F-43 FOREIGN AFFAIRS AND TRADE Australia - Cyber: Reports of Chinese cyber attacks Possible Ouestion Why has the Government not confronted China about cyber attacks including on DFAT, such as those aired by Four Corners on 27 May? Talking Points As a matter of longstanding principle and practice, the Government does not comment on specific cyber-related incidents, investigations or operations. However, I can say that Australia discusses cyber issues with a range of countries, including China. - Our approach is based on constructi:ve engagement aimed at achieving practical outcomes. A-21 - During her April visit to China, the Prime Minister raised a number of issues with Premier Li, including cyber security. I can also. say that improving cyber defence is a top national security priority for the Govermnent. The Prime Minister's National Security Strategy identifies defending ourdigital networks as one of three priorities over the next five years - a new Australian Cyber Security Centre will be set up to: enhance our understanding of cyber threats; make Australia a harder target for malicious cyber incidents; and bolster our ability to engage international and industry partners. The challenges of cyberspace are global, requiring increased international effort, including through multilateral and regional forums. There is a need for clearer "rules of the road" on what is acceptable behaviour in cyberspace. Australia believes the existing framework of international law, including the UN Charter and international humanitarian law, applies to cyberspace. 26/06/201309:53:34 AM Version 90 - STRICTLY FOR OFFICIAL USE ONLY 1
2 Australia is working with the international community, including China, to achieve cominon understandings on how international law applies. Background Cyber attacks, and their attribution to particular countries,.continue to be a focus of domestic and international media and other attention. On 27 May, ABC's Four Corners program made a number of claims about intrusions into Australian Government and commercial IT systems, including allegations that the plans for the new ASIO building were i:xfiltrated by Chinese hackers. It was alleged that sensitive information was extracted from DFAT's network, but no details were provided. Prime Minister Gillard told Parliament on 28 May that the Four Corners allegations of hacking were "unsubstantiated", affirming the Government's reiterated the Government's long standing practice of not commenting on specific intelligence matters. On 2 June, you (Senator Carr) told the Sky News Australian Agenda program that the Government has raised concerns about cyber attacks with China but you were unable to talk publicly about the extent of cyber attacks on Australian computer systems. 26/06/201309:53:34 AM Version 90 - STRICTLY FOR OFFICIAL USE ONLY 2
3 Prepared Bv: Senior Adviser - Cyber Policy Team ISD/SIB/CYS Phone.: Edit Date: 24 June 2013 09:45:34 AM Cleared By: John Quinn Assistant Secretary ISD/SIB/ Phone: 2043 26/06/201309:53:34 AM Version 90 - STRICTLY FOR OFFICIAL USE ONLY 3
4 F-43 FOREIGN AFFAIRS AND TRADE Australia - Cyber: Reports of Chinese cyber attacks Possible Ouestion Why has the government not confronted China about cyber attacks including on DFAT, such as those aired by Four Comers on 27 May? Talking Points As a matter oflong standing principle and practice, the Government does not comment on specific cyber-related incidents, investigations or operations. A-27 However, I can say that improving cyber defence is a top national security priority for the Government which is also proactively engaging business and the wider community. The Prime Minister's National Security Strategy released on 23 January identifies defending our digital networks through integrated cyber policy and operations as one of three priorities over the next five years - a new AustralianCyber Security Centre will be set up to enhance our understanding of cyber threats; make Australia a harder target for malicious cyber incidents; and bolster our ability to engage international and industry partners. Austra.lia also discusses cyber issues with a range of countries, including China. - Our approach is based on constructive engagement aimed at achieving practical outcomes. The challenges of cyberspace are global and thus require increased international effort, including through multilateral and regional forums. Australia is working with the international community, including China, through a UN Expert Group, to develop common understandings on the application of existing international law, including the UN Charter, to cyberspace. Australia consults closely with the US, its alliance partner on cyber issues. Background 24/06/201303:37:22 PM Version 49 - STRICTLY FOR OFFICIAL USE ONLY 1
5 Cyber attacks, and their attribution to particular countries, continue to be a focus of domestic and international attention. The ABC's Four Corners program, aired on 27 May, made a number of claims about intrusions into Australian Government and commercial IT systems. The focus of the program was on two specific cases - allegations that the plans for the new ASIO building were ex filtrated by Chinese hackers and that Adelaide based communications company Codan had, as a result of cyber intrusions, lost commercially valuable intellectual property information and export contracts to Chinese competitors. Passing reference was made to allegations that sensitive infonnation was extractedfiom DFAT's network, butfew details were provided. Attorney-General Mark Dreyfus who was interviewed would not comment on the claims. Interviewees expressed mixed views about international efforts to address cyber threats, such as through new treaties. Prepared By: Senior Adviser - Cyber Policy Team lsd/sib/cys Phone: Edit Date: 28 May 2013 09:50:27 AM Cleared By: John Quinn Assistant Secretary lsd/sib/ Phone: 2043 24/06/201303:37:22 PM Version 49 - STRICTLY FOR OFFICIAL USE ONLY 2
6 CYBER SECURITY OPERATIONS,General response For national security reasons, it is the long-standing practice of successive Australian Governments not to comment on operational security matters,, Can DFAT confirm that it was the subject of a cyber-attack by China which resulted in the loss of 'sensitive' documents as alleged in the recent,four Corners story? Consistent with statements made by the Attorney-General and Minister for Foreign Affairs about the Four Corners story, we do not intend to comment on hacking allegations made in the program, Are DFAT's cyber security defences, ICT systems and practices aligned with government security requirements? Yes they are: ' - DFAT works closely with the Government's protective security agencies, in particular ASD's Cyber Security Operations Centre, to strengthen our network. - DFAT's ICT systems are designed and maintained to ensure alignment with the Australian Government Information Security Manual (ISM) and the Protective Security Policy Framework (PSPF). DFAT is also enacting ASD's 35, Strategies for Mitigating Cyber Threats.
