News

|

National Security

Toll's response too slow: spy agency

August 3, 2021

Anthony Galloway - The Age - Tuesday 3 August 2021

Transport and logistics giant Toll Group has conceded it may be the company that failed to comply with Australia’s cyber spy agency for weeks after it was hit by a significant cyber attack.

Australian Signals Directorate boss Rachel Noble revealed in June that her agency found out about a major cyber attack through media reports and struggled to get information from the company for 13 days, despite the incident having a “national impact on our country”.

Toll Group suffered two major cyber attacks in 2020, which led to the company shutting down a number of systems across multiple sites and business units.

In response to a question on notice from Liberal senator James Paterson, the chair of Parliament’s security and intelligence committee, Toll Group said it was not in a position to know to which company Ms Noble was referring.

The company said “while indeed it may be Toll, we note that the ASD has never raised any formal concerns with our response to date”.

Toll said it was grateful for the ASD’s support during the 2020 cyber attacks.

“Following further internal discussions, we continue to be of the opinion that Toll acted transparently and co-operatively with the ASD. However, we recognise that we may not have responded at the pace the ASD may have expected due to the crises we were experiencing.”

Multiple government and industry sources confirmed Toll was slow to respond to the ASD’s requests for information and was likely to be the company referenced by Ms Noble.

Toll was the only company contacted by the parliamentary inquiry that failed to rule itself out. A number of other companies hit by cyber attacks in recent years – Telstra, Optus, Atlassian, Qantas, Google Cloud and Australian Gas Infrastructure Group – said they did not believe they were the company singled out by Ms Noble.

The intelligence and security committee is reviewing proposed laws that would allow the government to declare an emergency to give agencies such as the ASD the power to forcibly plug into the networks of critical infrastructure to fend off major attacks.

In her evidence to the inquiry on June 11, Ms Noble said there were some “wonderful examples of incredible co-operation” with the ASD but she wanted to provide an example of what “bad looks like”.

“This is a real example but I’m not going to name names, that’s really important: we find out something has happened because there are media reports,” Ms Noble said. “Then we try to reach out to the company to clarify if the media reports are true and they don’t want to talk to us.

“Five days later, we’re still getting a very sort of sluggish engagement of trying to get them to provide data to us and deploy some of our tools ... that goes for 13 days, this incident had a national impact on our country.

“Three months later, they get re-infected and we start again. That is the sort of scenario where this legislation actually gives us the authority through Home Affairs [to intervene].”

Toll was targeted by significant cyber attacks in February and May 2020, with the hackers gaining access to a corporate server and stealing employee and commercially sensitive information relating to clients.

Recent News

All Posts