Attribution https://www.internationalcybertech.gov.au/ en Attribution to Russia of malicious cyber activity against Ukraine https://www.internationalcybertech.gov.au/Attribution-to-Russia-of-malicious-cyber-activity-against-Ukraine <span class="field field--name-title field--type-string field--label-hidden">Attribution to Russia of malicious cyber activity against Ukraine</span> <span class="field field--name-uid field--type-entity-reference field--label-hidden"><span lang="" about="/user/4" typeof="schema:Person" property="schema:name" datatype="">vishal.sahody</span></span> <span class="field field--name-created field--type-created field--label-hidden">Mon, 2022-02-21 15:58</span> <div class="field field--name-field-content-blocks field--type-entity-reference-revisions field--label-hidden field__items"> <div class="field__item"> <div class="content-left transparent spacing-bottom-default spacing-top-default paragraph paragraph--type--content-date paragraph--view-mode--default"> </div> </div> <div class="field__item"> <div class="spacing-bottom-default spacing-top-default highlight paragraph paragraph--type--rich-text paragraph--view-mode--default"> <div class="block-inner"> <div class="clearfix text-formatted field field--name-field-text field--type-text-long field--label-hidden field__item"><p><strong>Joint media release with:</strong></p> <ul> <li>The Hon Peter Dutton MP, Minister For Defence</li> <li>The Hon Karen Andrews MP, Minister For Home Affairs</li> </ul> <p> </p> <p><strong>20 February 2022</strong></p> <p>The Australian Government joins the United States and the United Kingdom in publicly attributing the cyber attacks against the Ukrainian banking sector on 15 and 16 February 2022 to the Russian Main Intelligence Directorate (GRU).</p> <p>In consultation with our partners, the Australian Government assesses that the GRU was responsible for these distributed denial of service (DDoS) attacks.</p> <p>The Australian Government stands in solidarity with Ukraine and our allies and partners to hold Russia to account for its ongoing unacceptable and disruptive pattern of malicious cyber activity.</p> <p>The international community must not tolerate Russia's misuse of cyberspace to undermine Ukraine's national security, sovereignty and territorial integrity by seeking to disrupt essential services, businesses and community confidence.</p> <p>Russia's actions pose a significant risk to global economic growth and international stability.</p> <p>The global community must be prepared to shine a light on malicious cyber activity and hold the actors responsible to account. All members of the international community – including Russia – should abide by existing international law and norms of responsible state behaviour which apply in cyberspace. Australia calls on all countries to honour and uphold their commitments.</p> <p>Australia is committed to upholding the rules-based order online, just as we do offline, and supporting our partners in the face of cyber threats.</p> <p>Australia will continue providing cyber security assistance to the Ukrainian Government, including through a new bilateral Cyber Policy Dialogue and further cyber security training for Ukrainian officials.</p> <p>Australia commends the swift action taken by Ukrainian authorities and the private sector to substantially mitigate the impacts of this incident.</p> <p>Governments, the private sector and households must remain vigilant about the ongoing threats we face in cyberspace.</p> <p>The Government is taking concrete action to protect Australians against cyber criminals, investing $1.67 billion over 10 years to build new cybersecurity and law enforcement capabilities to protect Australian businesses and communities, and passing new laws to protect our critical infrastructure assets from malicious cyber attacks.</p> <p> </p> <h2>Media enquiries</h2> <ul> <li>Minister's office: (02) 6277 7500</li> <li>DFAT Media Liaison: (02) 6261 1555</li> </ul> <p> </p> <p> </p> </div> </div> </div> </div> </div> Mon, 21 Feb 2022 04:58:58 +0000 vishal.sahody 158 at https://www.internationalcybertech.gov.au Australia Joins International Partners in Attribution of Malicious Cyber Activity to China https://www.internationalcybertech.gov.au/Attribution-of-Malicious-Cyber-Activity-to-China <span class="field field--name-title field--type-string field--label-hidden">Australia Joins International Partners in Attribution of Malicious Cyber Activity to China</span> <span class="field field--name-uid field--type-entity-reference field--label-hidden"><span lang="" about="/user/12" typeof="schema:Person" property="schema:name" datatype="">simon.mcallister</span></span> <span class="field field--name-created field--type-created field--label-hidden">Mon, 2021-07-19 11:56</span> <div class="field field--name-field-content-blocks field--type-entity-reference-revisions field--label-hidden field__items"> <div class="field__item"> <div class="content-left transparent spacing-bottom-default spacing-top-default paragraph paragraph--type--content-date paragraph--view-mode--default"> </div> </div> <div class="field__item"> <div class="spacing-bottom-default spacing-top-default highlight paragraph paragraph--type--rich-text paragraph--view-mode--default"> <div class="block-inner"> <div class="clearfix text-formatted field field--name-field-text field--type-text-long field--label-hidden field__item"><p>JOINT MEDIA STATEMENT</p> <p> </p> <p><strong>The Hon Karen Andrews MP, Minister for Home Affairs</strong></p> <p><strong>Senator The Hon Marise Payne, Minister for Foreign Affairs, Minister for Women</strong></p> <p><strong>The Hon Peter Dutton MP, Minister for Defence</strong></p> <p>Today, the Australian Government joins international partners in expressing serious concerns about malicious cyber activities by China’s Ministry of State Security.</p> <p>In consultation with our partners, the Australian Government has determined that China’s Ministry of State Security exploited vulnerabilities in the Microsoft Exchange software to affect thousands of computers and networks worldwide, including in Australia. These actions have undermined international stability and security by opening the door to a range of other actors, including cybercriminals, who continue to exploit this vulnerability for illicit gain.</p> <p>The Australian Government is also seriously concerned about reports from our international partners that China’s Ministry of State Security is engaging contract hackers who have carried out cyber-enabled intellectual property theft for personal gain and to provide commercial advantage to the Chinese Government.</p> <p>Australia calls on all countries – including China – to act responsibly in cyberspace. China must adhere to the commitments it has made in the G20, and bilaterally, to refrain from cyber-enabled theft of intellectual property, trade secrets and confidential business information with the intent of obtaining competitive advantage.</p> <p>Since 2017, Australia has publicly attributed malicious cyber activity to North Korea, Russia, China and Iran. Most recently, Australia joined more than 30 international partners to hold Russia to account for its harmful cyber campaign against SolarWinds. Australia calls out these malicious activities to highlight the significant risk they can pose to Australia’s national security or to international stability, which in turn can undermine business confidence and inclusive economic growth.