All Commonwealth agencies must undertake thorough audits of their internet technology and share any threat information with the Australian Signals Directorate following instructions from the Department of Home Affairs over growing instances of cyber attacks on Australian entities.
Home Affairs Secretary Stephanie Foster issued a series of instructions last week designed to help the Federal Government identify and head off potential cyber threats.
Three directives – known as Protective Service Policy Framework (PSPF) directives – were distributed across the Australian Public Service and to all Commonwealth-owned entities and companies.
All agencies must now identify indicators of Foreign Ownership, Control or Influence (FOCI) risk as they relate to procurement and maintenance of technology assets and “appropriately manage and report those risks”.
According to the ABC, the government entities must “implement a process when undertaking procurement of technology assets to identify and manage potential FOCI risks” before June next year.
“Foreign interference occurs when activity carried out by, or on behalf of, a foreign power, is coercive, corrupting, deceptive or clandestine, and contrary to Australia’s sovereignty, values and national interests,” one directive states.
A second directive orders a “technology asset stocktake on all internet-facing systems or services” to identify all technology assets managed by, or on behalf of, the Commonwealth entity, which must also develop technology security risk management plans.
The third directive makes it mandatory for all “Australian Government entities using threat intelligence sharing platforms to share cyber threat information with the Australian Signals Directorate”.
It is understood that the three PSPFs make it only the second time such powers have been used, the first being last year when the government banned the use of the Chinese-owned social media platform TikTok in the public service.
At the same time last week, Home Affairs Minister Clare O’Neil also announced a string of new measures to fight foreign interference.
The Counter Foreign Interference Taskforce has been made permanent and will be expanded, and amendments to migration regulations will be implemented to better manage the risk of foreign interference during the screening of visas.
Cancellation powers will be more vigorously used against people suspected of being involved in spy plots.
These measures are being put in place amid the growing concerns that foreign governments are targeting ethnic dissidents now residing in Australia.
A new Foreign Interference Communities Support Hub is being set up to help ethnic groups in Australia identify and report threats against them.
“Foreign interference is a complex problem and we are constantly working with our agencies to make sure that we are covering all possible avenues of attack,” Ms O’Neil said.
“These changes are essential upgrades to our defences, which will result in vulnerable communities and sensitive technologies being better protected from a threat that the Director General of ASIO has identified as the most serious we face.”
This all comes as the ASD publishes new advice on the activities of the Advanced Persistent Threat (APT40) group, which is also linked to China’s Ministry of State Security.
“APT40 has repeatedly targeted Australian networks as well as government and private sector networks in the region, and the threat they pose to our networks is ongoing,” the advisory stated.
“Notably, APT40 possesses the capability to rapidly transform and adapt exploit proof-of-concept(s) (POCs) of new vulnerabilities and immediately utilise them against target networks possessing the infrastructure of the associated vulnerability.
“APT40 regularly conducts reconnaissance against networks of interest, including networks in the authoring agencies’ countries, looking for opportunities to compromise its targets. This group appears to prefer exploiting vulnerable, public-facing infrastructure over techniques that require user interaction, such as phishing campaigns, and places a high priority on obtaining valid credentials to enable a range of follow-on activities.
“APT40 regularly uses web shells … for persistence, particularly early in the life cycle of an intrusion.
“Typically, after successful initial access, APT40 focuses on establishing persistence to maintain access in the victim’s environment.
“However, as persistence occurs early in an intrusion, it is more likely to be observed in all intrusions regardless of the extent of compromise or further actions taken.”
The advisory is an indication that Australia’s pushback against foreign cyber interference is being elevated, supported by its Five Eyes intelligence partners – the United States, Canada, the United Kingdom and New Zealand – as well as Germany, South Korea and Japan.