According to a report in the Financial Review, Australia’s financial daily, which has been running a series in cyber terrorism and cyber crime, RBA officials disclosed that the central bank “had been infiltrated by a Chinese-developed malicious software spy program that was seeking intelligence on sensitive G20 negotiations.”
Multiple computers within the RBA’s network were compromised, according the report, but the RBA did not disclose any further details. But it is sufficiently concerned about the attacks that it has had a private security firm carry out penetration testing of its computer network.
In March 2011 French newspaper Paris Match wrote that over 150 computers in the French Ministry of Economy and Finances had been attacked before France’s G20 summit. This was subsequently confirmed by the French Government.
Cyber security has become a big issue in Australia in recent months. In January prime Minister Gillard announced the Australian Cyber Security Centre (ACSC), “a world-class facility combining existing cyber security capabilities across the Attorney-General’s Department, Defence, ASIO, the Australian Federal Police and the Australian Crime Commission in a single location.”
The ASCC will be based in Canberra. It combines a number of existing IT security activities such as the Computer Emergency Response Team (CERT). The government has already committed $1.46 billion out to 2020 to strengthen its networks – that funding will now be brought into the cybersecurity strategy. The government has also established the position of Cyber Policy Coordinator within the PM’s department.
“The centre will provide Australia with an expanded and more agile response capability to deal with all cyber issues — be they related to government or industry,” said Ms Gillard when she announced the centre. “It will also create a hub for greater collaboration with the private sector, state and territory governments and international partners to combat the full breadth of cyber threats.”
Many in the private sector have been pushing for the establishment of such a centre. The most vocal recent call has come from Huawei, keen to boost its local security credentials after being banned from the NBN as a security risk because of its connections to the Chinese Government.
Ms Gillard’s announcement is part of a broader National Security Strategy, which she described as “an open statement to the Australian community, our business sector and to domestic and international partners.
UPDATE: Following media reports of the cyber attacks on its computers the RBA has issued the following release on its website:
As reported in today's media, the Bank has on occasion been the target of cyber attacks. The Bank has comprehensive security arrangements in place which have isolated these attacks and ensured that viruses have not been spread across the Bank's network or systems. At no point have these attacks caused the Bank's data or information to be lost or its systems to be corrupted. The Bank's IT systems operate safely, securely and with a high degree of resilience.
The Bank takes cyber security and its potential consequences extremely seriously. As part of its extensive efforts to ensure that security arrangements are best practice, the Bank routinely consults with the Defence Signals Directorate and draws on the expertise of specialist private firms. There is ongoing rigorous testing of the Bank's IT systems and regular training of staff.