Home Affairs boss Mike Pezzullo said Australia should take on cybercriminals like the British Navy battled Caribbean pirates in the 17th century.
- Pezzullo said Australia needs the right legal tools to tackle cybercrime
- He suggested how Britain overcame piracy as an example of the same type of problem
- A parliamentary committee reflects on cybersecurity rules for companies managing critical infrastructures
He also warned that the threat of cyber attacks would soon reach “global pandemic proportions”.
Mr Pezzullo used a speech during a parliamentary inquiry into the new cybercrime laws to suggest Australia play a more offensive role in tackling the threat.
He suggested the counterterrorism approach taken after 9/11 as a model, or even British efforts to tackle piracy around the world hundreds of years ago.
âAnother model I would suggestâ¦ is the campaign that was mounted in the 17th, 18th and early 19th centuries to rid the oceans of the world of pirates,â he said.
âIncluding the Pirates of the Caribbean, who were defeated by Her Majesty’s Royal Navy warships, along with law enforcement in a lawless ocean.
The legislation examined by the committee aims to better protect assets in critical sectors such as water, health, energy and transport.
The new laws would impose stricter cybersecurity obligations on operators responsible for infrastructure in these sectors.
It would also allow the Home Secretary to force these operators to work with agencies like the Australian Signals Directorate as a last resort, during major incidents.
But Mr Pezzullo told the committee that Australia can also play a disproportionate role in tackling cyber threats in an offensive way, if it so chooses.
“We must be prepared to conduct offensive operations in cybercriminal havens,” he said.
âCyber ââis not intangible, it is material, it depends on infrastructure, hardware, coding spaces for encoders and physical transit points.
“These havens can be mapped and targeted. Nations like Australia have an asymmetric advantage.”
He said such work was already underway, including using military cyber forces.
But he warned that many cyber attackers find protection in their home countries – and suggest counterterrorism or hacking models as a way to fix the problem.
âUnfortunately, some states are turning a blind eye to their activities or actively activating and sponsoring them,â he said.
“State protection emboldens these malicious actors.”
Spy boss complains about corporate complacency
Australian Signals Branch boss Rachel Noble told the committee that the agency has at times been crippled in its ability to fight attacks as large companies refuse to accept help.
Ms Noble described an incident in which a “nationally recognized” company suffered an attack with an impact across Australia, but called in lawyers to greet the ASD as it asked to ugly.
She said that after two weeks the company’s network was still down and with the company providing only limited information on what was going on, ASD could only provide generic information on how to ‘to help.
Three months later, the company was attacked again.
Ms Noble said the behavior often comes from organizations underestimating the threat they face.
“This is usually before they have fully understood what they are dealing with,” she said.
âSome of these criminals know what they’re doing, they do it all day, every day.
“When you go through this for the first time, you know, it can be a confrontation, you don’t really have the experience to understand what they’re capable of, let alone state actors.”