banks had ceased doing business with ‘Bitcoin related companies’ due to concerns about the risks Bitcoin posed to their business and reputation. In response, the Senate committee strongly supported applying anti-money laundering and counter-terrorism financing laws to digital exchanges but noted the statutory review of the Anti-Money Laundering and Counter-Terrorism Act 2006 was already considering this issue.

With an election expected later this year, it’s doubtful whether the statutory review’s recommendations could be implemented into law before 2017-18. And implementation into practice would take longer still.

That’s too long to wait. We’re already seeing these currency technologies entering the mainstream, albeit in small numbers. At present it’s difficult to exchange virtual currencies for hard currency. But a greater acceptance by the general public of virtual currencies could increase their use.

With a number of financial institutions and securities exchanges already investigating how to make better use of the technology underpinning virtual currencies, it’s probable that virtual currencies will grow in use. With growing use comes the possibility of misuse, and without satisfactory regulation or monitoring there won’t be an ‘administrative body to report illicit activity’.

Over the next year, ASPI will follow developments in this area and seek to provide options for government to strike a balance between stimulating the development of new technologies and avoiding their misuse. Issues to be explored include blockchain and the need to increase funding and research on combatting crime through the use of innovative technologies.

Virtual currencies are an important issue for the future of our society and economy. The Australian government is in a position to promote these innovative technologies and shape how virtual currencies are monitored and used while taking action to limit the potential for their misuse by organised crime and terrorist financiers.

Cyber maturity in the Asia–Pacific 2015

FEAK2Today ASPI’s International Cyber Policy Centre launches the second edition of its Cyber Maturity in the Asia–Pacific 2015 Report. It analyses the cyber maturity of 20 countries, representing a wide geographical and economic cross-section of the region. For a more holistic picture of regional developments, this year’s maturity metric has expanded to incorporate five additional countries: Vietnam, Laos and Brunei in Southeast Asia; and New Zealand and Fiji in the South Pacific (see image for rankings). With these additions, this study now assesses the entire Association of Southeast Asian Nations (ASEAN) grouping and seven of the ten ASEAN dialogue partners.

An additional layer of analysis, a standalone ‘cyber engagement scale’, is also provided. The scale is intended to be a reference tool to identify opportunities for the sharing of best practice, capacity building and development, plus commercial opportunities. Using this scale governments and the private sector can tailor engagement strategies to best fit existing levels of maturity in each policy area in each country.

Online, 2015 has been a significant year for the Asia–Pacific: the internet has played a pivotal and ongoing role in many of the region’s political disputes, economic growth spurts and social movements.

Throughout the year, awareness among regional governments of cyber threats and opportunities remains uneven. Governments that prioritise the development of coherent cyber policy frameworks understand that those frameworks are necessary for their countries to advance digitally. Others, specifically South Korea and the US, have also been subject to incidents in cyberspace that have critically affected their economic and national security. Those left behind are usually struggling to develop the required infrastructure to open up cyberspace to more of their population, challenging their capacity to develop adequate policy frameworks. However, it’s critical that those frameworks are established as cyber infrastructure is developed and not ‘bolted on’ retrospectively.

New national organisational bodies were established in 2015 and cyber issues given new ministerial prominence in several countries such as Singapore, Japan and South Korea. Governments are also taking a progressively more active role in trying to bridge the internet connectivity divide between urban and rural areas by expanding internet infrastructure, often with the support of foreign-owned private enterprise. Fixed-line and, perhaps more dramatically, mobile internet networks have expanded access to online services and markets, allowing the region’s digital economies to continue to grow.

The potential for social, economic and political change continues to expand as online technology advances and access to the internet grows. This is invigorating and enabling the next generation of technologists and entrepreneurs, but also creates avenues for new forms of crime. To reflect the increasing prominence of financial cybercrime and the need for adequate responses to it, this year’s cyber maturity metric includes a standalone assessment criterion on financial cybercrime.

Beyond domestic cyber issues, governance structures and connectivity are part of an international strategic landscape that’s continually evolving. While cyber quarrels frequently break out between various state and non-state actors, for the most part, traditional geopolitical rivalries  are being replicated online, accounting for the most significant cyber incidents. This has led militaries to deepen their thinking on cyberspace, prompting to an uptick in recruiting, training and strategic planning.

The Asia–Pacific region continues to be a major source of interest for major and middle powers. Many countries are increasing their region-based capacity-building efforts. While critical to developing cyber maturity, these efforts also underpin a larger observable trend in targeted ideological persuasion and manoeuvring.

