Cyber attack on Nine sends a broader warning

For the employees of The Age and the wider Nine Entertainment group, the cyber attack that began in the early hours of Sunday morning has been disruptive and challenging. The attack targeted Nine’s corporate network, but has affected Channel Nine in Sydney and mastheads including The Age. We have manged to improvise solutions using back-up technology at every turn but, as such attacks on companies and online platforms become more frequent, it is important to look beyond the drama they cause to grasp the deeper threats they pose.



In June last year Prime Minister Scott Morrison held an impromptu press conference in Parliament House’s Blue Room to warn that “Australian organisations across a range of sectors” were being targeted by “a sophisticated state-based cyber actor”. The vagueness of that warning is understandable given it is often difficult to definitively prove who is behind such attacks. But while his words resonated in the corporate world, the careful language diluted the strength of his intended message for the wider community.

Part of the problem is that these attacks come from a world of shadows – of encryption, false identities and espionage trade craft. At this stage neither the identity nor the motive of Nine’s attacker can be known for certain, though there has been unconfirmed speculation that a foreign regime is indicating its displeasure with Nine’s coverage of its actions. It’s welcome that the Australian Federal Police is now engaged in trying to answer these questions.

To some it might seem fanciful that an Australian media company would be singled out in this way by a major world power such as Russia or China, or a pariah dictatorship such as North Korea. It is not known whether these countries were involved, and no demands for a ransom have been made. But it is precisely on such powers’ peripheries, where their control of information is weakest, that they may resort to outlandish and visible measures. Countries such as Ukraine and Estonia have long known what it is like for every part of their online infrastructure to come under sustained attack. Estonia’s response was to set up a digital vault in Luxembourg so the country could “reboot” if its systems failed.

After sounding the alarm in June, the Morrison government updated its Cyber Security Strategy in August, having pledged $1.35 billion to security agencies to tackle cyber threats and $35 million for a platform allowing government and industry to share intelligence and block emerging threats. But despite reports that there might soon be a cabinet minister for cyber security, a December reshuffle left then home affairs minister Peter Dutton with the portfolio in his sprawling department. Presumably that arrangement will continue under the new minister, Karen Andrews.

There are lessons for the government and the private sector in Nine’s experiences this week. For the government, it is perhaps time to sharpen its narrative around cyber security and appoint a dedicated official. Treasurer Josh Frydenberg is right when he says the threat is “more pervasive than people think” and it is “not going away”.

These attacks are not new. But for companies, universities and other organisations around Australia, Nine’s experience is another warning about the power that state and non-state actors increasingly have to interfere in all our affairs. All businesses from winemakers to film festivals should assume that their systems may someday be targeted for attack and make sure they have the proper protective measures and training in place.

Most Viewed in National

Source: Read Full Article