</p> <p>Australia’s cyber security posture is strong, but there is no room for complacency given the online threat environment is constantly evolving. Protecting Australia from malicious cyber activity – be it by state actors or cybercriminals – requires a continuous improvement approach to cyber security practices across all levels of society including government, business and households.</p> <p>The Australian Government will continue to work with international partners and the private sector to strengthen cyber security, including through the implementation of Australia’s Cyber Security Strategy 2020 and Australia’s International Cyber and Critical Technology Engagement Strategy. All Australians are encouraged to visit <a href="https://www.cyber.gov.au/">cyber.gov.au</a> for advice on how to protect themselves online.</p> <p> </p> <p><strong>For further information: </strong></p> <p><strong>Minister Andrews </strong>– Lachlan McNaughton 0457 494 414</p> <p><strong>Minister Payne </strong>– David Wroe 0429 531 143</p> <p><strong>Minister Dutton </strong>– Nicole Chant 0419 850 222</p> </div> </div> </div> </div> </div> Mon, 19 Jul 2021 01:56:40 +0000 simon.mcallister 143 at https://www.internationalcybertech.gov.au Minister Payne Statement: Attribution of Cyber Incident to Russia https://www.internationalcybertech.gov.au/node/138 <span class="field field--name-title field--type-string field--label-hidden">Minister Payne Statement: Attribution of Cyber Incident to Russia</span> <span class="field field--name-uid field--type-entity-reference field--label-hidden"><span lang="" about="/user/24" typeof="schema:Person" property="schema:name" datatype="">Laynie.Pereira</span></span> <span class="field field--name-created field--type-created field--label-hidden">Fri, 2021-04-16 15:08</span> <div class="field field--name-field-content-blocks field--type-entity-reference-revisions field--label-hidden field__items"> <div class="field__item"> <div class="content-left transparent spacing-bottom-default spacing-top-default paragraph paragraph--type--content-date paragraph--view-mode--default"> </div> </div> <div class="field__item"> <div class="spacing-bottom-default spacing-top-default highlight paragraph paragraph--type--rich-text paragraph--view-mode--default"> <div class="block-inner"> <h2 class="field field--name-field-title field--type-string field--label-hidden field__item">Attribution of Cyber Incident to Russia</h2> <div class="clearfix text-formatted field field--name-field-text field--type-text-long field--label-hidden field__item"><p>The Australian Government joins international partners to support the US statement of 15 April 2021 to hold Russia to account for its harmful cyber campaign against US Software firm, SolarWinds.</p> <p>In consultation with our partners, the Australian Government has determined that Russian state actors are actively exploiting SolarWinds and its supply chains.</p> <p>Over the past 12 months, Australia has witnessed Russia use malicious activity to undermine international stability, security and public safety. Australia condemns such behaviour.</p> <p>Russia’s campaign has affected thousands of computer systems worldwide. Australia acknowledges the high costs borne by the US private sector.</p> <p>Australia welcomes private sector and government responders’ efforts around the world to expose and mitigate this threat and uphold the international norms of responsible behaviour in cyberspace.</p> <p><strong>Media enquiries</strong></p> <p>David Wroe: 0429 531 143 (Minister Payne)</p> <p>Nicole Chant: 0419 850 222 (Minister Dutton)</p> <p>Keegan Buzza: 0447 697 846 (Minister Andrews)</p> </div> </div> </div> </div> </div> Fri, 16 Apr 2021 05:08:00 +0000 Laynie.Pereira 138 at https://www.internationalcybertech.gov.au International Peace & Stability https://www.internationalcybertech.gov.au/our-work/security/international-peace-stability <span class="field field--name-title field--type-string field--label-hidden">International Peace &amp; Stability</span> <span class="field field--name-uid field--type-entity-reference field--label-hidden"><span lang="" about="/user/7" typeof="schema:Person" property="schema:name" datatype="">andrew.collins</span></span> <span class="field field--name-created field--type-created field--label-hidden">Wed, 2020-11-04 15:44</span> <div class="field field--name-field-chapter-content-block field--type-entity-reference-revisions field--label-hidden field__items"> <div class="field__item"><div class="content-block-outer"> <div class="content-block-inner"> <div class="paragraph paragraph--type--chapter-content-block paragraph--view-mode--default"> <div class="clearfix text-formatted field field--name-field-content field--type-text-long field--label-hidden field__item"><div class="widget2 widget"> <h4 class="widget_title">Australia will do this by:</h4> <div class="widget_content"> <table> <tbody> <tr> <td>Action 15.</td> <td><strong>Setting</strong> clear expectations for responsible state behaviour</td> </tr> <tr> <td>Action 16.</td> <td><strong>Deterring</strong> malicious activity enabled by critical technologies, including cyberspace, and responding when it is in our national interests</td> </tr> <tr> <td>Action 17.</td> <td><strong>Cooperating</strong> with other states to hold to account those that engage in unacceptable behaviour</td> </tr> <tr> <td>Action 18.</td> <td><strong>Implementing</strong> practical confidence building measures to promote international peace and stability and prevent conflict</td> </tr> </tbody> </table> </div> </div> <p>Critical technologies, including cyberspace, have had, and continue to have, a positive impact on international peace and stability. However, the ways in which critical technologies may be used to undermine international peace and stability are proliferating. International cooperation is vital to ensure critical technologies continue to support a peaceful and stable international environment.</p> <p>Since the release of the 2017<em> International Cyber Engagement Strategy,</em> states have continued to pursue activities in cyberspace that challenge the rules-based international order. We are seeing similar behaviour with critical technologies as states compete for strategic dominance in an increasingly competitive international environment.</p> <p>The risks of malicious misuse of technologies can contribute to increasing strategic instability that, if unchecked, increases the risk of misperceptions and miscalculations between states that might escalate to conflict. Australia's focus in maintaining international peace and stability is on the use (or misuse) of critical technologies, rather than regulating the technologies themselves. Our endeavours in this regard recognise and consider the gender dimensions that underpin international peace and security.</p> <div class="widget3 widget"> <div class="widget_content">Universal endorsement of the <a class="case-study-link" href="#frsbc">Framework for Responsible State Behaviour in Cyberspace</a> represents good progress towards promoting international peace and stability in cyberspace; states should consider the structure of this Framework when agreeing on responsible states' use of critical technologies. If adhered to, existing international law, complemented by voluntary norms of responsible state behaviour, CBMs and capacity building, provides a robust framework to address the threats posed by state-generated and state-sponsored malicious cyber activity.