The federal government has conceded it can’t be certain public service departments are secure against major hacking attacks, as Malcolm Turnbull’s senior cyber adviser suggested Australia might have dodged the latest international crisis because it fell during the weekend.
At least eight Australian businesses have been infected by the bug crippling some systems in Britain, Europe and the US, with a series of investigations ongoing.
So-called ransomware was placed on thousands of computers as part of worldwide extortion plot, shutting down systems unless authorities and businesses paid out hackers’ demands.
At least 200,000 systems in 150 countries have been hit since Friday, including Britain’s National Health System, US parcel giant FedEx and and Germany’s national railway operator.
The Minister Assisting Prime Minister Malcolm Turnbull on Cyber Security, Dan Tehan, said all public service bosses in Canberra and around Australia had been told to update their security systems to guard against the attack, and the government was reasonably confident that all required patching and security upgrades were in place.
Mr Tehan was in contact with Health Minister Greg Hunt and agency bosses at the weekend to increase cyber defences. The government also warned state and territory health departments to take action.
“We cannot say and will not say that any department or agency is 100 per cent secure, because if anyone says that they don’t know what they’re talking about,” Mr Tehan said.
“What you have to continue to be doing is make sure you are putting all the necessary measures in place. We’ve notified all government departments and agencies of the incident and made sure that they have done all the necessary patching that was required to keep themselves protected.”
Mr Tehan said he hoped the attack would lead to more urgency and focus from departmental and agency heads to ensure the federal government was cyber secure.
All members of Parliament and their staff were warned to be vigilient on Monday as officials in charge of Parliament House in Canberra confirmed a Microsoft security patch released in March had been added to all computers.
The Prime Minister’s cyber security adviser, Alastair MacGibbon, said there had been no reports of any issues among Australia’s government agencies or health systems as of Monday afternoon.
“This is not game over for us,” Mr MacGibbon said.
“There are clearly going to be some small businesses impacted … but as a whole of nation, we can be confident so far that we’ve missed the worst of this.”
He said the worst of the attack fell while most Australians were asleep or not at their computers, likely limiting the impact.
The attack “should be a wake-up call for us”, Mr MacGibbon said.
The federal government has advised Australians to update Windows operating systems and back up their data on external hard drives or USBs.
Labor spokeswoman for cyber security, Gai Brodtmann, said the Coalition needed to do more than remind federal departments to update security systems.
“What is the Turnbull government doing to improve the cyber resilience, compliance and governance of its own government agencies?
“And where are the regular, transparent assurance and reporting measures that show they are compliant,” Ms Brodtmann said.