The latest Netflix blockbuster Leave The World Behind is more than a sci-fi apocalyptic nightmare. It's a glimpse into our future if the Australian government doesn't ensure we strengthen our cyber defences against hostile nation states.
The movie depicts the way a major cyber attack cripples a country's critical infrastructure. By the time the characters realise what's going on and who may be behind it, society has already broken down around them.
The movie is eerie, suspenseful ... and frighteningly realistic.
A UK parliamentary committee has just been issued a dire warning that the country is at high risk of a "catastrophic ransomware attack" that would bring the country to a standstill, by knocking out power and water supplies, transportation, health and telecommunications. It says it could happen at any minute.
In an ominous parallel to the fictional film, the report also warned of the possibility hackers could take remote physical control of major shipping vessels, hijacking the steering and throttle - reminiscent of the scene where an oil tanker crashes into a busy Long Island beach. The report states an experiment proved it can be done, making the scene potentially prophetic. Australia would be naive at best, and negligent at worst, to assume it can't happen here.
Our society's strength is in our ability to move information quickly. Or at least quicker than our enemy. Without fortifying our cyber defences, we are vulnerable. If threat actors managed to knock out communications in Australia, we would see our critical infrastructure disabled. It's worse than losing our ability to check social media: it's our traffic lights, water supply, sewerage systems, banking systems, navigation systems. The list goes on.
Taking critical infrastructure offline would be catastrophic if it was done by a hostile nation state.
We have already seen the chaos caused here at home when our second biggest telco went down for 10 hours, by accident. A software update plunging over 10 million Australians into a communications blackout, even blocking emergency calls.
The hack on port operator DP World saw four major ports close, and 30,000 containers stack up. A vulnerability identified months early has been flagged as the likely way hackers breached the system, with a patch easily available.
Cyber warfare is already well-established, both on the modern-day battlefield and in conflict-free zones.
Ukraine has just suffered its biggest cyber attack of the war, knocking out communications and preventing millions from receiving alerts of potential Russian air assaults.
Relief groups providing aid to Israel and Gaza were crippled early in the conflict by online hack-tivists, slowing its ability to deliver aid and take donations.
In the past year alone, US officials have accused China's cyber army of attacking critical US infrastructure, including a utility company, a port and a pipeline. A nuisance in isolation but a powerful tool for destabilisation if coordinated.
Taiwan is also calling for international support as fears of a worst-case-scenario cyber attack grow, one that would send its currency and markets into a nosedive. An attack that would be viewed as a prelude to conflict.
Australia is not in the heat of battle. Not yet. But we can't be reactive. If we can be brought to a standstill by software updates or easily patched vulnerabilities, we would be brought to our knees in the event of a major cyber attack.
The government needs to take a war-time stance, now. Assume we're already under attack by a faceless, stateless enemy. Which is likely true. We know threat actors already have the capability.
The Australian Cyber Security Strategy 2023 to 2030 says it will strengthen the obligations and compliance for critical infrastructure and pressure test it to identify vulnerabilities, and support industry in the event of an attack. But this approach falls far short of the urgency communicated to the UK parliament.
In fact, cyber resilience needs to be given the same level of attention as we have for the other aspects of our military defence. We don't want to have to use it, and if it's robust enough, we won't have to.
When Air Marshal Darren Goldie was named as the inaugural National Cyber Security Coordinator in July, it suggested a military perspective was important for the task. But the strategy handed down still pays too much attention to being reactive, rather than proactive.
Without fortifying our systems, a remote attack on our communication systems and critical infrastructure could see society descend into confusion, chaos, and anarchy which was bleakly depicted in the film in a scene which showed New York's Manhattan skyline burning accompanied by gunshots and explosions.
While it might be easy to dismiss Leave the World Behind as science fiction, the reality is, a concerted attack from a hostile nation could destabilise the country without a single boot touching Australian soil. And in 2024 I believe we need to be more prepared. Because while it might feel far-fetched right now, in my experience life imitates art far more than art imitates life.
Sign up for our newsletter to stay up to date.
We care about the protection of your data. Read our Privacy Policy.