</div> </div> <p>The priority now is deepening understanding and practical implementation of this Framework, and ensuring accountability when states disregard their obligations and responsibilities.</p> <div class="widget1 widget"> <h3 class="widget_title">WOMEN, PEACE AND SECURITY</h3> <div class="widget_content"> <p>As a global leader on the Women, Peace and Security (WPS) agenda, Australia strongly advocates for the meaningful participation of women in all stages of conflict prevention, crisis management and peacebuilding, bringing their unique experiences of conflict and crises to promote stability, social cohesion and sustainable peace.</p> </div> </div> <div class="widget3 widget"> <div class="widget_content"> </div> </div> </div> </div> </div> </div></div> <div class="field__item"><div class="content-block-outer"> <div class="content-block-inner"> <div class="paragraph paragraph--type--chapter-content-block paragraph--view-mode--default"> <h2 class="field field--name-field-title field--type-string field--label-hidden field__item">Responsible state behaviour</h2> <div class="clearfix text-formatted field field--name-field-content field--type-text-long field--label-hidden field__item"><h3>INTERNATIONAL LAW</h3> <p>Existing international law is applicable to state conduct in cyberspace – the focus of the international community is now on articulating <em>how</em> it applies.</p> <p>Australia has articulated its views on how particular principles of international law apply to state conduct in cyberspace (2017; 2019) and published hypothetical legal case studies (2020) (Annex A to this Strategy combines those previously published positions). This forms part of Australia's efforts to publish our views on how international law applies to state conduct in cyberspace. To foster common understandings, we urge all countries to do the same; developing and articulating national positions on existing international law will equip states to exchange views and deepen common understandings of how existing international law applies in cyberspace.</p> <p>Just as existing international law applies to cyberspace, existing international law – including the UN Charter in its entirety – applies to the design, development and use of critical technologies by states. Australia is committed to working with international partners, and with industry, civil society and the research community, to strengthen understanding of how international law applies to the development and use of critical technologies.</p> <p>Australia is committed to supporting countries to develop national positions on how international law applies to the design, development and use of critical technologies as necessary, as well as to state conduct in cyberspace.</p> <blockquote><p>Australia reaffirms our commitment to act in accordance with the recommendations of UN Group of Governmental Experts, as endorsed by the General Assembly, and we call on all countries to do the same.</p></blockquote> <p><cite>Dr Tobias Feakin, Ambassador for Cyber Affairs and Critical Technology, address to the UN Security Council Arria-Formula Meeting: Cyber Stability, Conflict Prevention and Capacity Building, May 2020.</cite></p> <h3>NORMS OF RESPONSIBLE STATE BEHAVIOUR</h3> <p>International law does not stand alone. Recognising the unique attributes of cyberspace, in 2015 all states agreed to be guided in their use of ICTs by eleven voluntary and non-binding norms of responsible state behaviour in cyberspace. These norms complement, but do not replace states' existing legal obligations. Combined, they establish clear expectations of responsible behaviour. By signalling acceptable behaviour for states, international law and norms promote predictability, stability and security.</p> <p>To be effective, the eleven agreed norms must be implemented by all countries. Practical guidance supported by coordinated capacity building, is needed so that all countries are in a position to implement the agreed norms. In support of this, Australia has published non-exhaustive examples of the ways in which Australia observes the eleven norms.</p> <p>Australia – through our Cyber and Critical Technology Cooperation Program – will continue to support targeted capacity building to ensure that ASEAN and Pacific Island countries are able to respond to the challenges and embrace the opportunities that cyberspace and critical technologies provide. This includes: providing assistance to help countries identify and fill gaps in norm implementation, or to support active engagement in discussions on the articulation of norms in relation to critical technology; and supporting countries to implement CBMs.</p> <h3>UN GROUP OF GOVERNMENTAL EXPERTS AND UN OPEN ENDED WORKING GROUP</h3> <p>Australia is actively involved in two UN processes discussing responsible state behaviour in cyberspace – a sixth <a class="case-study-link" href="#laws">Group of Governmental Experts</a> (GGE) [A/RES/73/266] and an inaugural Open Ended Working Group (OEWG) [A/RES/73/27]. Previous iterations of the GGE developed the Framework of Responsible State Behaviour in Cyberspace, which has been endorsed by all countries, by consensus, at the United Nations General Assembly. Australia's priorities for both this GGE and the OEWG are: to deepen understandings of how existing international law and agreed norms apply; agree practical guidance on how to implement the recommendations of previous GGE reports; and, develop recommendations to better coordinate and target cyber capacity building in support of implementation. We will continue to actively engage in these processes and any future iterations of multilateral discussions of responsible state behaviour in cyberspace.</p> <p>As technology becomes increasingly critical to our way of life, consideration of what is acceptable state conduct will increase in importance. Australia considers that the elements of the Framework of responsible state behaviour in cyberspace could provide a model for articulating acceptable responsible state behaviour for the design, development and use of particular critical technologies. For instance, it may be appropriate, in particular contexts, for states to clarify how existing international law applies to states' use of a particular critical technology, or to consider the value of agreeing complementary voluntary non-binding norms with respect to that technology. Australia will support and shape these discussions in line with our values, national interests, the international rules-based order, and our commitment to maintaining a peaceful and stable international environment.</p> </div> </div> </div> </div></div> <div class="field__item"><div class="content-block-outer"> <div class="content-block-inner"> <div class="paragraph paragraph--type--chapter-content-block paragraph--view-mode--default"> <h2 class="field field--name-field-title field--type-string field--label-hidden field__item">Deter and respond to unacceptable behaviour</h2> <div class="clearfix text-formatted field field--name-field-content field--type-text-long field--label-hidden field__item"><p>Some state and state-sponsored actors increasingly flout international law and norms, in spite of the clear expectations set by the international community of responsible behaviour in cyberspace. In doing so, they threaten international peace and stability.