The Department of Defence caused a minor stir earlier this year when it suggested defence personnel could be stationed in the country's northwest, instead of being pointed at New Zealand, as it looked to defend a resources industry from the large-Asian-power-which-must-not-be-named.
Defence Minister Stephen Smith told reporters the review would look squarely at energy security in a very literal sense.
"As we know, in the northwest and the north of Australia, off the coast of Western Australia and the coast of the Northern Territory, we are now seeing a significant petroleum energy resources belt," he said.
But along with several governments worldwide, the Australian government isn't only looking to reposition its pieces on the board but is also looking to tighten up its cyber security.
The Department of Defence (with input from various sub departments) told EnergyNewsPremium that it regularly holds meetings with resources companies on the threat of cyber attack.
"The Australian government provides the private sector and the owners and operators of Australia's systems of national interest, including critical infrastructure and some resources sector companies, with information and assistance to help them protect their information and communications technology infrastructure from cyber threats and vulnerabilities," it said.
"In April 2011, the Attorney General's business government advisory group on national security held a briefing focused on cyber security issues, especially for large Australian companies doing business internationally. This included representatives from the resource sector.
"The Attorney-General also holds an annual executive function as part of National Cyber Security Awareness Week, designed to brief executives on the cyber security threats facing particular industries."
As part of the renewed focus on cyber-attack, ex-defence minister John Faulkner opened a cyber security operations centre back in January, to be run by the Defence Signals Directorate, an arm of the defence department set up to respond to various cyber attacks against Australian interests.
The ramp up in cyber security from the Australian government echoes the ramp up in attacks against resources companies.
Former outspoken Woodside Petroleum chief executive Don Voelte told a conference in Perth earlier this year that the threat was very real, and not just from China.
"Let's not focus this on the Chinese: I saw the number of attacks against our company over a time period," he said. "It comes from everywhere. It comes from Eastern Europe; it comes from Russia. Just don't pick on the Chinese; it's everywhere."
The company under new chief executive Peter Coleman is less forthright on security issues, playing a dead bat to ENP's enquiries.
Just last week, however, Shell IT manager Ludolf Luehmann told the World Petroleum Congress in Doha that the company had seen attacks against its network increases.
"We see an increasing number of attacks with clear commercial interests, focusing on research and development, to gain the competitive advantage," he said.
He warned against the potential of such attacks, even calling them life threatening should hackers get into systems which control valves, pipelines and other associated equipment.
However, more often than not pinning down any one point of attack can be like trying to nail jelly to a wall, as the use of proxies often means the location of the original threat is merely a smokescreen.
The scary thought is that many of the attacks may not have been recorded or publicly disclosed. Suffice to say, it's becoming very serious stuff if it wasn't already.
According to IBM the problem, while requiring an IT solution,is a very human one.
IBM currently operates a security operations centre in eight countries around the world which see millions of attacks per day and offers what it calls a "holistic approach" to IT security, developed over four years.
According to offering leader David Cannon, the focus in IT security has switched from building the wall of defences to protecting what's inside it.
"The attacks have really shifted away from being directed at the firewall and are now being directed at the application level. So many people's view right now is that the firewall is not providing the level of protection that it used to," he told ENP.
"So what we see is about 80 per cent of the attacks happening at that [application] level. You need to be able to deal with that, and that requires a different approach to security, which begins with policy and policy enablement."
Indicative of the shift in attack over the past few years, Cannon said, was the prevalence of Trojan attacks. You may have walls as mighty as the fabled Troy but its bricks may as well be made of cardboard if an employee carries the threat inside the firewall.
According to Cannon, this is putting an unprecedented strain on IT departments as now they not only have to watch the firewall, but the assets behind them, which is where IBM comes in.
"What's instigated the demand is the exponential shift and increase in various kinds of security threats, and complexity in being able to deal with that and manage that," he said.
"So staying on top in the security game is a difficult thing to do and that's why we've had so much focus on our managed services, particularly over the past two years.
"To have a security expert in your backyard looking at your security comes at a high cost, simple as that. So what you want to do is have your IT people looking after the shop, you don't want them to be the security guard as well."
In other worlds, the threat landscape is constantly evolving and it takes time, effort and money to keep up to date with the latest developments.
However, part of IBM's managed services is helping companies put together internal policy, so employees don't accidentally compromise the data being held behind the firewall.
For example, an employee could want to take home work with them one day. So, they send an email to their hotmail account so they can access it at home. From there, any hackers trawling hotmail could stumble upon the data.
Or the employee could take the data home on a USB stick. Think about the countless USB sticks you've lost down the years, and what sort of information was on those sticks. It's a little bit frightening, isn't it?
But surely in the multibillion dollar, high stakes oil and gas game it couldn't come down to simple human errors like clicking on a dodgy link or losing a CD, could it?
According to Cannon, in 99% of breaches that's exactly the case.
"Arguably the technology has been around for a while in order to protect against a direct attack, but it's the human factor," he said.
"That's why IT will sometimes say that this is not an IT problem."
Even so-called zero-day attacks, which exploit previously unknown weaknesses in computer programs, more often than not succeed because an employee has bought the offending malware inside the company with them by either clicking on a link, or plugging an infected USB device into a network-linked computer.
That's where creating IT policy comes in.
"For example, you can form policy around what users are doing with their internet session. So you can create policy around whether people should or should not be emailing hotmail addresses," Cannon said.
"There are lots of things organisations [can do] that aren't really all that leading edge and can account for about 80% of your data loss protection."
For all the talk about shady operators sitting in smoke-filled rooms behind computer monitors compromising billion dollar networks, it turns out a large part of the threat could be managed using good old-fashioned common sense.
