Cyber terrorism and espionage have been highlighted as growing threats to Australian organisations and government departments, according to a new annual report by the Australian Security Intelligence Organisation (ASIO).
The Annual Report 2011-12, which was tabled in the federal parliament this week, found that ASIO completed more than 150,000 counter terrorism security assessments during the reporting period.
“Emerging technology and an Internet-connected world offer new avenues of espionage,” read the report.
In-depth: Information security 2011 Research Report.
“The espionage threat is evidence by foreign intelligence services seeking agents in relevant positions, including in the Australian public service and working for Australian businesses, but also seeking access to any computer system or network holding data that could be targeted for espionage activity.”
According to the report, cyber espionage state and non-state actors continued to target Australian organisations.
ASIO pointed out that critical infrastructure, such as SCADA networks, is one area organisations need to focus on protecting in Australia.
“Critical infrastructure by its very nature poses a potential target for those who wish to do harm to Australia and so careful consideration must be given to matters having an impact on the security of critical infrastructure,” read the report.
“No single element of critical infrastructure stands alone and the potential for threats against auxiliary assets must also be considered.”
Over the 2011-12 period, ASIO provided 25 briefing sessions on potential or specific threats to critical infrastructure and produced 22 reports. These were sent to more than 153 government and private sector organisations.
Turning to terrorism, ASIO reported that international influences through the Internet will continue to inspire some Australians to potentially join terrorism groups such as al-Qa’ida.
“Over the 12 months, al-Qa’ida and its affiliates have suffered a number of setbacks including the loss of senior figures such as Anwar al-Aulaqi, in Yemen,” read the report.
“The continuing counter-terrorism efforts of Australia’s partners in South-East Asia are also having an effect on regional extremist networks, although terrorist threats persist.”
However, ASIO conceded that these setbacks have not lessened the extent of what the report referred to as “violent jihadist” groups to promote, foster and engage in terrorism.
“The global tempo of terrorist activities, including attacks, attempted attacks, plotting, fundraising and recruitment, remains undiminished.”
The report went on to highlight ASIO’s connection with the Australian arm of the Council of Registered Ethical Security Testers (CREST) which was established in March 2012.
“CREST Australia is the product of co-ordinated engagement with industry involving ASIO, CERT Australia and the Defence Signals Directorate [DSD] and will have an important role in establishing clear and agreed standards for cyber-security testing.”
According to the report, the CREST standards will help the business sector be confident that the work conducted by CREST-accredited IT security professionals is completed with integrity, accountability and to agreed international standards. In addition, CREST Australia is affiliated with CREST Great Britain.
Follow Hamish Barwick on Twitter: @HamishBarwick