Air traffic bombarded by cyber criminals every day

combining civil and defence traffic control.

Airservices Australia chief Rob Sharp revealed the threat facing the critical air navigation operation which is now due to go live in late 2027.

Mr Sharp said the rollout of the $1.9bn project had been pushed out by three months as it strengthened cyber security in response to the barrage of hack attempts.

“The reality is, every time we invest, the game changes and you’ve got to put more layers in it, more protection,” Mr Sharp told The Australian.

“I suspect geopolitically that requirement is not going to change anytime soon.”

Australian Federal Police assistant commissioner of cyber command Richard Chin said cyber attacks were now a “prolific” crime that were testing law enforcement worldwide.

He said that at any one time the AFP had “100 or more” open investigations, of which it could expect to close about 20 a year.

As well as government agencies, the cyber criminals targeted everything from large companies right down to individuals.

“It’s a very difficult thing to police by yourself as an agency or a country, so we’re very joined up so when it comes to scams being perpetrated on the Australian community,” Mr Chin said.

“We’ll work with our overseas partners and target large-scale organised crime scam centres that are based in foreign countries – places like the Philippines, Thailand and other places throughout southeast Asia and Europe – to take down large industrial-scale centres.”

Some of the more common types of attacks involved significant data breaches, similar to the Qantas incident in June in which details of 5.7 million customers were stolen.

Mr Chin said those attacks were financially motivated, and they targeted companies with the means to pay large ransoms. “That is a very big criminal industry,” he said.

As Australia prepares to become the first country to combine military and civilian air traffic control, Mr Sharp said no stone was being left unturned to protect the system.

Although 97 per cent of staff could now identify a “phishing email” and report it, Mr Sharp said they needed to do better.

“There’s a combination of security layers that all come together, so when we talk cyber we’re talking that whole ecosystem, not just the software,” he said.

“We’ve got a lot of people so we’ll be upping the security and looking at insider threats as well.”

The new operations centre in Brisbane where civilian and defence air traffic controllers would work side by side was “impenetrable”, Mr Sharp said. He said the design ensured there was no way to get a pipe or camera in.

“Physical security is just as important and no-one could actually pierce that room,” he said.

More than 100 AFP officers are assigned to investigate cyber crime, including technical and intelligence officers, working closely with the Australian Signals Director and the National Office of Cyber Security, as well as overseas agencies.

Mr Chin said given cyber crime was a global problem it made sense that a global effort was being undertaken to combat it.

“Australia is but one of many countries who’ve had this issue and of course the threat actors who are offshore aren’t really concerned about which part of the world it is as long as they have the desired effect,” he said.

“The AFP has always had strong networks overseas and we’ve done that in other traditional crime types; it’s just in this crime space we do it very frequently, it’s very important and it’s almost impossible for one agency to do it alone.”

This article first appeared in The Australian as How Airservices is safeguarding its civil and defence air management system from foreign hackers