“We felt it was important to be on the front foot and to be clear with the public as to what we knew and what was ongoing and what we knew about it,” Feakin said on the sidelines of the RSA conference. “We think that’s vital in situations like this.”
Australia’s response to the breach is based in part on watching how the United States, France and other nations have responded to a string of government and political hacks in recent years and talking with those governments about what went right and wrong in their responses, Feakin told me.
In 2016, the Obama administration faced harsh criticism for holding back some information about Russian hacks of the Democratic National Committee and the Hillary Clinton campaign until after the November election. They also did not immediately broadcast intelligence agencies’ conclusion that the operation -- which involved strategic leaks of stolen material that upended Clinton's campaign -- was aimed at helping President Trump win.
By contrast, the Australian government announced the Parliament breach Feb. 8, soon after it was identified, and Prime Minister Scott Morrison revealed the culprit was a “sophisticated state actor” 10 days later — even though no hacked information has been released.
Officials are investigating the breach and haven’t determined yet who that state actor is, Feakin told me. He declined to discuss specific suspects of the hack and said there’s no clear timeline for if or when the government will publicly attribute the breach.
By keeping the public informed about each step of the investigation as it proceeds, however, Australia hopes it can blunt the power of any potential strategic release of the hacked information, Feakin said.
The strategy underscores how information operations aimed at undermining elections — which was relatively new ground in 2016 — have become commonplace just a few years later.
“Clearly every Western democracy is now going to have to manage this problem,” Michael Daniel, who was White House cybersecurity coordinator during the 2016 breaches, told me.
Daniel, who is now president of the Cyber Threat Alliance information sharing group, applauded the Australian efforts to get in front of any information dump. He compared it to the French response to a Russia-linked breach of then-presidential candidate Emmanuel Macron before his 2017 election — which has been another guidepost as nations ponder how to respond to political and election breaches.
In that case, the release of hacked information seemed not to sway many voters — partly because the Macron campaign called out the hackers shortly after breached information started appearing on social media and because French media largely declined to report on the hacked information until after the election.
“The French learned from our experience and they did a little better job,” Daniel said. “The Australians learned from that and they’re doing a little better job.”
The efforts to undermine the U.S. and French elections were both linked to Russia — along with less public operations in more than a dozen other countries in the past three years.
Some Australian media outlets have speculated, however, that China may be responsible for the Australian breach. If true, that would complicate matters because although China has a long history of stealing information for economic and political advantage, it has no public record of strategically releasing that information to sow chaos or affect election outcomes.
Indeed, China reportedly stole troves of information from the campaigns of Obama and Republican nominee Sen. John McCain in 2008 but didn’t release any of it.
China also has an extensive trading relationship with Australia, which would make it far more politically complicated for Australian officials to publicly call out the country for a major hack.
|You are reading The Cybersecurity 202, our must-read newsletter on cybersecurity policy news.|
|Not a regular subscriber?|
PINGED: Chinese Foreign Minister Wang Yi threw his nation’s diplomatic weight Friday behind a lawsuit Huawei filed against the U.S. government, praising the Chinese tech giant for “refusing to be victimized like silent lambs” and attacking the U.S. government for “deliberate political move[s]” to damage Huawei’s reputation, The Washington Post’s Gerry Shih reported.
The lawsuit -- which accuses the U.S. Congress of unfairly singling Huawei out for punishment for banning it from government systems –- comes while the U.S. is urging allies to bar Huawei from their next-generation 5G telecommunications networks, a move that will have far greater economic consequences for the Chinese firm. Both moves are based on a belief Huawei is too directly tied to the Chinese government and could be used as a platform for spying.
“What we want to uphold today is not only the rights and interests of a company, but the right to legitimate development as a nation,” Wang said.
PATCHED: The U.S. government, meanwhile, is moving full steam ahead on Congress’s direction to remove Huawei from government systems despite the company’s lawsuit, Jeanette Manfra, assistant director of the Homeland Security Department’s cybersecurity division, told me at RSA.
Manfra doesn’t expect to find much Huawei equipment being run by government agencies but thinks it’s more likely the government will find Huawei equipment on contractor networks, which are also covered by the congressional ban, or other systems that federal networks link out to, she said.
The effort comes as the government is starting to implement a new supply chain law that gives a newly-created Federal Acquisition Security Council broad authority to recommend barring companies from government networks if they appear to present cybersecurity or national security risks. Manfra, who will be the DHS representative on the council, said she expects many companies won’t present as clear of a risk as Huawei or the Russian anti-virus company Kaspersky did. That means the councils will have to do complex assessments to determine which risks can be mitigated and how much risk is too much, she said.
PWNED: Russian troll groups seem to be shifting their strategy to disrupt the 2020 U.S. elections by promoting politically divisive messages that are already floating around the internet rather than creating their own propaganda, Bloomberg’s Alyza Sebenius reported. The strategy shift could help the troll groups get around protections put in place by Facebook and Twitter to find and remove fake content, Sebenius reported.
“Instead of creating content themselves, we see them amplifying content,” John Hultquist, the director of intelligence analysis at the Cybersecurity company FireEye, told Bloomberg. “Then it’s not necessarily inauthentic, and that creates an opportunity for them to hide behind somebody else.”
Security news from the public sector:
And from the private sector:
Security news from abroad:
- The House Armed Services Committee’s emerging threats panel hearing on the U.S. Cyber Command budget request.
- The House Appropriations Committee’s DHS panel hearing on securing federal networks and state election systems.
- The Senate Small Business Committee hearing on the cybersecurity threat to small businesses.