The Australian Signals Directorate has run as many as 50 offensive cyber security actions in the past year.
Director-general Rachel Noble told senate estimates on Wednesday night [pdf] that the agency has a “standing authorisation” to “deny, degrade, disrupt or even destroy infrastructure overseas used by people who are not Australians, when they are undertaking cybercrime activity against Australia.”
Noble initially said the ASD is engaged in “a range” of offensive cyber activities “all the time” before providing a ballpark figure for the last year.
“It would be in the tens – 30 to 50 individual activities, perhaps,” she said.
In response to questions from Liberal Senator James Paterson, Noble confirmed the targets are limited to “cybercriminal syndicates” and did not extend to offensive activity against nation state interests.
Noble said the ASD judged the “success” of its offensive activities on a “spectrum”.
“We actually have a formal process internally, where we’ll do what we call a ‘battle damage assessment’,” she said.
“We will look for whether we have created an effect from our activity, from whether the syndicate is no longer able to perform their criminal operations to the syndicate losing their reputation as a consequence, so others perhaps won’t use their services because they don’t feel they can trust them anymore.”
Noble added, however, that the dynamic nature of the space meant that the targets of offensive activity were often able to regroup and renew their malicious activity.
“Unfortunately, it’s like painting the Sydney Harbour Bridge,” she said.
“In terms of the threat out there and the proliferation of criminal activity, we can have big impacts on syndicates.
“Unfortunately, it usually is a matter of time before they’ve regrouped somehow.”
The ASD has previously downplayed its use of offensive cyber activities, although it was reported at one point in 2021 – when ransomware attacks on Australian organisations were rising – that the capabilities were being used on a nightly basis.
REDSPICE funding
Noble also provided insight into the way that the ASD allocated some $680 million in the past year to projects under its $10 billion, 10-year resilience, effects, defence, space, intelligence, cyber and enablers package (REDSPICE) program.
She said that activities included “the fitting out of new facilities in Brisbane, Melbourne and Perth” and on “enhancing some of our national cyber defence activities.”
“I will just give you a few examples,” she said.
“We completed a range of critical infrastructure uplift, conducted hunt activities on government, released a cyber toolbox, expanded our cyber hygiene improvement program.
“We delivered on some of our new intelligence capabilities and stood up new teams doing targets we have never done before.
“We also invested in some of our foundational technologies, for example, a low-side cloud capability, an artificial intelligence and machine learning hub in Melbourne.”