The Real Risk
Australia faces coordinated cyber attacks from nation-states working with criminal networks, according to RMIT's Centre for Cyber Security Research and Innovation. Russia, China, North Korea and Iran are sharing intelligence with cyber gangs to target critical infrastructure including power grids, water treatment, banking systems and transport networks.
Professor Matthew Warren warns the collaboration represents "a real worry" because these countries have different agendas but share attack methods. Russia focuses on social media manipulation and democratic interference. China conducts corporate and government espionage for competitive advantage. Both work with criminal groups that possess sophisticated capabilities.
What's Already Happening
Recent attacks constitute sabotage and espionage rather than outright war, but they expose systemic vulnerabilities. Hostile actors are exploiting both physical and digital weaknesses in Critical National Infrastructure throughout 2025 and into 2026, according to threat assessments.
The Australian Government announced accelerated counter-drone technology development on January 29, establishing an industry panel to advise Defence on counter small uncrewed aerial systems. The Defence Amendment (Counter-UXS Measures) Regulations 2025 enables Defence to detect and disable drones threatening ADF establishments.
The Coordination Problem
Australia lacks a unified, public-facing national security strategy comparable to Japan, Britain or the United States. This absence of coordination across defence, diplomacy, intelligence, cybersecurity and critical infrastructure protection represents a significant vulnerability.
Experts recommend greater strategic autonomy and private sector engagement in national security objectives. The government has been slow to involve industry in protection efforts, according to recent economic security assessments.
Enterprise Implications
For tech leaders, the environment requires immediate attention to critical infrastructure protection, supply chain resilience and regulatory compliance. Parliament's urgent review of extremism legislation suggests accelerated changes affecting online platforms and content moderation frameworks.
Warren notes extended power loss would cascade into ATM failures, internet outages, medical equipment shutdown, and disruption of public transport, water treatment and food distribution. The question isn't whether Australia is vulnerable, it's whether organizations are prepared for coordinated attacks that could come before traditional warfare begins.