The Australian Strategic Policy Institute (ASPI) has released a new report concerning the country’s national records and the important role the records play as the collective digital identity of the nation.
As reported, the author of the ASPI report explains how an attack on these records could disrupt the day-to-day functioning of society and why more should be done to protect them.
These records are accurate, confidential and not to be tampered with. Living in the digital era means having these digital identity records transformed into electric data and stored virtually in cloud servers.
These servers act as the memory centre of the nation, preserving Australia’s unaltered history. All this digital information may be referred to as “digital identity assets”.
Since these are important for the government to function and are a legacy for future generations, the records are worth protecting.
They collectively embody who and what Australia is as a nation, its journey, as well as its time and place in history.
Any form of theft, manipulation, destruction, or deletion of digital identity can be problematic as courts may not function without the relevant digital records.
Moreover, manipulated property deeds can create legal challenges. Problems in verifying and issuing of passports and visas may also be encountered.
Plus, historic records might be tampered with or forged.
In the worst-case scenario, such an attack could interfere with the proper functioning of government, and shatter public trust and confidence in government institutions.
Critical infrastructures are not the only target of cyberattacks. Servers hosting the digital assets are also at risk.
With the use of email communications, nation states and individual hackers can gain access to these databases.
Despite this risk, there is still no clear and specific cybersecurity governance framework directed towards detecting and preventing attacks against these assets.
Several suggestions were made to protect Australia’s digital heritage. These are:
- Assessing cyber vulnerabilities alongside social ones
Online disinformation campaigns and malicious cyber activities are all referred to as hybrid threats while cyber situational awareness is the understanding of the complex nature of a hybrid threat.
The ability to effectively resist and recover from malicious hybrid activities depends on the capacity to detect, analyse and understand the nature of the threat, in near real time.
Improvement on cyber situational awareness calls for retention of access logs.
Metadata from government departments should be collected by the computer emergency response team and analysed in near real-time. Metadata can show who accessed a server and from what location.
- Store copies of historical records offline
Simulations should be done on how digital identity assets can be used against the country in order to prepare ways to counter the propaganda.
Moreover, schools and universities, for instance, can store multiple offline historic records, which can be used to verify accuracy when conflicting stories arise.
Using National Archives as a central repository for digital identity assets is a single point of failure. Redundancy work-arounds must be created.
- Engage the private sector
The responsibility of protecting the national records is too big and too important for the government to do alone.
Historical societies and charitable organisations may need to store hard and soft copies of the same records all over the country.
Relevant laws must mandate cybersecurity situational awareness for telecommunications companies, ISPs, computer emergency response teams, law enforcement and security agencies, but in clear and responsible fashion.
A legal mandate that is largely based on past incidents may not be an effective strategy to prevent dynamic hybrid threats.