7 What measures are you taking to prevent future cyber-attacks? As part of the current Whole-of-Government cyber strategy, DFAT is.working to create a safer and more secure digital environment by: - working to improve resilience to cyber attacks, - maintaining cyber security policy to align with Whole-of- Government cyber initiatives and adapt to the changing cyber threat environment, - applying compliance audit processes to provide assurance that DFAT ICT systems and processes comply with the Government's mitigation strategies, and - overseeing DFAT cyber security activities through the recently established internal Cyber Security Governance Committee. Specifically, DFAT protects its classified secure network from attack by isolating it from the Internet: access to the network is confined to Australian Government authorised personnel with appropriate security clearances. In relation to the unclassified network, we apply a range of measures to prevent and detect attacks from outside: the network is designed and operated in accordance with government security policy and standards, including the conduct of regular threat and risk assessments, our gateway to the internet employs up-to-date intrusion detection devices, we apply Australian Signals Directorate's recommended cyber intrusion mitigation strategies, including the top four' mandatory measures, and actively participate in Whole-of Government cyber protection initiatives, and we conduct regular user-awareness training incyber security..
8 Background Recent allegations On 27 May, the ABC Four Corners program alleged hackers, working from locations overseas, targeted key Federal Government departments and major corporations in Australia, including obtaining blueprints of the new ASIO building. The program also alleged a highly sensitive DFAT document had been hacked by a foreign power - China. S 22 (1)(a)(ii) S 22 (1)(a)(ii) Prepared by: IMD I CMD Cleared by Division Heads: IMD/CMD/ISD Date: 31 May 2013 Date: 31 May 2013
9 CYBER - ISD Brief Why has the government not confronted China about cyber attacks including on DFA T, such as those aired by Four Corners on 27 May? As a matter of long standing principle and practice, the Government does not comment on specific cyber-re1ated incidents, investigations or operations. However, I can say that Australia discusses cyber issues with a range of countries, including China our approach is based on constructive engagement aimed at achieving practical outcomes. it would not be appropriate to go into the detail of such discussions. I can say also that improving cyber defence is atop national security priority for the Government which is also proactively engaging business and the wider community. The Prime Minister's National Security Strategy released on 23 January identifies defending our digital networks through integrated cyber policy and operations as one of three priorities over the next five years. a new Australian Cyber Security Centre is being set to enhance our understanding. of cyber threats; make Australia a harder target for malicious cyber incidents; and bolster our ability to engage international and industry partners.
RED TED
11 Background Cyber attacks, and their attribution to particular countries, continue to be a focus of domestic and international attention.
12. The ABC's Four Comers program, aired on 27 May, made a number of claims about intrusions into Australian Government and commercial. IT systems. The focus of the program was on two specific cases - allegations that the plans for the new ASIO building were exfiltrated by Chinese hackers and that Adelaide based communications company Codan had, as a result of cyber intrusions, lost commercially valuable intellectual property information and export contracts to Chinese competitors. Passing reference was made to allegations that sensitive information was extracted from DFAT's network, but few details were provided. Attorney-General Mark Dreyfus who was interviewed would not be drawn to comment on the claims. Interviewees expressed mixed views about the utility of international efforts to address cyber threats, such as through new treaties.. Senator Carr has refused to be drawn by the media into discussion of intelligence and security matters. In a Sky News interview on the morning of 28 May, he stated such cyber issues had 'absolutely no implications for a strategic partnership [with China]'. He declined to comment on whether Australia had raised these allegations with China through diplomatic channels. That evening on Lateline Senator Carr again refused to comment on intelligence and security matters and repeated comments made earlier in the day by the Prime Minister that the Four Comers report contained inaccuracies. Senator Carr also pointed to the need for the world to establish norms to govern cyber activity.. On 2 June, Senator Carr told the Sky News Australian Agenda program that the Government has raised concerns about cyber attacks with China but he was unable to talk publicly about the extent of cyber attacks on Australian computer systems. He also said "international agreements were needed", and that "we needed to get a situation where the world entrenches in treaty form conventions on how we approach it". He drew an analogy with agreements governing chemical and nuclear weapons. Negotiation of such a treaty for cyber would be a very long-term undertaking. During question time on 28 May, Prime Minister Gillard noted that the Four Comers allegations of hacking were "unsubstantiated". She reiterated the government's long standing practice of not commenting on specific intelligence matters. Former Defence Minister Fitzgibbon told Sky News PM Agenda program on 28 May that China was 'very busy' in its cyber activities, and that 'undoubtedly we are [involved in a cyber war]'. Chinese Foreign Ministry spokesman, Hong Lei, was reported by media on 29 and 30 Mayas saying the allegations against China were "groundless" and that "China opposes all forms of hacker attacks".