</p> <p>Deterring malicious cyber activity protects our national interests, maintains international stability and promotes continued global economic growth. The objective of Australia's cyber deterrence efforts is to prevent cyber activity that is damaging to Australia and detrimental to our interests, including those of our partners.</p> <blockquote><p>As responsible states that uphold the international rules-based order, we recognize our role in safeguarding the benefits of a free, open, and secure cyberspace for future generations. When necessary, we will work together on a voluntary basis to hold states accountable when they act contrary to this framework, including by taking measures that are transparent and consistent with international law. There must be consequences for bad behaviour in cyberspace.</p></blockquote> <p><cite>Joint Statement on Responsible State Behaviour in Cyberspace, 23 September 2019</cite></p> <div class="widget1 widget"> <h3 class="widget_title">AUSTRALIA'S STATEMENT OF PRINCIPLES ON CYBER DETERRENCE</h3> <div class="widget_content"> <p>We work to actively prevent cyber attacks, minimise damage, and respond to malicious cyber activity directed against our national interests. We deny and deter, while balancing the risk of escalation. Our actions are lawful and aligned with the values we seek to uphold and will therefore be proportionate, always contextual and collaborative. We can choose not to respond.</p> </div> </div> <p>Australia's cyber deterrence posture consists of four core elements.</p> <ol> <li><strong>Denial practices</strong> – Australia will ensure that we can discourage, detect, disrupt and contain malicious cyber behaviour thereby increasing the cost and reducing the benefits for perpetrators.</li> <li><strong>Signalling</strong> – Australia will provide clear, consistent and credible messages to demonstrate our willingness and ability to impose costs on those who carry out malicious cyber activity.</li> <li><strong>Responses</strong> – Australia will respond to malicious activity in cyberspace, just as we will to any other malicious activity against Australia's interests. Australia's responses to malicious cyber activity could comprise law enforcement or diplomatic, economic or military measures as appropriate. Australia will only respond when it is in our national interests to do so and responses will not always be public. The objective of responding is to promote responsible state behaviour, thereby protecting a peaceful and stable international environment.</li> <li><strong>International cooperation</strong> – Australia will work with other states to strengthen global responses to unacceptable behaviour. Our ability to deter and respond to malicious cyber activities is stronger when we act in concert with our allies and partners. International coordination and information sharing on attribution, signalling and responses creates a force multiplier effect.</li> </ol> <p>Australia's responses to malicious cyber activity could comprise law enforcement or diplomatic, economic or military measures as appropriate. Our ability to deter and respond to malicious cyber activity is founded on the strength of our cyber security posture. The Government's significant investment in this capability ensures Australia can discourage, detect, respond to and contain malicious cyber activity that affects our national security and interests (see Cyber Security on page 48).</p> <p>Just as we act to deter and respond to malicious activity in cyberspace, so too will we work to prevent other technologies being used to undermine our national security and international peace and stability. Consistent with our established cyber deterrence posture, Australia will similarly develop and define our approach to deterring the irresponsible use of critical technology.</p> <div class="widget1 widget"> <h3 class="widget_title">PUBLIC ATTRIBUTIONS BY AUSTRALIA</h3> <div class="widget_content"> <p>Public attribution of malicious cyber activities to states is one tool in Australia's toolkit of responses. Since 2017, Australia has worked with international partners and attributed malicious cyber activity to state actors on nine occasions:</p> <ul> <li>December 2017, Australia attributed the 'WannaCry' ransomware campaign to the Democratic People's Republic of Korea</li> <li>February 2018, Australia attributed the 'NotPetya' malware attacks on critical infrastructure and businesses to Russia</li> <li>April 2018, Australia attributed the worldwide targeting of Cisco routers to Russian state-sponsored actors</li> <li>August 2018, Australia called-out Iran for a spear-phishing campaign against Australian universities. This followed an earlier attribution by the United Kingdom and the United States</li> <li>October 2018, Australia attributed a pattern of malicious cyber activities and, separately, cyber operations against OPCW and MH17 investigations to Russia</li> <li>December 2018, Australia attributed to China a global campaign of malicious cyber activity targeting Managed Service Providers, including in Australia</li> <li>February 2020, Australia attributed to Russia a malicious cyber operation targeting Georgia</li> <li>July 2020, Australia attributed to Russian actors malicious cyber activity targeting organisations involved in COVID-19 vaccine development.</li> <li>April 2021, Australia attributed to Russian state actors malicious cyber activity targeting US software firm, Solarwinds.</li> </ul> </div> </div> <div class="widget3 widget"> <div class="widget_content"> <ul></ul> </div> </div> </div> </div> </div> </div></div> <div class="field__item"><div class="content-block-outer"> <div class="content-block-inner"> <div class="paragraph paragraph--type--chapter-content-block paragraph--view-mode--default"> <h2 class="field field--name-field-title field--type-string field--label-hidden field__item">Confidence building measures</h2> <div class="clearfix text-formatted field field--name-field-content field--type-text-long field--label-hidden field__item"><p>Australia will continue to develop and implement <a class="case-study-link" href="#pocd">Confidence Building Measures (CBMs)</a> to reduce the risk of conflict stemming from the malicious use of cyberspace by promoting trust and assurance among states, increasing inter-state cooperation, and promoting transparency, predictability and stability. We will expand this work to incorporate consideration of critical technologies.</p> <p>This includes transparency measures such as participating in policy dialogues, discussion on the rights and obligations of states in the use of offensive cyber and critical technology capabilities. We will also encourage countries to develop and publish their own cyber and critical technology international engagement strategies.</p> <div class="widget1 widget"> <h3 class="widget_title">CONFIDENCE BUILDING MEASURES – PROMOTING TRANSPARENCY ON OFFENSIVE CYBER CAPABILITIES</h3> <div class="widget_content"> <p>Australia recognises the legitimate right of countries to develop offensive cyber capabilities. Many countries already have, and more are in the process of developing, these capabilities. Australia is one of a few countries that has publicly declared that we develop and use such capabilities. Australian cyber operations comply with Australian law and are conducted in accordance with international law – including the UN Charter in its entirety – as well as agreed norms of responsible state behaviour.