An unknown malicious actor stole 30 gigabytes of data from a defence contractor. That's a huge security oopsie. But it's also a massive failure of governance, one the government is keen to sweep under the rug.
On Wednesday afternoon, ZDNet broke the story that the stolen data included information on defence projects including the F-35 Joint Strike Fighter, the P-8 Poseidon maritime patrol aircraft, the C-130 transport aircraft, the Joint Direct Attack Munition (JDAM) smart bomb kit, and "a few Australian naval vessels", as an officer from the Australian Signals Directorate (ASD) put it. The story was soon picked up by the mainstream media.
On Thursday morning, the government spin doctoring began.
"This attack on the defence contractor here in Adelaide is really a salutary reminder to everyone that when the government says that businesses need to take their cybersecurity very seriously, we aren't joking," defence industry minister Christopher Pyne told ABC Radio.
"It's a very, very significant part of the defence of these major projects, and all Australian businesses, small and medium enterprises, and primes need to be getting their cybersecurity protections at top level, at top drawer protections, because these kinds of attacks will occur," Pyne said.
All that is true.
By "primes", Pyne means the top-tier defence contractors, Lockheed Martin and Boeing and Raytheon and BAE Systems and Thales and all the other big players. Apparently a prime -- we don't know which one -- was the "partner organisation" that alerted the ASD to the breach, not an intelligence organisation.
The data that was exfiltrated by this unknown malicious actor, which the ASD dubbed "APT ALF", was "commercial data not military data ... not classified information," according to Pyne.
0 comments:
Post a Comment