BLUF

Cybersecurity focused on defence, and law enforcement might not protect Australian organisations that use externally provided cybersecurity software.

Summary

On 12 December, cybersecurity firm FireEye stated that it had detected an alleged Russian cyberattack that had compromised SolarWinds security software used on its Orion network.   Solar Winds said hackers had inserted malware into a service that provides software updates for the Orion platform. Note the US government and many private companies use Orion software to monitor their IT networks. To put it simply, it is the equivalent of a security company unwittingly making available the keys of the properties they are supposed to be looking after. The 2020 Defence Strategic Update allocates $15B to cyber and information. However, the Australia Cyber Security Strategy 2020, probably does not go far enough, and the government needs to do more. The author argues that the entire Australian economy, including both government and private organisations, must focus on cybersecurity. How do you think we can better protect ourselves from a cyberattack?