</p> <p>We recognise that, similar to other military capabilities, details of specific capabilities and operations will need to remain classified. However, Australia is transparent about the existence of our offensive cyber capabilities in order to foster a more mature conversation about the rights and obligations that govern their use, particularly the cumulative reports of the UN GGEs, as endorsed by consensus by the UN General Assembly [A/RES/65/41; A/RES/68/243; A/RES/70/237].</p> <p>Australia encourages other countries to be similarly transparent about their capabilities and unequivocal in their commitment to act in accordance with the agreed Framework for Responsible State Behaviour – transparency breeds accountability, predictability and stability.</p> </div> </div> <p>Australia will continue to develop and promote risk reduction measures, to build confidence in states' ability to respond to specific instances of malicious cyber activity without escalation.</p> <p>We will also continue to engage in cooperative measures, to promote collaboration between countries, based on a mutual commitment to improve resilience and reinforce a peaceful and stable online environment. This includes, for example, information exchange on best practices, such as through our Cyber Bootcamp Project for selected ASEAN and Pacific countries.</p> </div> </div> </div> </div></div> </div> <div class="field field--name-field-chapter-case-studies-block field--type-entity-reference-revisions field--label-hidden field__items"> <div class="field__item"> <div class="paragraph paragraph--type--chapter-case-studies paragraph--view-mode--default"> <div class="field field--name-field-case-study-link-id field--type-string field--label-hidden field__item">frsbc</div> <div class="clearfix text-formatted field field--name-field-case-study-content field--type-text-long field--label-hidden field__item"><h3 class="widget_title">THE UNITED NATIONS (UN) FRAMEWORK FOR RESPONSIBLE STATE BEHAVIOUR IN CYBERSPACE</h3> <div class="widget_content"> <p>All members of the UN have agreed, by consensus, that existing international law – in particular, the Charter of the UN in its entirety – is applicable in cyberspace and essential to maintaining peace and stability and promoting an open, secure, stable, accessible and peaceful ICT environment [see UNGA resolutions A/RES/68/243; A/RES/70/237]. All states have also endorsed 11 voluntary non binding norms of responsible state behaviour, and recognised the need for confidence building measures (CBMs) and coordinated capacity building. Combined, these measures (international law, norms, CBMs and capacity building) provide the basis for a secure, stable and prosperous cyberspace, and are often referred to as the UN Framework for Responsible State Behaviour (the Framework). Each element of the Framework is mutually reinforcing and no one element should be considered in isolation.</p> </div> </div> </div> </div> <div class="field__item"> <div class="paragraph paragraph--type--chapter-case-studies paragraph--view-mode--default"> <div class="field field--name-field-case-study-link-id field--type-string field--label-hidden field__item">laws</div> <div class="clearfix text-formatted field field--name-field-case-study-content field--type-text-long field--label-hidden field__item"><h3 class="widget_title">UN GROUP OF GOVERNMENTAL EXPERTS ON LETHAL AUTONOMOUS WEAPONS SYSTEMS (LAWS)</h3> <div class="widget_content"> <p>The open-ended UN Group of Governmental Experts (GGE) process underway within the Convention on Certain Conventional Weapons (CCW) was established in 2016 to examine emerging technologies in the area of lethal autonomous weapons systems (LAWS) in the context of the objectives and purposes of the CCW. This process reflects international recognition that the peace and stability dimensions of incorporating emerging technologies such as Artificial Intelligence and robotics into military capabilities must be considered by the international community. Australia welcomes the affirmation by the GGE on LAWS that international humanitarian law continues to apply fully to all weapons systems, including LAWS. We will continue to support processes that strengthen understandings of the responsible use of specific technologies in the context of international peace and stability.</p> </div> </div> </div> </div> <div class="field__item"> <div class="paragraph paragraph--type--chapter-case-studies paragraph--view-mode--default"> <div class="field field--name-field-case-study-link-id field--type-string field--label-hidden field__item">attributions</div> <div class="clearfix text-formatted field field--name-field-case-study-content field--type-text-long field--label-hidden field__item"><h3 class="widget_title">PUBLIC ATTRIBUTIONS BY AUSTRALIA</h3> <div class="widget_content"> <p>Public attribution of malicious cyber activities to states is one tool in Australia's toolkit of responses. Since 2017, Australia has worked with international partners and attributed malicious cyber activity to state actors on nine occasions:</p> <ul> <li>December 2017, Australia attributed the 'WannaCry' ransomware campaign to the Democratic People's Republic of Korea</li> <li>February 2018, Australia attributed the 'NotPetya' malware attacks on critical infrastructure and businesses to Russia</li> <li>April 2018, Australia attributed the worldwide targeting of Cisco routers to Russian state-sponsored actors</li> <li>August 2018, Australia called-out Iran for a spear-phishing campaign against Australian universities. This followed an earlier attribution by the United Kingdom and the United States</li> <li>October 2018, Australia attributed a pattern of malicious cyber activities and, separately, cyber operations against OPCW and MH17 investigations to Russia</li> <li>December 2018, Australia attributed to China a global campaign of malicious cyber activity targeting Managed Service Providers, including in Australia</li> <li>February 2020, Australia attributed to Russia a malicious cyber operation targeting Georgia</li> <li>July 2020, Australia attributed to Russian actors malicious cyber activity targeting organisations involved in COVID-19 vaccine development.</li> <li>April 2021, Australia attributed to Russian state actors malicious cyber activity targeting US software firm, Solarwinds.</li> </ul> </div> </div> </div> </div> <div class="field__item"> <div class="paragraph paragraph--type--chapter-case-studies paragraph--view-mode--default"> <div class="field field--name-field-case-study-link-id field--type-string field--label-hidden field__item">pocd</div> <div class="clearfix text-formatted field field--name-field-case-study-content field--type-text-long field--label-hidden field__item"><h3 class="widget_title">ASEAN REGIONAL FORUM POINT-OF-CONTACT DATABASE</h3> <div class="widget_content"> <p>Australia and Malaysia's proposal for an ASEAN Regional Forum (ARF) cyber points of contact directory was approved by Ministers in 2020. The directory is a simple, voluntary confidence building measure, consisting of relevant points of contact from participating ARF members. The directory is a foundational risk reduction measure which seeks to facilitate near real time communication in the event of ICT security incidents of potential regional security significance.