The CSIRO has warned that more internet security breaches on the scale of the recent Heartbleed vulnerability could lie in wait for Australia, and that the country's digital economy is at risk of losing billions of dollars to hack attacks.
The findings are part of a new CSIRO report, Enabling Australia's Digital Future: Cyber Security Trends. The report found that hackers could use "holes in computer security similar to Heartbleed to shut down energy grids, disrupt public services, and steal vast amounts of private data worth billions of dollars, unless measures are taken now to prepare for such scenarios".
After a vast number of Australian- and internationally-based websites were exposed to Heartbleed, CSIRO's findings come as a timely warning.
"The sheer complexity and interconnectedness of different elements of our digital economy means we can expect rapid exponential growth in the number, speed, and severity of breaches -- far beyond what any single organisation can tackle on its own," said director of CSIRO Futures, James Deverell.
"The more we rely on digital services for our basic needs like healthcare and energy, the more drastic the consequences of any breach may be."
In the report, CSIRO suggested that there are risks for Australians on both a small and large scale: individuals could have their tax file numbers or medical records exposed, while sensitive defence information could be leaked or energy infrastructure could be disabled.
The report even posits that Australia's healthcare system could be defrauded of up to $16 billion by 2023 (equivalent to 10 per cent of current healthcare spending) if Heartbleed-like vulnerabilities were exploited.
According to Professor Jay Guo, research leader for Smart, Secure Infrastructure, CSIRO's Digital Productivity Flagship, the private and public sectors need to work together to protect Australia's digital future.
"As shown recently in the international response to the Heartbleed exploit, collaboration and open disclosure are essential when tackling threats that cross networks, industries, and national borders," said Guo.
"Instead of being caught up in a digital arms race against increasingly intelligent threats, we need to design our cyber-security approaches to focus on people -- anticipating their behaviours and taking advantage of their unique traits."
"No system will ever be perfect, but we can prevent and minimise the impact of even extremely complex threats by approaching cyber security as a community."