Share this article on:
Cyber security experts have warned that Chinese hackers are learning how to better attack Australian organisations and infrastructure through training provided by Australian universities.
The concerns have arisen as universities increasingly partner with Chinese organisations, meaning more and more Chinese students are being taught sophisticated cyber security tactics used by the Australian security workforce.
Southern Cross University teaches Chinese students at Guangxi University of Science and Technology, with a number of cyber security courses covering application security, host security and data security.
Similarly, Monash University offers a joint master’s degree in IT with Suzhou University in China. It also teaches cyber security and machine learning to Chinese students from Southeast University China.
The parliamentary joint committee on intelligence and security has recommended that universities express caution when entering into educational partnerships, following its inquiry into the “national security risks affecting the Australian higher education and research sector”.
Both Cyber Security Minister Clare O’Neil and shadow minister for cyber security James Paterson are members of the committee and have expressed their support for the recommendation.
“We should not be teaching students from foreign authoritarian regimes how to engage in cyber attacks, including against civilian infrastructure,’’ said Paterson
“The cyber security challenges we face as a nation are hard enough already without training our potential adversaries how to do us harm.’’
In an interview with Sky News, Paterson described the techniques being taught to Chinese students as “offensive cyber hacking techniques and tactics”.
“It’s pretty alarming given the national security and cyber environment that we’re operating in,” he said.
Cyber experts have taken a similar stance. Chief operating officer of facial recognition company Vix Vizion, Dimitrios Christis, questioned why Australia was “contributing” to the constant cyber attacks on Australia from foreign nations.
“Why would we be training people who could potentially use what we’ve taught against us?’,” Christis said.
Val Wats, a cyber security and automation expert that has worked with the ATO and services Australia, has called for better regulation of who has access to what information.
“There needs to be regulation of what information is given to foreigners that can be used against us,” he said.
“If you give them the knowledge and understanding to bring down systems, you literally sabotage yourself, and that is what is happening.’’
One IT lecturer, who asked The Australian for his identity to remain anonymous, has said that the concern of Chinese hackers gaining the ability to more easily breach Australian critical infrastructure and financial institutions is very real. He and his colleagues have begun self-censoring teachings that are being shared with Chinese universities.
“Many of my cyber security colleagues have not always been entirely comfortable teaching some aspects of offensive cyber techniques into an overtly adversarial nation’s universities,’’ the lecturer said in an interview with The Australian.
“I have self-modified content and techniques that I would teach into nations that are overtly adversarial to Australia.
“As taxpayer-funded institutions, I think there is the need to debate if teaching some techniques into adversarial nations, upskilling an adversary and potentially training entire waves of their cyber security force, is appropriate.’’
Despite the concern, several major Australian universities have backed their decision to teach students in partnership with Chinese universities.
“We don’t discriminate on the grounds of race or nationality in the provision of coursework,’’ said a spokesperson for the University of Sydney, which is partnered with eight mainland Chinese universities.
“We educate students enrolled in our IT, computer science and cyber security courses on the latest social and political issues as well as the technical capabilities needed to tackle cyber security matters and recognise that security risks are real and increasingly sophisticated.”
“We support and encourage our researchers to collaborate with international partners in line with all applicable Australian and international laws and government guidelines, and with the university’s objectives, values and policies.’’
University of NSW (UNSW) said it had teaching partnerships with a variety of universities, including China, and worked with the Department of Foreign Affairs to ensure that the partnerships do not jeopardise the country’s national security.
“UNSW regularly works with DFAT (the Department of Foreign Affairs and Trade) and Home Affairs to ensure these partnerships remain in the national interest,’’ said a UNSW spokeswoman.
“The teaching of cyber security to international students, both onshore and offshore, and domestic students is identical.’’
Shadow minister for cyber security Paterson has said that the risk of teaching students onshore exists and “needs to be carefully considered”, but that “mass online education offshore is of much greater concern because of its potential scale and the inability of Australian universities and authorities to exercise any meaningful supervision or oversight of students overseas.
“This risk is particularly acute with partner institutions who lack institutional autonomy and are closely linked to authoritarian states,” he said.