Australian civilians are "unwitting, unwilling" combatants in cyberspace, according to the Australian Defence Force's head of information warfare.

Key points: Private citizens are needed to protect companies targeted by foreign governments.

Private citizens are needed to protect companies targeted by foreign governments. Defence boss raises the risk of posting too much personal data online.

Defence boss raises the risk of posting too much personal data online. Voters should expect information to be weaponised, and make the effort to find the truth.

Speaking about military cybersecurity in Canberra today, Major General Marcus Thompson said the threat to average citizens was another challenge that made him "just shake [his] head and wonder".

The comments came as Prime Minister Scott Morrison revealed Australian political parties had been targeted in a cyber attack.

"How do we in this community, educate the Australian population, Australian citizens, that in fact they are combatants in cyberspace?" Major General Thompson asked the audience at a University of New South Wales event.

"Unwitting, unwilling, but they are combatants."

Private citizens are not only the target of politically motivated disinformation on social media, as occurred during the 2016 US presidential election, but also vital to the security of Australia's critical infrastructure.

The cybersecurity threat could come to resemble the Dunkirk evacuation of World War II, suggested Bryan Cunningham, executive director of the Cybersecurity Policy and Research Institute at the University of California, Irvine.

In 1940, hundreds of fishing boats and yachts, piloted by British civilians, rushed to carry stranded Allied forces off the beach, away from German forces and back to England.

These days, key military targets of foreign governments include telecommunication and energy companies that are entirely owned and operated by the private sector. And it will take private participation protect them.

"If there's a significant cyber conflict, a 'Cyber World War' if you will — we're going to be in that same situation [as Dunkirk]," Mr Cunningham told the ABC.

At least in the beginning stages of an online conflict, he suggested, it will be civilians and civilian infrastructure under attack and by necessity it will be civilians that defend it.

With companies like Sony being hacked by North Korea, and a lack of clarity about the willingness and legal ability of governments to step in, the line between private and public becomes blurred.

"There's an argument now that the whole world is a war zone in cyberspace," Mr Cunningham said.

"So without question, major companies now are being targeted as combatants by our adversaries."

Civilians in an age of information warfare

Chris Dufour of cybersecurity firm BlackHorse Solutions suggested the data that everybody, military and civilian alike, gives up about themselves online should also be considered part of the national security picture.

From supermarket loyalty schemes to being a hotel chain member, "it gives somebody else an indicator of our behaviour, whether it's our purchasing habits, our political views," he told the ABC.

"That data is for sale, somewhere."

This is an issue for more than your average Facebook user.

In the Australian Defence Force, Major General Thompson also described cybersecurity self defence as everyone's responsibility: "What are you posting online? What information are you freely giving away?"

As revealed last year, even uploading your running times to a popular fitness tracker can expose a military installation in the Middle East.

As he put it: "Do you really need to upload all that to Strava and show everyone where the outline of your forward operating base is?"

The more data about an individual or a population available online to aggregate, the more complete picture it offers of who they are, and the more precisely a message can be targeted by an adversary to convince or distract.

"The nice version is that an advertiser can do that," Mr Dufour said.

"The not so nice version is, so can Russia, China, any other organisation that has a nefarious intent towards your country."

He suggested the buying and selling of online data would become increasingly regulated, as countries wake up to the threat.

But ultimately, in Mr Cunningham's view, what Russia did during the election of President Donald Trump was akin to the typical bread and butter of political campaigns.

In many ways, it was no different to typical opposition research and the dumping of information aimed at embarrassing political candidates.

"The difference now is that the internet can be weaponised, and so you can be much more successful and dangerous," he said.

In an environment where information is so easily manipulated, where they are considered "combatants", voters should go to extra effort to find the truth.

"We have become so polarised that most people only listen to, watch and read, sources of information they already agree with," Mr Cunningham said.

"Until that changes, in some ways I think we deserve what we get."

Mr Dufour, for his part, told the event he believes influence and information is part of warfare.

"We're not waiting for bombs to drop … we need to decide that this is the warfare of the future," he said.