C y b e r Se cu r i ty
Archives at Risk of Cyber Attack, Security Expert Warns A cybersecurity expert warns Australia’s enemies could take advantage of the National Archives’ less-secure technology to gain access to some of our most sensitive government documents and potentially change or delete records. The federal government is working up a package to respond to David Tune’s review of the Archives, which includes suggestions for beefing up the institution’s cybersecurity. Anne Lyons, a fellow with Defencefunded think tank the Australian Strategic Policy Institute and the Archives’ former chief information officer, says the problem is the institution is vulnerable but the information it holds isn’t necessarily thought of as valuable by policymakers. She warns any attack on the “memory holders, the truth holders” of the nation could cause people to lose trust in their integrity and “create cracks in our democratic and our important institutions”.
without recognising its vital role in coordinating information and recordkeeping right across government every day, she said. “Our critical infrastructure, defence, border security, privacy, personal information and economic assets, our economy, attract the headlines, the attention and ultimately the dollars.” Labor’s cybersecurity spokesman Tim Watts said there was a disconnect between the government’s at-times dramatic rhetoric on cybersecurity and the lack of action in helping the Archives. “We’ve seen plenty of hack and leak campaigns targeting holdings like this in the past and the scale of this risk is only increasing,” he said. “The [Auditor-General] identified serious weaknesses in the Archives’ cyber resilience in 2018 and the Archives has been begging the Morrison government for the funding it needs to fix it ever since. But because there are no press conferences in it for
She paints a scenario when hostile actors have altered digital land title records so no one can prove ownership of their assets, online records of Acts are tampered with and a simultaneous ransomware attack has locked up the archives of major media organisations. “If someone wanted to disrupt [those records], that would be catastrophic,” she said. “We focus so much on highly classified and personal information, protecting our privacy, that this other material that is very, very valuable and very, very important is just left to … the Archives which is totally underfunded,” she said. “The Archives has responsibility [for] both paper and digital. It’s essentially two archives, but it’s only ever had funding for one and that has reduced over the years.” People tended to think of the Archives as being “just about old stuff”
him, Scott Morrison isn’t interested.” The Sydney Morning Herald and The Age have highlighted over recent months the plight of paper, audiovisual and photographic records that are disintegrating in the Archives without urgent funding to digitise them. Ms Lyons said even this could pose cybersecurity risks, because while the original, physical document might still exist the integrity of digital copies had to be secured too. The Tune review says the Archives does have a comprehensive cyberresilience plan, but it doesn’t have the funding needed to put it in place in a timely manner.
Cybersecurity experts warn the digital holdings of the National Archives could be at risk from hostile attacks. Wikipedia
It also found the Archives’ technology systems should be upgraded to “protected” status, used to handle secure government information, but again this hasn’t happened because of lack of funding. It recommends the government make “appropriate investment” to strengthen the Archives’ cyberresilience, along with a $167.4 million proposal to build a new digital archive facility that will protect and preserve modern records. The government is close to finalising a package to help the National Archives immediately salvage documents, film and other at-risk materials while also safeguarding its long-term role. Katina Curtis and Shane Wright The Sydney Morning Herald
59