</p> </div> </div> </div> </div> </div> Wed, 04 Nov 2020 04:44:53 +0000 andrew.collins 9 at https://www.internationalcybertech.gov.au UK-US-Canada Joint Advisory on Russia https://www.internationalcybertech.gov.au/node/22 <span class="field field--name-title field--type-string field--label-hidden">UK-US-Canada Joint Advisory on Russia</span> <span class="field field--name-uid field--type-entity-reference field--label-hidden"><span lang="" about="/user/6" typeof="schema:Person" property="schema:name" datatype="">kate.vardos</span></span> <span class="field field--name-created field--type-created field--label-hidden">Fri, 2020-07-17 16:54</span> <div class="field field--name-field-content-blocks field--type-entity-reference-revisions field--label-hidden field__items"> <div class="field__item"> <div class="content-left paragraph paragraph--type--content-date paragraph--view-mode--default"> </div> </div> <div class="field__item"> <div class="highlight paragraph paragraph--type--rich-text paragraph--view-mode--default"> <div class="block-inner"> <h2 class="field field--name-field-title field--type-string field--label-hidden field__item">Joint media release</h2> <div class="clearfix text-formatted field field--name-field-text field--type-text-long field--label-hidden field__item"><p><em>Australian Government Department of Foreign Affairs, Australian Government, Australian Cyber Security Centre, and Australian Government Department of Home Affairs</em><br />  </p> <p>Today, Australia declares its support for the release of the Joint Cyber Security Advisory by the US, UK and Canada, which details malicious cyber activity by Russian actors targeting organisations involved in COVID-19 vaccine development.</p> <p>The Joint Advisory makes clear that these cyber actors are conducting an ongoing campaign against government, diplomatic, think tank, healthcare and energy targets to steal intellectual property. The Advisory notes that the cyber actors almost certainly operate as part of Russian intelligence services.</p> <p>Australia is concerned by any reports that malicious cyber actors are seeking to exploit the current pandemic for their own gain. The targeting of COVID19 vaccine development and research during a pandemic is completely unacceptable behaviour.</p> <p>The Australian Government calls on Russia to cease immediately any cyber activity, or support for such activity, which is inconsistent with their international commitments.</p> <p>Australia, through the office of the Ambassador for Cyber Affairs and Critical Technologies, has registered our concern at the United Nations about malicious activity targeting health infrastructure. Australia's Cyber Cooperation Program is assisting countries in our region to strengthen their cyber resilience.</p> <p>The Australian Cyber Security Centre (ACSC) is working closely with organisations across Australia to help build their resilience to cyber compromises and is engaging with victims of malicious cyber incidents to offer cyber security advice and assistance.</p> <p>The ACSC, assisted by our law enforcement and industry partners, is working to disrupt and prevent COVID-19-related cyber activity.</p> <p>The Australian Government has announced it is investing $1.35 billion to further enhance Australia’s cyber security capabilities and that the 2020 Cyber Security Strategy will be delivered in coming months.</p> <p>We encourage all Australian citizens and organisations to remain vigilant about cyber security threats. The ACSC’s cyber security advice is available at <a href="http://cyber.gov.au/">cyber.gov.au.</a></p> </div> </div> </div> </div> </div> Fri, 17 Jul 2020 06:54:19 +0000 kate.vardos 22 at https://www.internationalcybertech.gov.au Minister Payne statement: attribution of malicious cyber activity in Georgia to Russian Military Intelligence https://www.internationalcybertech.gov.au/node/56 <span class="field field--name-title field--type-string field--label-hidden">Minister Payne statement: attribution of malicious cyber activity in Georgia to Russian Military Intelligence</span> <span class="field field--name-uid field--type-entity-reference field--label-hidden"><span lang="" about="/user/6" typeof="schema:Person" property="schema:name" datatype="">kate.vardos</span></span> <span class="field field--name-created field--type-created field--label-hidden">Fri, 2020-02-21 10:52</span> <div class="field field--name-field-content-blocks field--type-entity-reference-revisions field--label-hidden field__items"> <div class="field__item"> <div class="content-left paragraph paragraph--type--content-date paragraph--view-mode--default"> </div> </div> <div class="field__item"> <div class="highlight paragraph paragraph--type--rich-text paragraph--view-mode--default"> <div class="block-inner"> <h2 class="field field--name-field-title field--type-string field--label-hidden field__item">Attribution of malicious cyber activity in Georgia by Russian Military Intelligence</h2> <div class="clearfix text-formatted field field--name-field-text field--type-text-long field--label-hidden field__item"><p>Today, the Australian Government has joined international partners to condemn malicious cyber activity by Russia targeting the state of Georgia in October last year.</p> <p>In consultation with our partners and allies, the Australian Government has determined that the GRU, Russia’s military intelligence service, carried out a series of disruptive cyber actions against a range of Georgian web hosting providers that resulted in widespread defacement of several thousand websites in October 2019.</p> <p>Websites affected included sites belonging to the Georgian government, courts, NGOs, media and businesses.  These disruptive operations also interrupted the service of several national broadcasters.</p> <p>A month before Russia’s malicious cyber activity against Georgia, I co-sponsored with the United States and The Netherlands the <em>Joint Statement on Advancing Responsible State Behaviour in Cyberspa</em>ce in New York in the margins of UN Leaders Week.</p> <p>This Statement and Australia’s International Cyber Engagement Strategy recognise Australia’s role in safeguarding the benefits of an open, free and secure cyberspace – now and for future generations – and underscore our commitment to upholding the international rules-based order in cyberspace.</p> <p>This commitment requires us to hold states accountable when they act contrary to the agreed framework of responsible state behaviour in cyberspace.</p> <p>The international community – Russia included – has agreed that international law and norms of responsible state behaviour apply in cyberspace.  This malicious cyber activity contradicts Russia’s attempts to claim it is a responsible actor in cyberspace and demonstrates a continuing pattern of reckless Russian GRU cyber operations against a number of countries.</p> <p>There must be consequences for malicious behaviour in cyberspace.  When it is in our interest to do so, Australia considers a range of measures, including public attribution, to respond to malicious cyber incidents, especially those with the potential to undermine global economic growth, national security and international stability.</p> <p>We will not stand by when cyberspace is used to destabilise democracies, undermine institutions or disrupt critical infrastructure.</p> <p>Russia has previously agreed to act in accordance with the framework of responsible state behaviour in cyberspace. Australia calls on Russia to fulfil its commitments under that framework.