Text size: A A A

What ASD cyber operatives really do to protect Australian interests

This address by Mike Burgess, director-general of the Australian Signals Directorate, was delivered on March 27 in Sydney, at the Lowy Institute.

In the address, Burgess discusses the nature of both the covert online operators who target Australia’s cyber security and the type of people the ASD recruits to combat these operators. He describes the ideal ASD recruit as imaginative, curious-mined and persistent in finding a way to meet objectives.


Offensive cyber and the people who do it

Late last year, I gave a public speech to bring the Australian Signals Directorate out from the shadows.

At the time I committed to being more transparent about our role.

For an organisation like ASD this was a major step. It would have been easy to shy away from a public discussion about what we do.

But it wouldn’t have been the right thing to do.

I cannot stress enough how important I believe it is that the public understands how ASD defends Australia from global threats, why our work is necessary, and most importantly, that we act legally and ethically.

Transparency has other benefits.

For the first time, we can start talking in more detail about what our staff do, what kind of skills they have, and why you might want to come and work with us.

Why is that important?

Transparency informs, helping dispel myths and most importantly helps with our value proposition to prospective employees.

In the spirit of transparency, let me be open up front.

While today’s talk might be attractive because of the topic I have chosen to talk about, my prime objective is selling ASD as a rewarding place to work.

So, sorry Michael, this may be the first time Lowy has been used for a live job advertisement.

A job where you will belong to a great team defending Australia from global threats.

Where you will be operating in that slim area between the difficult and the impossible, and where you can have a rewarding career that makes a difference.

Offensive cyber – the myths

So let me start with a myth. One of the most common misapprehensions around ASD’s work relates to our offensive cyber mission.

That’s probably not surprising, given the clichés in the movies.

There’s always a geek – invariably a guy – wearing black and working in low-lighting, instantly hacking into systems at will.

Usually, they are cavalier – with no regard for the law – punching the ‘enter’ key to blow up buildings or do impossible things with electrical surges.

The real hackers in ASD couldn’t be further from this stereotype. But to understand why you need to understand something about the capability.

So, what do we mean when we say offensive cyber?

When we talk about ‘offensive cyber’ at ASD, we’re referring to a broad range of activities designed to disrupt, degrade or deny our adversaries. And to be clear, all our activities are focused offshore.

We do this by using specialised tools and techniques to disrupt their communications or interfere with the way they operate online.

In my experience, when people think of offensive cyber – they focus on the high-end of the spectrum involving computer network attack operations to destroy an adversary’s communication device.

Yes, this is something that ASD does, but in very specific circumstances, and within a strict legal framework.

But it’s just one of the ways we can disrupt our target’s behaviour online.

Many of our operations are carefully designed to achieve the objective in a much more subtle and sophisticated way.

And to be honest, that is far more exciting than smoking computers or devices in cyberspace.

For example, our targets may find their communications don’t work at a critical moment – rather than being destroyed completely.

Or they don’t work in the way they are expecting. Or they might find themselves not able to access their information or accounts precisely when they need to.

These kinds of operations are actually more representative of what offensive cyber looks like – highly targeted and proportionate actions, timed to precision.

Whatever the technique, our objective is to use our offensive cyber capabilities to keep Australia and Australians safe.

It is also important to remember that we are a foreign intelligence agency. Our operations disrupt, degrade and deny offshore adversaries who pose serious threats to Australia’s national interests.

Offensive cyber and our legal framework

The Prime Minister first disclosed the existence of ASD’s offensive cyber capability in 2016.

Since then, further announcements have established how the capability supports the ADF – including military operations in the Middle East where offensive cyber operations have helped disrupt Daesh’s ability to communicate, launch attacks and spread propaganda.

The government has also revealed the role the capability plays in disrupting foreign cybercriminals that target Australians.

Regardless of the context, all our operations are conducted in accordance with international and Australian law.

