Criminals are getting smarter, nation states are becoming more sophisticated and more countries around the world are developing cyber capabilities.
Last week it was revealed hackers spent months stealing sensitive information about Australian warplanes, navy ships and bomb kits.
Such incidents beg the question: is Australia and the rest of the world doing enough to crack down on cyber crime?
Chris Painter has dedicated his life to this question. Until earlier this year, he was the US State Department’s coordinator for cyber issues.
But the cyber coordination office he used to head was in July closed in a controversial move by Donald Trump’s administration.
Mr Painter told the ABC he is worried about the message that sends in during such an unstable period.
Finding the weakest link
While countries like Australia and the US may have advanced cyber defence capabilities, Mr Painter said hackers can exploit ties to other countries.
“You need the kind of international collaboration we’ve been working on. You need to bring countries who often end up being the weakest link because they don’t have the capabilities,” he said.
“If I’m a smart hacker, I’d be stupid if I’m doing it from my own box. I’m going to route it through different countries, make it hard to find me.
“You need to make sure they have the laws in place, they have trained police officers, and they can actually cooperate on these cases.”
Part of strengthening international collaboration is through agreements like the Budapest Convention, the first international treaty aimed at coordinating nations’ cybercrime laws.
The treaty now has 56 signatories in Europe and around the world, with more countries joining over time.
Remember the ILOVEYOU virus? It was eventually traced back to someone in the Philippines.
“But the Philippines didn’t at that time have a law that punished hacking, [but] now they do. It’s not everything, but it’s an important part of it,” Mr Painter said.
Can cyber attacks constitute acts of war?
Absolutely, according to Mr Painter. In 2016, he testified before the US Congress to make this very point.
“Just like in the physical world, we don’t need a whole different rule set for cyberspace than we do in the physical world. If it causes loss of life and destruction, it could be an act of warfare,” he said.
“For instance, NATO decided that Article 5, which is when you have to collectively respond to threats, could be triggered by a cyberspace event, just like a physical event.”
Instead of binding laws, we currently have governing principles, norms and agreements that keep the global cyberspace secure from various threat actors.
“We [the US] reached an agreement with China — don’t steal intellectual property to benefit your commercial sector. Australia recently reached that agreement too,” Mr Painter said.
But the problem is that norms change, and we still need enforceable consequences for cyber criminals.
“If there are no consequences for people who breach these norms, if there are no consequences for bad actors, you’re creating a norm in itself of bad action is OK.
“And so we do need to have consequences. We do need to have deterrents in cyberspace.”
Is anything safe from cyber attack?
After 27 years working on cyber crime, Mr Painter said he has seen the stakes change and sophistication improve.
“It really is a cat-and-mouse game where we have to up our defences and we have to have consequences for those who breach those defences,” he said.
But what about when a cyber attack is committed not by a single rogue agent, but a nation’s government?
“Against nation states you have the full tools that states have. You have sanctions, you have diplomatic pressure, you have economic and other issues and law enforcement issues.
But overall, according to Mr Painter, cyber threats have only increased, and we have entered a “very unstable period”.
“There’s lots of threats from a variety of different actors — commercial hacking to nation states like Russia trying to affect democratic systems,” he said.
“We’re better at defending, we’re better at responding, we’re better at collaborating internationally, but there’s a hell of a long way to go, too.”