</p> <h2>Media enquiries</h2> <ul> <li>Minister's office: (02) 6277 7500</li> <li>DFAT Media Liaison: (02) 6261 1555</li> </ul> </div> </div> </div> </div> </div> Thu, 20 Feb 2020 23:52:54 +0000 kate.vardos 56 at https://www.internationalcybertech.gov.au Attribution of Chinese cyber-enabled commercial intellectual property theft https://www.internationalcybertech.gov.au/node/85 <span class="field field--name-title field--type-string field--label-hidden">Attribution of Chinese cyber-enabled commercial intellectual property theft</span> <span class="field field--name-uid field--type-entity-reference field--label-hidden"><span lang="" about="/user/6" typeof="schema:Person" property="schema:name" datatype="">kate.vardos</span></span> <span class="field field--name-created field--type-created field--label-hidden">Fri, 2018-12-21 14:39</span> <div class="field field--name-field-content-blocks field--type-entity-reference-revisions field--label-hidden field__items"> <div class="field__item"> <div class="content-left paragraph paragraph--type--content-date paragraph--view-mode--default"> </div> </div> <div class="field__item"> <div class="highlight paragraph paragraph--type--rich-text paragraph--view-mode--default"> <div class="block-inner"> <div class="clearfix text-formatted field field--name-field-text field--type-text-long field--label-hidden field__item"><p>Today, the Australian Government joins other international partners in expressing serious concern about a global campaign of cyber-enabled commercial intellectual property theft by a group known as APT10, acting on behalf of the Chinese Ministry of State Security.</p> <p>The sustained cyber intrusions by APT10 were significant and focussed on large scale Managed Service Providers (MSPs) – specialist companies that manage IT services and infrastructure for many medium to large businesses and organisations, both in Australia and globally.</p> <p>When it is in our interests to do so, Australia publicly attributes cyber incidents, especially those with the potential to undermine global economic growth, national security and international stability.</p> <p>Australia calls on all countries – including China – to uphold commitments to refrain from cyber-enabled theft of intellectual property, trade secrets and confidential business information with the intent of obtaining a competitive advantage. These commitments were agreed by G20 Leaders in 2015. Australia and China reaffirmed them bilaterally in 2017.</p> <p>The worldwide cyber security compromise serves as a reminder that all organisations must remain vigilant about security and that organisations such as MSPs must be responsible and accountable to those they serve.</p> <p>The Australian Cyber Security Centre (ACSC) has issued advice on concrete steps that MSPs and their clients can take to limit their exposure and protect their information.</p> <p>All Australian businesses and organisations that use a MSP are strongly encouraged to visit <a href="http://www.cyber.gov.au/">www.cyber.gov.au</a> and to implement this advice.</p> <p>The Australian Government is committed to providing confidence and a level playing field for Australian businesses, exporters and research communities. We are proud of Australian innovation and ingenuity, and we want to ensure Australians retain the benefit of our effort.</p> <p>The Australian Government is committed to promoting a resilient cyber security culture that benefits all Australians.</p> <h2>Media enquiries</h2> <ul> <li>Minister's office: (02) 6277 7500</li> <li>DFAT Media Liaison: (02) 6261 1555</li> </ul> </div> </div> </div> </div> </div> Fri, 21 Dec 2018 03:39:41 +0000 kate.vardos 85 at https://www.internationalcybertech.gov.au Australia condemns cyber operations attributed to Russia targeting OPCW and MH17 investigations https://www.internationalcybertech.gov.au/node/88 <span class="field field--name-title field--type-string field--label-hidden">Australia condemns cyber operations attributed to Russia targeting OPCW and MH17 investigations</span> <span class="field field--name-uid field--type-entity-reference field--label-hidden"><span lang="" about="/user/6" typeof="schema:Person" property="schema:name" datatype="">kate.vardos</span></span> <span class="field field--name-created field--type-created field--label-hidden">Fri, 2018-10-05 14:48</span> <div class="field field--name-field-content-blocks field--type-entity-reference-revisions field--label-hidden field__items"> <div class="field__item"> <div class="content-left paragraph paragraph--type--content-date paragraph--view-mode--default"> </div> </div> <div class="field__item"> <div class="spacing-bottom-default spacing-top-default highlight paragraph paragraph--type--rich-text paragraph--view-mode--default"> <div class="block-inner"> <div class="clearfix text-formatted field field--name-field-text field--type-text-long field--label-hidden field__item"><p>Australia condemns the cyber operations attributed to Russia against the Organisation for the Prohibition of Chemical Weapons (OPCW) and against Malaysian locations participating in the Flight MH-17 investigation as revealed by Dutch and UK authorities overnight.</p> <p>Such actions by Russia, an OPCW Member State and a Permanent Member of the UN Security Council, undermine global integrity and trust in the arms control and verification framework, which plays a critical role in promoting and assuring the global prohibition against any use of chemical weapons.</p> <p>Likewise, any actions intended to compromise or undermine the integrity of the Joint Investigation Team’s authorised and legitimate investigation into the destruction of Flight MH-17, which resulted in the death of all aboard the flight, are unacceptable.</p> <p>These attributions raise questions about Russia’s credibility in wanting to genuinely resolve the issues surrounding what happened to Flight MH-17.</p> <p>Australia joins other nations in calling on Russia to strongly affirm its commitment to acting as a reliable party to the investigation and subsequent resolution of the matter.</p> <p>The events of the last 48 hours demonstrate the resolve of the international community – including Australia – to uphold the international rules-based order in the online world, just as we do elsewhere.</p> <div class="body-font-color">Media enquiries</div> <div class="body-font-color">Minister's office: (02) 6277 7500</div> <p>DFAT Media Liaison: (02) 6261 1555</p> </div> </div> </div> </div> </div> Fri, 05 Oct 2018 04:48:10 +0000 kate.vardos 88 at https://www.internationalcybertech.gov.au Attribution of a Pattern of Malicious Cyber Activity to Russia https://www.internationalcybertech.gov.au/node/87 <span class="field field--name-title field--type-string field--label-hidden">Attribution of a Pattern of Malicious Cyber Activity to Russia</span> <span class="field field--name-uid field--type-entity-reference field--label-hidden"><span lang="" about="/user/6" typeof="schema:Person" property="schema:name" datatype="">kate.vardos</span></span> <span class="field field--name-created field--type-created field--label-hidden">Mon, 2018-10-01 14:46</span> <div class="field field--name-field-content-blocks field--type-entity-reference-revisions field--label-hidden field__items"> <div class="field__item"> <div class="content-left paragraph paragraph--type--content-date paragraph--view-mode--default"> </div> </div> <div class="field__item"> <div class="spacing-bottom-default spacing-top-default highlight paragraph paragraph--type--rich-text paragraph--view-mode--default"> <div class="block-inner"> <div class="clearfix text-formatted field field--name-field-text field--type-text-long field--label-hidden field__item"><p>Today, the Australian Government has joined international partners to condemn a pattern of malicious cyber activity by Russia targeting political, business, media and sporting institutions worldwide.