Located somewhere between the most ossified forms of kabuki and an episode of the Keystone Cops, the performances from politicians and stenographer journalists over cybersecurity always offer entertainment despite their ritualistic nature.
For years, the Australian government, often in league with its Five Eyes allies, has been complaining about cyberattacks by “foreign actors”, while ostentatiously declining to identify who those actors were — while happily briefing journalists on background that it was China/Russia/etc.
Then back in May, Peter Dutton told Nine’s Anthony Galloway in an “exclusive interview” of a change of approach — he was going to name names. “Where it’s in our interests to call out — whether it’s Russia or China or North Korea or somebody else — we will call them out.”
Galloway is a dutiful reporter of all things national security, and happily adheres to whatever line he’s offered by national security agencies or government ministers. Ridiculously he still refers to the Howard government’s 2004 spying on Timor-Leste to help its friends at Woodside as “alleged” — because obviously the government would prosecute Witness K and his lawyer and threaten them with jail for revealing something that never happened.
Alas, having not exactly been intimidated by Dutton’s threat to name names, China hasn’t let up with its cyberattacks, leaving Dutton’s successor at Home Affairs, Karen “I don’t give out visas, mate” Andrews to join our Five Eyes partners and the EU in calling out the Xi regime. Andrews — in words that will have them quaking in their boots in Beijing — even refused to rule out naming China again in future if it kept it up.
“They won’t get away with it scot free,” she told Galloway. Except, they will, as everyone knows.
What Galloway and similar national security stenographers elsewhere never bother to report is that it is the Morrison government that is Australia’s weakest link on cybersecurity, with most of its agencies and departments, including bodies with major security roles like the Department of the Attorney-General and PM&C, failing to meet even the most basic cybersecurity requirements as prescribed by the Australian Signals Directorate (ASD) years ago.
It’s left to Crikey, our colleagues at The Mandarin and the industry press to call out the hypocrisy of a government hysterically using cybersecurity as a distraction from its own failings when it can’t even do the basics right.
Another omission as the mainstream media plays its part in this farce is any mention that Western countries are engaged in exactly the same cyberattacks that we accuse China, Russia and other “sophisticated state actors” (to use the standard media phrase) of perpetrating, and for the same reasons — commercial espionage. Also missing is mention that it is the eagerness of agencies like the ASD to penetrate the IT systems of foreign governments, militaries and corporations that leaves Western companies and governments exposed, due to the tendency of signals intelligence agencies to hoard software flaws that can be exploited to gain access to systems, rather than alert manufacturers to them.
You literally can’t do what ASD boasts that it does — “reveal their secrets, protect our own”. You can protect our secrets by investing heavily in identifying software flaws and making sure they’re patched as quickly as possible, or you can reveal others’ secrets by leaving those flaws in the wild, and buying or developing tools that will exploit them, in the billion-dollar taxpayer-funded global market for exploits.
But anyway, don’t let those inconvenient facts get in the way of another round of farce in the cybersecurity follies.
Crikey is committed to hosting lively discussions. Help us keep the conversation useful, interesting and welcoming. We aim to publish comments quickly in the interest of promoting robust conversation, but we’re a small team and we deploy filters to protect against legal risk. Occasionally your comment may be held up while we review, but we’re working as fast as we can to keep the conversation rolling.
The Crikey comment section is members-only content. Please subscribe to leave a comment.
The Crikey comment section is members-only content. Please login to leave a comment.