What about Australia’s position in this picture? Unfortunately, Australia has lost ground relative to progress made in Japan, South Korea and Singapore. Those countries have implemented stronger government approaches to cyber issues, and focused on invigorating innovative digital business and start-ups. Due to more rapid implementation of cyber policies in other countries, Australia’s rank has dropped from three to five, despite improving on its overall 2014 score. Strong implementation of the renewed Cyber Strategy is required to keep up with the rapidly increasing maturity of cyber policy approaches in the region.

On the plus side, Australia is a regional leader in financial cybercrime enforcement and capacity building, ranking second only to the US in the new cybercrime category. It’s highly likely that, with the implementation of the forthcoming Cyber Strategy in the coming months, 2016 will see Australia improve its ranking.

The report will be launched at a free ASPI event with special guest David Irvine AO, tonight at 5.30pm at our Barton offices. Registration and information here.

The Beat

The spectre of crime in sport remains.

This week on The Beat, indigenous communities, piracy, remittance services closing, sport, calls for a greater transnational focus on organised crime and a former PM gets a rude shock on social media.

Organised crime targeting indigenous communities

An Australian Crime Commission internal report claims that organised criminal groups are planning to steal from indigenous communities who survive on mining royalties and land use agreements.

Following an eight year investigation across the country, the National Indigenous Intelligence Taskforce commented that the increasing sources of revenue for indigenous communities, including commercial and social enterprises generating significant incomes, created an environment of significant inducements and extensive opportunities for criminal exploitation.

Piracy and Australia

Still at home, an international insurance firm notes an increasing incidence of piracy near Australia. While the incidents are low level, there’s potential that they may increase in size and scale if not bought under control.

Interestingly, the report highlights the decreasing incidence of piracy in the Gulf of Aden and an increase near Indonesia, as well as the new ‘hotspot’ in the Gulf of Guinea off western Africa.

Westpac close remittance services

Westpac this week became the last of the Big Four Australian banks to close their remittance services. This move has severely disappointed Australia’s Somali community, who rely on the services to send much-needed funds to families in Somalia for food, water and essential services, according to Dr Hussein Haraco of the Somali Remittance Action Group. He  notes that Somali-Australians send $10.5 million each year, and expressed fears that a lack of funds could lead to humanitarian disasters.

Australian banks have been moving away from remittance services thanks to increased restrictions and concerns that their services will be used to launder money and finance terrorism. This, however, appears to be one example of legitimate essential services being comprised without a viable alternative being offered, a move detrimental to our communities.

RUSI Report: Preventing Serious and Organised Crime Needs to Move Upstream

New analysis of the Home Office Strategic Centre for Organised Crime’s Prevent guide from the Royal United Services Institute has appraised the adoption of the ‘4P Strategy’ (Prevent, Pursue, Protect, Prepare) from countering terrorism to countering organised crime.

Whilst these programs have made a positive contribution towards eliminating organised crime domestically, there’s more work that could be done transnationally. Extending the ‘Prevent’ strategy further upstream to deter international engagement with organised crime within the United Kingdom will strengthen the response’s effectiveness.

Football and organised crime

Essendon players have been cleared of wrongdoing in the long-running drugs probe just before the 2015 AFL season begins. But the spectre of crime in sport remains. In this profile, Mike Marinetto looks at how major sporting clubs have become implicated in money laundering in Colombia, Italy and the United Kingdom.

One case Marinetto examines is the investigation into oligarch and Chelsea FC owner Roman Abramovich by Alexander Litvinenko, whose murder inquiry we’ve discussed recently.

Former PM gets catfished

Barely a week goes by where we don’t mention identity or cyber fraud in some way. So perhaps it’s comforting that even our most eminent fall victim, too.

John Howard was recently shocked to discover that someone had set up a rather convincing fake Facebook profile for him, giving status updates on cricket and politics. The account amassed 37,000 followers before a journalist mentioned it to Howard. Perhaps this serves as reminder for us all to check our cyber footprint.

Tag Archive for: cyber crime

Some light amid the enduring cyber nightmares

The  cyber security strategy released last week by the Albanese government is about collaboration and communication, not about conjuring our worst national security nightmares. It’s focused on industry and consumers.

The government, industry and citizens must work together with trust for Australia to make real change in our cyber security, and this strategy recognises that.

One of Cyber Security Minister Clare O’Neil’s objectives seems to be humanising cyber and making it appealing and accessible to everyday Australians.

Of the six “cyber shields” in the strategy, “strong businesses and citizens” is number one. The first actions out of the gate are directly helping small and medium-sized businesses with free cyber health checks and the establishment of a small business cyber security resilience service to give advice.

Arguably, these are things the Australian Cyber Security Centre should be doing already, but the $7.2 million health checks and $11 million advice program have been welcomed by industry groups.