RED TED
RED TED
15 Media points Cyber Why has the government not confronted China about cyber attacks including on DFAT, such as those aired by Four Corners on 27 May? '. As a matter of long standing principle and practice, the Government does not comment on specific cyber-related incidents, investigations or operations. However, I can say that improving cyber defence is a top national security priority for the Government which is also proactively engaging business and the wider community. The Prime Minister's National Security Strategy released on 23 January identifies defending our digital networks through integrated cyber policy and operations as one of three priorities over the next five years a new Australian Cyber Security Centre is being set to enhance our understanding of cyber threats; make Australia a harder target for malicious cyber incidents; and bolster our ability to engage international and industry partners.
16 Background Cyber attacks, and their attribution to particular countries, continue to be a focus of domestic and international attention. The ABC's Four Comers program,. aired on 27 May, made a number of claims about intrusions into Australian Government and commercial IT systems. The focus of the program was on two specific cases - allegations that the plans for the new ASIO building were exfiltrated by Chinese hackers and.that Adelaide based communications company Codan had, as a result of cyber intrusions, lost commercially valuable intellectual property information and export contracts to
17 Chinese competitors. Passing reference was made to allegations that sensitive information was extracted from DFAT's network, but few details were prpvided. Attorney-General Mark Dreyfus who was interviewed would not comment on the claims. Interviewees expressed mixed views about international efforts to address cyber threats, such as through new treaties.
UNCLASSIFIED 18 Whole-of-government talking points Four Corners program - Hacked (27 May 2013) Whole of Government Talking Points If asked about the ASIO cyber attack We do not comment on operational or intelligen~e matters. General talking points The cyber threat is real and ever present. Australia is experiencing increasingly sophisticated attacks in the public and private sectors. A large number of incidents are considered routine in nature, such as compromised websites. Cyber security experts advise that the problem is significantly larger than the number of incidents detected or reported. To address this, government agencies are working with the public and private sector on a daily basis to better understand the cyber threat, and develop new detection and mitigation techniques. Purposes of cyber attacks There are a range of motives for cyber incidents, including o espionage o corporate attack o illicit financial gain UNCLASSIFIED
UNCLASSIFIED 19 o o political and protest issues, and personal grievance - a disgruntled employee or customer. Cyber threats come from a range of sources, including o individuals o issue-motivated groups o organised criminal syndicates, and o the intellige'nce services of some foreign governments. How valuable a target is Australia? The cyber threat is real and ever present. Australia's security and intelligence agencies have stated publicly that we are experiencing increasingly sophisticated attacks on networks and systems in the public and private sectors. Every business, agency and nation connected to the internet is a target, especially those with valuable assets such as intellectual property and sensitive information. In this regard, Australia, like every other nation, is a target. If asked: What is the Government doing to protect government networks? The Australian Signals Directorate (ASD) developed the Strategies to Mitigate Targeted Cyber Intrusions to bolster the security of Australian government information systems. If the' first four mitigation strategies listed in this paper were implemented;this would have stopped at least 85% of targeted cyber intrusion techniques that ASD responds to. On Wednesday 23 January 2013, the Prime Minister announced the establishment of the Australian Cyber Security Centre as part of the launch of the National Security Strategy. The centre will be responsible for developing a comprehensive understanding of the threat to Australian Government networks and systems of national interest. This will include the nature and extent of the threat posed by the full spectrum of malicious cyber actors, from cyber criminals and lone hackers through to nation states. The ACSC will further the great work already undertaken by the ASD's Cyber Security Operations Centre by providing a whole-of-government approach to tackle the cyber threat. Response to attacks on government agencies and departments ASD,is the agency responsible for protecting government agencies. The agencies situated in the Cyber Security Operations Centre work closely together to share information to help protect all Australian assets. If asked: Is China targeting Australian networks? Defence will not identify any particular nation state so far as cyber security is concerned. As a matter of principle and long standing practice, the Government does not publically discuss specific cyber activities as it could impact on Australia's national security. If asked: Will the Government engage with China over these allegations? As a matter of long standing principle and practice, the Government does not comment on specific cyber-related incidents, investigations or operations. Australia discusses cyber issues with a range of countries, including China. Our approach is based on constructive engagement aimed at achieving practical outcomes. Australia is working with the international community, including China, through a UN Expert Group, to develop common understandings on the application of existing international law, including the UN Charter, to cyberspace. UNCLASSIFIED