</p> <p>Based on advice from Australian intelligence agencies, and in consultation with our partners and allies, the Australian Government has determined that the Russian military, and their intelligence arm ‘the GRU’, is responsible for this pattern of malicious cyber activity.</p> <p>While Australia was not significantly impacted, this activity affected the ability of the public in other parts of the world to go about their daily lives. It caused significant, indiscriminate harm to civilian infrastructure and resulted in millions of dollars in economic damage, including in Russia.</p> <p>This is unacceptable and the Australian Government calls on all countries, including Russia, to refrain from these types of malicious activities.</p> <p>Cyberspace is not the Wild West. The International Community – including Russia – has agreed that international law and norms of responsible state behaviour apply in cyberspace. </p> <p>By embarking on a pattern of malicious cyber behaviour, Russia has shown a total disregard for the agreements it helped to negotiate.</p> <p>Australia’s International Cyber Engagement Strategy recognises that there must be consequences for those who act contrary to the consensus on international law and norms.</p> <p>A first step is to attribute malicious behaviour publicly – as we are doing today. Our message is clear: the rule of law applies online, just as it does offline. We will protect the rules-based international order online, just as we do offline.</p> <p>Australia is working with allies and partners to improve cooperative global responses to malicious cyber activity that undermines international security and global economic stability. At home, the Australian Government has invested in world-leading cyber security systems to help deter, detect and manage cyber incidents, together with domestic and international partners.</p> <p>The ACSC has issued updated advice on how to strengthen systems and harden defences. All Australian organisations are strongly encouraged to review the ACSC’s website at <a href="http://www.cyber.gov.au">www.cyber.gov.au</a>. </p> <div class="body-font-color">Unacceptable malicious cyber activity being attributed by Australia to the Russian Military</div> <p>• In October 2017, BadRabbit ransomware infected victims in Ukraine and Russia interrupting businesses and critical national infrastructure, including energy and transport sectors. </p> <p>• In August 2016, the Russian military released confidential medical files relating to a number of international athletes. The World AntiDoping Agency has stated publically that this data came from a hack of its Anti-Doping Administration and management system.</p> <p>• In 2016, the US Democratic National Committee (DNC) was hacked by the Russian Military and documents were subsequently published online.</p> <p>• Between July and August 2015, multiple email accounts belonging to a small UK-based TV station were accessed by the Russian Military and content stolen.</p> </div> </div> </div> </div> </div> Mon, 01 Oct 2018 04:46:24 +0000 kate.vardos 87 at https://www.internationalcybertech.gov.au Australia attributes cyber incident to Russia https://www.internationalcybertech.gov.au/node/96 <span class="field field--name-title field--type-string field--label-hidden">Australia attributes cyber incident to Russia</span> <span class="field field--name-uid field--type-entity-reference field--label-hidden"><span lang="" about="/user/6" typeof="schema:Person" property="schema:name" datatype="">kate.vardos</span></span> <span class="field field--name-created field--type-created field--label-hidden">Tue, 2018-04-17 15:20</span> <div class="field field--name-field-content-blocks field--type-entity-reference-revisions field--label-hidden field__items"> <div class="field__item"> <div class="content-left paragraph paragraph--type--content-date paragraph--view-mode--default"> </div> </div> <div class="field__item"> <div class="spacing-bottom-default spacing-top-default highlight paragraph paragraph--type--rich-text paragraph--view-mode--default"> <div class="block-inner"> <h2 class="field field--name-field-title field--type-string field--label-hidden field__item">Australian Government attribution of cyber incident to Russia</h2> <div class="clearfix text-formatted field field--name-field-text field--type-text-long field--label-hidden field__item"><p>The Australian Government has joined the governments of the United States and United Kingdom in expressing concern at the malicious cyber activity targeting commercially available routers around the world.</p> <p>Based on advice from Australian intelligence agencies, and in consultation with our allies, the Australian Government has determined that Russian state-sponsored actors are responsible for this activity, which occurred in 2017.</p> <p>While a significant number of Australian organisations have been affected by this activity, there is no indication Australian information has been successfully compromised. The Australian Cyber Security Centre has engaged relevant Australian organisations, including through their internet service providers, to provide mitigation advice.</p> <p>Minister for Law Enforcement and Cyber Security Angus Taylor said these incidents are unacceptable and the Australian Government calls on all countries, including Russia, not to take actions that could lead to damage of critical infrastructure that provide services to the public.</p> <p>"Commercially available routers were used as a point of entry, demonstrating that every connected device is vulnerable to malicious activity," Mr Taylor said.</p> <p>"This attempt by Russia is a sharp reminder that Australian businesses and individuals are constantly targeted by malicious state and non-state actors, and we must maintain rigorous cyber security practices."</p> <p>Minister Taylor is currently in the United States meeting with US Government counterparts, including Secretary of Homeland Security Kirstjen Nielsen, along with senior officials in the Department of Justice and the Federal Bureau of Investigation to discuss cyber security and law enforcement priorities, including responses to cyber threats.</p> <p>"A strong alliance between Australia and the United States is crucial if we are to prevent and develop strong defences to state-sponsored cyber incidents," Mr Taylor said.</p> <p>"The Turnbull Government, through its 2016 Cyber Security Strategy and the establishment of the Home Affairs portfolio, is committed to ensuring the Australian public sector, businesses and the community are safe from malicious cyber activity."</p> <p>Furthermore, the 2017 International Cyber Engagement Strategy commits Australia to deter and respond to malevolent behaviour in cyberspace.</p> <p>The ACSC has issued advice on how to strengthen vulnerable devices and prevent malicious cyber activity, and all Australian organisations are strongly encouraged to review that advice on ACSC's website at <a href="https://acsc.gov.au/news.html">https://acsc.gov.au/news.html</a>.</p> </div> </div> </div> </div> </div> Tue, 17 Apr 2018 05:20:21 +0000 kate.vardos 96 at https://www.internationalcybertech.gov.au