The government is also inviting business to “co-design options” for regulation or legislative changes that affect industry.

These include a ransomware reporting obligation, a new cyber incident review board, a code of practice for cyber incident response providers, mandatory standards for smart devices, a voluntary labelling scheme for smart devices and a code of practice for software development.

It’s great that the government is including industry in the conversation, but open-ended “co-design” risks delaying real action. These phases must be strictly controlled with defined end dates.

More broadly, the strategy isn’t revolutionary. On a generous assessment, perhaps eight of the 48 prescribed actions are new initiatives. The rest Australia has tried before, or has already introduced.

This shows that, even in a constantly moving cyber security landscape, there are enduring problems. It also shows that the government is willing to build on what has been done before rather than wipe the slate clean for the sake of politics.

The two most important enduring problems that frustrate Australia’s cyber security are information sharing and cyber workforce shortages, and each has a “cyber shield” dedicated to it.

Information asymmetries between consumers, companies and governments makes stopping threats and incident responses slow, ineffective and expensive. The strategy seeks to improve information-sharing by creating better motivations and opportunities to share.

Share prices drops, reputation risks and legal ramifications are among the reasons companies avoid reporting cyber incidents to the government. Sometimes it’s honest confusion about when and how to report. The strategy proposes a range of actions to create the right environment to motivate information-sharing.

The “no fault, no liability” ransomware reporting proposal and a proposed “limited use obligation” that clarifies how the Australian Signals Directorate and the cyber security co-ordinator may use cyber incident reporting will give companies greater peace of mind. Clarifying cyber security reporting obligations under existing security of critical infrastructure legislation will remove ambiguity about how and when to report.

The strategy also creates opportunities and platforms to foster industry-government threat intelligence sharing through a cyber executive council, streamlining ASD’s reporting portal and establishing or scaling-up Information Sharing and Analysis Centres (ISACs) – a model that has worked fairly effectively in the United States for 20 years.

The co-led Microsoft-ASD Cyber Shield (MACS) – although presently opaque – should also enhance national threat intelligence sharing and capabilities. It will focus on detecting, analysing and defending against sophisticated nation-state cyber threats.

Australia’s cyber workforce, however, is the fly in the ointment. Our workforce shortage has been around for decades and is only getting bigger.

The problem is even more acute in government, where below-market salaries and onerous security requirements are additional barriers to an adequate cyber workforce.

The strategy refers to building the local cyber skills pipeline through better workforce analysis, vocational training, changes to the primary and secondary curriculum and providing additional higher education Commonwealth supported places.

These are good but existing policies. The strategy’s only real new action is increasing skilled migration. In the same breath, questions of detail are shifted to the government’s upcoming migration strategy to answer.

Australia is not alone in the global struggle to attract talent, and skilled migration settings are difficult to get right. It also raises complex questions about other major policy areas, not least of which are housing, infrastructure and the cost of living.

There is a sense that increasing migration is an easy answer to what should be a more expensive and difficult conversation on how to build on the existing policies. One moonshot would be to redirect some of the $15 billion National Reconstruction Fund into subsidising education to get tens of thousands of young Australians into cyber training and careers.

As with all strategies, implementation is essential. An action plan naming lead agencies offers welcome accountability.

The strategy’s two-year “horizons” also create a realistic runway with what should be built-in evaluation and pivot points.

And we should expect to pivot, given the degrading security environment and the rate of development of transformational technologies like artificial intelligence. On these, the strategy’s actions are unlikely to put Australia ahead of the curve, being limited to “embedding cyber security” into ongoing work and updating the Information Security Manual.

In many ways, the Department of Home Affairs and the broader Australian government are well-placed to move forward on cyber security.

As the strategy itself states, we have robust regulation in the recent Security of Critical Infrastructure legislation and strong offensive and defensive capabilities with ASD’s REDSPICE funding of $9.9bn over 10 years. Australia is a trusted partner sitting within a powerful set of multilateral arrangements, including the five eyesAUKUS, the Quad dialogue and the Pacific Islands Forum.

Home Affairs has also established the new cyber security co-ordinator’s office, a separate team to manage the strategy’s implementation, and a detailed Action Plan to execute.

On the other hand, the department is still reeling from the departures of Secretary Mike Pezzulo in September, and cyber security co-ordinator Darren Goldie last week, after only four months in the job.

Dennis Richardson’s scathing review of Home Affairs’ handling of offshore detention was leaked around the same time Goldie’s recall was announced. One of the unspoken actions of this strategy’s first horizon out to 2025 will be navigating Home Affairs’ leadership uncertainty, fiscal constraint and external scrutiny.

Image: Cyber Security Minister Clare O’Neil. Picture by Sitthixay Ditthavong