The Australian Signals Directorate is seeking to reset perception of its offensive cyber security capability, arguing its actions are subtle, nuanced and considerably less exciting than movie portrayals.
Director-general Mike Burgess used a speech to the Lowy Institute in Sydney to reframe what the offensive capability does, in part to try and attract more people with different skills to join.
The existence of Australia’s offensive capabilities has only been public since 2016, though in that short time it appears the characterisation of that capability has not helped ASD a great deal.
“In my experience, when people think of offensive cyber – they focus on the high-end of the spectrum involving computer network attack operations to destroy an adversary’s communication device,” Burgess said.
“Yes, this is something that ASD does, but in very specific circumstances, and within a strict legal framework.
“But it’s just one of the ways we can disrupt our target’s behaviour online.”
Burgess said that “many” operations undertaken by the offensive capability were subtle, nuanced and sophisticated.
“For example, our targets may find their communications don’t work at a critical moment – rather than being destroyed completely,” he said.
“Or they don’t work in the way they are expecting. Or they might find themselves not able to access their information or accounts precisely when they need to.
“These kinds of operations are actually more representative of what offensive cyber looks like – highly targeted and proportionate actions, timed to precision.”
Burgess also sought to underline that the capability did not act in ways that breached “international and Australian law”, and that staff had “a strong sense of propriety” and were subject to “rigorous oversight”.
Burgess was unapologetic about using the speech as a “live job advertisement” for the offensive capability.
“We suspect a lot of people wrongly concluded that our offensive cyber mission was just for techies. Or even worse, that we were looking for those cavalier hackers in the movies,” he said.
By being more transparent about what the work really involves we hope that a wider range of people might consider a career in ASD’s offensive cyber mission.”
He said operations required “linguists, software developers, analysts, code-breakers and behavioural experts to name a few.”
“If you would like a licence to hack legally, can keep a secret and want to make a difference, then ASD might have a job for you,” he said.
