ASD moves into the light with landmark speech
30 Oct 2018|

So, 71 years after its creation, the Australian Signals Directorate has stepped out of the shadows. Last night ASD Director-General Mike Burgess gave probably the most broad-ranging public outline of the work of a modern, high-end cyber organisation that we have seen internationally.

Burgess has joined the head of the UK’s Government Communications Headquarters, or GCHQ, in having a public presence and role.

There are two extraordinary things about this in the Australian environment: the first is that the head of the normally very secretive signals directorate has spoken publicly outside a parliamentary committee at all. The second is what he said.

Beginning to give ASD a voice in public debates is a big thing. But it’s important if Australia is to effectively manage the wide range of cybersecurity, technology and intelligence issues ASD is involved in.

ASD now has a very broad mandate.

It’s still about supporting the Australian Defence Force on operations, obtaining intelligence by collecting foreign communications and signals, being part of counterterrorism operations to prevent and disrupt terrorist attacks against Australians and Australian interests, securing government networks and information, and conducting offensive cyber operations.

In its new incarnation as an independent statutory agency within the defence portfolio, though, ASD’s mandate has broadened further—it now also covers countering cyber espionage and serious cyber-enabled crime offshore—and it has a clear role in providing cybersecurity assistance and advice to Australian businesses and citizens. This makes it relevant to many more Australians than ever before.

This broad mandate may explain why Burgess has gone public about ASD’s work. He knows that if ASD is to be a trusted, credible adviser to Australia’s business sector and to the public, then he has to demystify the organisation and engage in the public discussion.

Letting other stakeholders—whether they’re firms with cybersecurity products to sell or critics of government intelligence agencies—determine the direction of discussion in the absence of ASD’s perspectives doesn’t advance informed public debate. The encryption legislation is one current example.

Back to the speech itself. Like many big speeches, this one will take time to digest and analyse, and we’ll no doubt see a few informed commentators bringing out different elements covered by Burgess over the next few weeks.

A few specific things got my attention listening to him last night.

He didn’t leave the audience wondering what he thought about claims that ASD was interested in wholesale collection of Australians’ electronic communications, for example, saying, ‘We have no interest in the communications of everyday Australians’; instead, ASD is focused on foreign signals intelligence and cybersecurity.

Unsurprisingly but refreshingly, he also recommitted ASD to being ‘meticulous in execution’, including ‘always acting legally and ethically’, and understanding that to have continued public and government support, ASD needs to be ‘accountable to the public through government for everything we do’.

He politely but bluntly warned company boards in Australia that might be ‘contemplating the prospect of hacking back to defend themselves against potential attacks’ that this ‘would be an illegal act here in Australia’, saying, ‘An obligation to protect corporate assets does not extend to breaking the law.’

We also got a pretty good insight into the future directions of this highly secretive organisation deep within the Australian government’s intelligence apparatus.

In what might be the part of his speech most worth thinking over carefully and deeply, Burgess talked about the full potential of technology, connectivity and software being realised. As director-general, he thinks it is time to ‘turn our mind equally to integrity and availability’ of data and information.

This means moving beyond the last decade’s focus on preventing data theft and security of government networks.

ASD is now becoming the government’s trusted adviser as it navigates through the huge technological changes bringing us the connected ‘internet of things’, and as we see the emergence of China as a source of innovation in communications and critical infrastructure systems and technologies.

The best example here was his openness about the recent government decision to exclude ‘high-risk vendors’ from Australia’s 5G networks—notably China’s two tech telco giants ZTE and Huawei.

He laid out ASD’s advice on 5G in crystal-clear language: ‘Our starting point was that, if 5G technology delivers on its promise, the next generation of telecommunications networks will be at the top of every country’s list of critical national infrastructure.’ (And presumably every nation’s intelligence agencies’ target lists as a result.)

‘5G is not just fast data, it is also high density connection of devices—human to human, human to machine and machine to machine—and finally it is much lower signal latency or speed of response.

‘5G technology will underpin the communications that Australians rely on every day, from our health systems and the potential applications of remote surgery, to self-driving cars and through to the operation of our power and water supply.

‘The stakes could not be higher. This is about more than protecting the confidentiality of our information—it is also about the integrity and availability of the data and systems on which we depend.’

So, we have a new voice in Australian national security policy and cybersecurity. Let’s look for more from ASD’s new head now that he has stepped out of the shadows. Australian businesses and Australian citizens now know who to call. And Australia’s cyber adversaries—whether criminals, terrorists or state actors—know they have ASD’s full attention.