Share this article on:
An improvement in diplomatic relations between China and Australia will not reduce the risk of cyber attacks, according to Mike Rogers, former director of the US National Security Agency (NSA).
While China has pushed to improve Australian public opinion of it, Mike Rogers says that Beijing is still running state-sponsored attacks.
“Historically for me as I look at the Chinese, I don’t see a direct correlation between the level of rhetoric and the level of cyber activity,” he said.
“They have a sustained level and focus in cyber that is somewhat detached from the broader day-to-day geopolitical (situation).”
Rogers points out that Australia is increasingly automating various industries, including mining, one of its main exports. China has a keen interest in Australian resources and is the largest importer.
Rogers has stated that the West Australia mining industry could be a target of interest for China.
As systems become increasingly digitised and automated, these industries become more attractive as targets by bad actors.
“[Australia has] automated the process … the flip side is [that] you’re also increasingly a greater potential target,” said Rogers.
Just last year, PwC found that an estimated just over a third of all cyber attacks in 2023 could target operational technology systems, such as mining operations.
Rogers also warned against believing that the Optus and Medibank cyber attacks that dominated the industry last year were “isolated incidents”.
Instead, he said that criminal organisations and other nations are “getting more aggressive, increasing their capability and the impact of some of their activities [is] growing in visibility and significance”.
Furthermore, the strong public response is unlikely to be a deterrent, but rather prove that the attacks worked and were effective, further encouraging bad actors to attack.
“It acts almost as a bit of incentive in the sense that they see effect and they see impact and they say to themselves, hey, is this something that perhaps we could replicate?”
When it comes to how nations treat cyber attacks, Rogers said he was “leery” about writing off the paying of ransoms as a solution, saying that outlawing it could be a mistake.
“For example, when it comes to companies thinking through [if they] should pay or not, one of the things I always asked is are [they] in a situation in which the potential to not regain functionality or access to your data potentially leads to loss of life or injury?”
The Australian government has previously proven its stance against paying ransom in the case of cyber attacks, supporting Medibank in not paying the $15 million ransom. Home Affairs and Cyber Security Minister Clare O’Neil also said that it would consider making them illegal.
“There are discussions in the US along the same lines,” said Rogers.