Labor has called for the Government to take “real action” in response to the hacking of an Australian defence contractor, which resulted in the theft of 30 gigabytes of data.
The hacker stole technical information on smart bombs, the Joint Strike Fighter, the Poseidon maritime patrol aircraft and several naval vessels over five months last year.
“This is a serious breach with the potential for serious consequences,” shadow assistant minister for cyber security and defence, Gai Brodtmann, and shadow minister for veterans' affairs and defence personnel, Amanda Rishworth, said in a joint statement.
“This isn’t about blame – this is about responsibility. And national security is the Turnbull Government’s chief responsibility. The Turnbull Government is responsible for the cyber resilience of government agencies and this responsibility extends to the contractors the government agencies employ.”
The Government has sought to downplay the seriousness of the breach, saying the stolen data was commercial and not military.
"Fortunately the data that has been taken is commercial data, not military data…it's not classified information," Minister for Defence Industry, Christopher Pyne, told ABC Radio yesterday.
Speaking on ABC 7.30 last night, Foreign Minister Julie Bishop echoed Pyne, saying: “This was not classified information. It was not generated by the Australian government. It wasn't our classified information. It was commercially sensitive information that was being shared between contractors.”
Labor has called the government’s response “flippant”.
“This isn’t the reassurance Australians expect when it comes to the security of multi-billion dollar projects,” Brodtmann and Rishworth said in their statement.
“It is incredibly concerning the minister for defence industry is being so flippant on an issue of national security, instead happy to shift the blame.”
The government has not yet attributed the attack – which an official from the Australian Signals Directorate called “extensive and extreme” – to any individual, group or state.
It is unclear whether the perpetrator is known to the government. While Pyne claimed “I don’t know who did it”, Bishop said “I believe that our intelligence agencies know who did it”.
The document says the country has the capability to attribute malicious cyber activity to "several levels of granularity" down to specific states and individuals.
In response to malicious cyber activity, the strategy explains that Australia could take “law enforcement or diplomatic, economic or military measures”, which may include “offensive cyber capabilities that disrupt, deny or degrade the computers or computer networks of adversaries”.
Labor has called on the government to respond with "real action" to the attack.
“This mess shows we still have a long way to go to ensuring Australia’s cyber security – perhaps further than we thought,” Brodtmann and Rishworth said. “The time for talk is over. We need to see some real action.”