Australia’s Prime Minister, Malcolm Turnbull, has warned that vulnerabilities stemming from “warmware” are among the top contenders for potential weaknesses in Austalia’s national cyber security posture.
“You can have flaws in the hardware that provide vulnerabilities, flaws in the software, and - as I often say - the biggest vulnerability is often the 'warmware'; the humans making mistakes, or, indeed, taking information as, say Edward Snowden did, in a criminal fashion,” Turnbull told journalists on 24 January.
“The most important thing is to be aware and to practice good cyber hygiene,” he said. “What they [organisations] need is better practices. Generally, as I said, most of these vulnerabilities are a consequence of the 'warmware', the humans failing to protect themselves…opening an attachment to an email that contains fishing malware for example, something of that kind.
“Everyone – most people – are aware of it, but not sufficiently aware. You need to be alert as well,” he said.
Turnbull’s comments were made following a briefing with the Australian Signals Directorate (ASD) – the government intelligent agency tasked with keeping an eye on Australia’s telecommunications, electronic data networks, and external radio monitoring activity – and arrived via the prism of national security.
“Now, as you know, there has been evidence of Russian efforts to influence the recent American election. This is acknowledged now on all sides,” Turnbull said.
At the same time, he conceded that he was “not aware of evidence in recent times that a foreign country has sought to influence an Australian election in the way that has been described in the United States”.
Yet, this didn’t stop Turnbull from talking up the need for both public and private entities to take strides in their efforts to protect themselves against such cyber threats.
“You can pretend these threats are not there, if you like, but that will only make you susceptible to being taken in by them,” he said. “Alertness, awareness is absolutely critical. We have the means to mitigate the risk. You can't eliminate it completely but it is very important to take those steps to do so.
“It is more important than ever, and just as you’ve seen with our Cyber Security Strategy, the appointment of a Cyber Security Adviser, with the efforts we are taking to protect Australians online, to ensure that our critical infrastructure is safe from cyber-attack.
“This is the new frontier of warfare. It’s the new frontier of espionage. It’s the new frontier of many threats to Australian families, to governments, to businesses,” he said.
According to Aaron Bailey, security director at The Missing Link, Turnbull’s “warmware” warning highlights a genuine and continuing source of cyber weakness for both private companies and government entities in Australia alike.
“Something like 80 to 90 per cent of all breaches start with an email to a human,” Bailey told ARN. “A large chunk of initial infections come from a dodgy email sent to a human, and somebody clicks on that link, or opens a zip file or an attachment or whatever it is.”