Australia needs to increase funding for and expand initiatives to protect critical infrastructure if it is to avoid a cyber war similar to the one that has struck Estonia for the past three weeks, according to a Deakin University professor.
The head of Deakin’s School of Information Systems, Professor Matthew Warren, says a recent cyber war in the northern European country proved to the perpetrators that the technology works.
In Estonia the cyber war took the form of coordinated mass requests for information and spam email which slowed down key websites so they did not function or crashed due to the attacks.
The attacks, which started around April 27, have crippled websites for Estonia’s prime minister, banks and less-trafficked sites run by small schools, says Hillar Aarelaid, chief security officer for Estonia’s Computer Emergency Response Team (CERT). But most of the affected websites have been able to restore service.
Aarelaid says analysts have found postings on websites indicating Russian hackers may be involved in the attacks. However, analysis of the malicious traffic shows that computers from the US, Canada, Brazil, Vietnam and others have been used in the attacks, he says.
Deakin’s Warren says this cyber war came out of a political disagreement about a Soviet war memorial the Estonian government wants to relocate and is the most severe to date with over a million computers used.
The Estonian government estimates the damage inflicted will cost tens of millions of euros.
“We are just seeing the start of a new trend in cyber warfare and Australia could be at risk,” Warren says. “We can expect to see an increase in cyber warfare attacks when political disagreements between countries occur.”
The problem with cyber warfare is that a country, sub-state group or individuals can be behind an attack, he says.
A denial of service attack involves commanding other computers to bombard a website with requests for data, causing the site to stop working. Hackers use “botnets” — or groups of computers they’ve infected with malicious software — to launch an attack.
“A worry for Australia is now that whenever Australia has a political disagreement with another country, the end result may be a cyber war against Australia’s online infrastructure,” Warren says.
“Australia urgently needs to prepare for this future risk by expanding current critical infrastructure protection initiatives and increasing funding. We definitely would not want Australia to be the victim of a cyber war like Estonia.”
Warren believes Australia has taken steps to prevent cyber attacks but still lacks a critical infrastructure protection unit. “There isn’t a single agency to coordinate a response,” he says. “There should be a new entity.” According to Warren, the Australian Labor party has proposed a department of homeland security to combat the risks all developed countries are facing.
Jeremy Kirk of the IDG News Service contributed to this story.