Tech firms reject ASD cyber attack software

July 9, 2021

Nick Bonyhady - The Age - Friday 9 July 2021

Some of the world’s largest technology companies have told Parliament a proposed bill to allow Australia’s cyber security agencies to install software on their networks risked making the problem of digital attacks worse.The federal government has unveiled a bill to address a wave of cyber attacks on Australian organisations, which continued on Thursday when the NSW Education Department was forced to pull platforms offline.The bill would allow the Australian government’s digital security agencies to intervene in companies’ networks to address severe cyber attacks. However, Google, Amazon and Atlassian – with a combined market capitalisation in the trillions – all pushed back hard on Thursday in a hearing with the Parliamentary Joint Committee on Intelligence and Security.They argued their global networks and systems are managed by tens of thousands of engineers and are barraged by sometimes billions of potential attacks every day, and were far too large and complex for the government to step in and install software in response to a threat.“We think in many instances there’s just a really big risk of the government misunderstanding how the regulated entity operates and maybe making things worse,” said Roger Sommerville, the local policy chief at Amazon Web Services, which provides hosting for more than 1 million companies.He said when the government was determined to step in and demand to access their networks, that should require a judge’s approval to ensure transparency in the same way as a search warrant.Shane Huntley, a director of Google’s security group said he “can’t imagine a situation where there is some software from the Australian Cyber Security Centre or the Australian Signals Directorate would even work, let alone be safe”.“I’m not aware of any unique [government] capabilities or software that cannot be matched by the more robust systems that we’ve built for ourselves and commercial systems.”

Atlassian’s representative agreed, saying he could not think of a situation where ASD software would be useful.Labor’s Anthony Byrne, the committee’s deputy chair, described the tech companies’ evidence as concerning.Chairman James Paterson asked the companies to clarify whether they didn’t want any government assistance responding to cyber attacks, prompting them to clarify they valued close collaboration with Australian government agencies on the nature and origin of security threats.During the hearing, Senator Paterson recounted previous evidence from the director of the Australian Signals Directorate, the country’s digital spy agency, that a company under a cyber attack had not informed authorities and used “a whole series of obstructions” when the directorate asked to help.

The company was not identified at the hearing, but Senator Paterson, a Liberal, asked probing questions of a number of other companies about their collaboration with government digital agencies.

Representatives from several companies appearing before the committee, including Qantas, logistics provider Toll and energy firm AGL, said they did not believe theirs was the company in question.

That prompted a reminder from Senator Paterson that lies or omissions to the committee were a contempt of Parliament.

Recent News

All Posts