“Everybody is so connected, the attack vectors are ubiquitous so you’ve got to make sure that everybody is maintaining a high level of cybersecurity awareness.”
Speaking on the Risky Business podcast, former Australian Prime Minster Malcolm Turnbull said his concern was senior leadership does not have a clear idea of who has system administrator access, and where data was actually stored. Turnbull also said there were too many instances of large scale, industrial machinery being secured with common passwords such as “1234.”
Turnbull, who served as Prime Minister between September 2015 and August 2018, said that a business may have the best defenses and knowledgeable staff, “but if a law firm or accounting firm is doing some work for me has got lesser standards, then everything can be thwarted.” This was an example of the need for an increase in the level of awareness across the board as that is why there are government departments offering advice.
Turnbull also said he saw cybersecurity as an opportunity and a threat, “and there a lot of dimensions to it.” He again cited industrial cybersecurity systems, “and if you’re a power station your adversary’s goal is to get into your system, understand every single element and learn everything about it and at a time of their choosing, blow something up or turn something off. Create some mayhem.”
Discussing the various national dilemmas about Huawei, Turnbull said in his experience he was confident “you could mitigate the risk if you limit to the edge of an FTTN network and multi-service access nodes on the streets, and connect to the last mile of copper wire.”
He said it was not a question of mitigating risk, but about trading it off against cost savings enabled by using more vendors. “So that core edge distinction was really central to everything that was being done in network security,” he said.
Turnbull was communications minister between September 2013 and 2015, before he served as Prime Minister, and said there was a view you could live with high risk vendor kit on the edge in most network environments, and from a vendor point of view, that was not a bad outcome.
Turnbull said he had been involved in the process of making a decision to not use Huawei for a year, and his goal “was to see if we could find a way to see if we could allow vendors and satisfactorily mitigate the risk.” This led to a determination that the risk could not be successfully mitigated, and he stressed that this was not a political decision, but one made after careful consideration.
Concluding, Turnbull said at a conceptual level, you can see where the risks and vulnerabilities are, and ask what you’re doing about it. “In a world of Internet of Things, with billions of sensors all talking to each other, risks to operating technologies is going to be so much greater.”