Australian military cyber warriors authorised to target offshore criminals – ZDNet

The federal government has announced its intention to launch an offensive cyber capability to fight cyber criminals and thwart attacks against Australia.

Anticipating cybercrime to cost the Australian economy at least AU$1 billion per year, Prime Minister Malcolm Turnbull has directed the Australian Signals Directorate (ASD) to use its offensive cyber capabilities to "disrupt, degrade, deny, and deter" organised offshore cyber criminals.

By using the intelligence agency's cyber capability, which Turnbull said is currently used to help target, disrupt, and defeat terrorist organisations such as Daesh, Australia is expected to have a stronger arsenal to prevent and shut-down safe-havens for offshore cyber criminals.

"The recent WannaCry and Petya ransomware attacks have affected governments, businesses, and individuals around the world," Turnbull said on Friday.

"Cyber criminals continue to adapt and evolve their methods and tactics, increasingly employing new methods to gain access to a victim and extort funds. As their level of sophistication has improved, cyber criminals are increasingly targeting businesses directly.

"Our response to criminal cyber threats should not just be defensive. We must take the fight to the criminals."

It is expected the ASD will be tasked with defending Australian military targets from cyber attacks and preparing to launch its own assaults on foreign forces, and that it will comprise of specialists staff with a mixture of defence personnel and public service employees, the ABC reported.

"We are using the offensive cyber capabilities against terrorists, and what we are announcing today is that this now will also be used against cyber criminal networks operating offshore," Australian Minister Assisting the Prime Minister for Cyber Security Dan Tehan said on Friday.

"We have to make sure that we are keeping the mums and dads, the small businesses, large businesses, government departments and agencies secure, and that is why we've made this direction to the ASD."

Addressing the National Press Club in November, Tehan warned of the devastation a "cyberstorm" could have.

"All of us must be on notice -- it is not a case of if but when government, businesses, or individuals will be hit," he said.

"When it comes to cybersecurity, being prepared isn't just having a wall that will block and protect from attacks. Instead, being prepared means minimising risk and having the ability to recover, to remediate, and to respond.

"No police force can guarantee that they will eradicate crime completely. But we can make it a lot harder if the windows aren't open, the doors are locked, and there is a strong cop on the beat."

Turnbull launched the country's AU$240 million cybersecurity strategy in April last year, which is aimed at defending the nation's cyber networks from organised criminals and state-sponsored attackers, and sits alongside the AU$400 million provided in the Defence White Paper for cyber activities.

Since its inception at the end of 2014, there have been over 114,000 reports of cybercrime registered with the Australian Cybercrime Online Reporting Network (ACORN), and, according to Turnbull, 23,700 incidents have been reported over the last six months.

"The government will target criminals wherever they seek to hurt Australian citizens but every Australian has a role to play in ensuring our cybersecurity," the prime minister added. "We must work together to share threat information and learn from each other about the online threats that seek to do us harm."

Also announced on Friday was the transition of the Australian Internet Security Initiative (AISI) from the Australian Communications and Media Authority (ACMA) to the Computer Emergency Response Team (CERT) Australia, which sits within the Attorney-General's Department.

The move comes in response to a recommendation made last month by the Department of Communications after it probed the functions under the ACMA.

The transition will take effect on Saturday, with the ACMA noting it has been working closely with the CERT for a number of months on transferring select cybersecurity functions over.