“The fact that China has penetrated those telecommunication networks so broadly for such an extended period of time” means Beijing could identify who is under espionage investigation and understand intelligence-gathering methodologies, he said.
Most concerning is the shift from espionage to disruptive attacks. CyberCX says that over the past 18 months, nation-state actors, notably Iran, Russia and China, have continued to normalise sabotage and pre-positioning against Australian critical infrastructure and civilian organisations.
Admiral Mike Rogers was simultaneously director of the National Security Agency and the US Cyber Command.Credit: Bloomberg
Rogers said adversaries are deploying artificial intelligence “much more aggressively, much faster than the defenders are”, giving attackers unprecedented speed and scale advantages.
Criminal actors are increasingly “going for disruption, degradation, not just denial” because “if I can inflict some measure of damage or degradation, there’s a higher probability that the target network owner pay a ransom”.
Monday’s AWS disruption drew comparisons to the 2024 CrowdStrike outage, which was estimated to have caused upwards of $US5 billion in damages and grounded thousands of flights. Both incidents exposed how seemingly minor technical issues can cascade into global chaos when critical infrastructure depends on centralised systems.
“The real risk is the potential for highly disruptive attacks executed by groups with the knowledge and resources to replicate these outages at scale,” Rogers said.
Rogers said Australian telecommunications infrastructure remain particularly vulnerable, pointing to recent emergency service outages. “We’ve created a system that is so complex we don’t fully understand it,” he said. “We’ve created a system in which we don’t truly realise the interdependencies that we’ve created.”
Rogers worked on the Australian government’s 2023 cybersecurity strategy.Credit: Bloomberg
AWS is the dominant player in cloud computing globally, accounting for about a third of the market and double that of Google and Microsoft.
Rogers stressed that the greatest long-term challenge isn’t any single technological solution but creating integrated partnerships between government and private sector. He pointed to Ukraine’s cyber resilience model, in which network owners, government agencies and Western cybersecurity firms collaborate in real time.
Loading
“We’re still not where we need to be in terms of the government and private sector working together in an integrated way 24/7,” Rogers said. “Although cooperation is great after the event, that always puts you behind the power curve.”
Rogers dismissed suggestions that cyber deterrence could work like nuclear deterrence, arguing Western democracies haven’t demonstrated sufficient “political will or intent” to use offensive cyber capabilities. This has led authoritarian nations to conclude “there’s a relatively low price to pay” for aggressive cyber operations, he said.
When asked what keeps him awake at night, Rogers pointed to two factors: adversaries “going destructive, really aggressively” and their superior use of AI compared to defenders.
“If this is peacetime, I hate to see what wartime looks like,” he said.