Every mission must be targeted and proportionate, and is subject to rigorous oversight. All our actions are deeply considered, and subject to meticulous planning to consider the potential for unintended consequences.

ASD takes its legal and ethical responsibilities incredibly seriously. We pride ourselves on being meticulous in execution. And we operate within the law.

As I said in my ASPI address late last year, I’ve heard of some board rooms in Australia contemplating the prospect of hacking back to defend themselves against potential attacks.

Let me be clear, ASD’s offensive cyber capability is enabled by our Intelligence Services Act and authorised by our Minister.

No corporation or individual should contemplate the prospect of hacking back to defend themselves from hackers, it would be illegal.

An obligation to protecting corporate assets does not extend to breaking the law.

So, what do hackers really look like?

ASD’s offensive cyber operators look – and act – nothing like they do in the movies.

It takes teams of experts to make these operations successful, and ensure that all our actions are considered, legal and ethical.

At every stage of every mission, we ask is it legal, is it right and is it proportionate?

Our operators and planners are imaginative and disciplined, with a strong sense of propriety. They are cool under pressure – and they love working as part of a team.

It’s as far away as you can get from the cliché in the movies.

They come from all sorts of backgrounds – everything from computer science to marketing, international relations, the law, linguistics, biology and mathematics to name a few.

Regardless of the background – all of them go through a comprehensive training program to make sure they have what it takes to be an offensive cyber operator.

“At every stage of every mission, we ask is it legal, is it right and is it proportionate?”

Some of them are expert at generating technical effects to degrade or destroy an adversary’s communication device.

It’s the type of effect that might be crucial to support a military operation.

Working alongside the operators are our software developers.

These programmers are responsible for developing highly surgical software tools to cause the effect. It is precision work, requiring reverse engineering skills and a deep understanding of computer operating systems.

They have to find a way to bypass the target’s security mechanisms, and make sure the tool causes the exact effect that has been approved under our legal framework– and only that effect.

Other operators create the effect by focussing on the person behind the device – the intelligence target themselves.

They draw on a range of intelligence sources to understand their motivations, the online technology they use, and most importantly – how they use it.

And all of our operations rely on stealth and obfuscation – it’s not just as simple as setting up an internet connection and off you go.

So backing up our operators are a group of talented network engineers, systems administrators and security professionals who know how to build and sustain the infrastructure needed to disguise our tracks online.

So let me share some real examples

Naturally, we don’t often talk about the detail of what ASD does. But to help explain why our work matters, and what kind of people we are looking for – I’ve decided to declassify aspects of two of our operations.

ASD has a long history of supporting military operations, with the beginnings of our organisation dating back to World War 2.

In that time, we’ve provided critical support to the nation’s warfighters, including providing intelligence on threats to Australian personnel, and tracking the location of military adversaries to enable the ADF and Coalition partners to conduct highly targeted operations.

That long-standing support has expanded into offensive cyber. Offensive cyber is a critical part of Australia’s military arsenal and ASD supports those on the front line.

For the first time, I can tell you a little of what is involved, including sharing some insights from our operators.

We make a difference.

And in the Middle East, our offensive cyber operators have helped make a difference between success and failure, life and death.

At the height of the fight against Daesh, ASD – working to the direction of the ADF – helped shaped a critical battle.

Just as the Coalition forces were preparing to attack the terrorists’ position, our offensive cyber operators were at their keyboards in Australia – firing highly targeted bits and bytes into cyberspace.

Daesh communications were degraded within seconds. Terrorist commanders couldn’t connect to the internet and were unable to communicate with each other.

The terrorists were in disarray and driven from their position – in part because of the young men and women at their keyboards some 11,000 kilometres or so from the battle.

While the effect was almost instantaneous, it took weeks of planning by specialist ASD and ADF personnel to make sure it all went exactly to plan.

“In this case, a young operative sitting at a computer in Canberra successfully pretended to be a senior terrorist fighting in a faraway war zone.”

When it came to the day of the operation, our operators were in constant contact with deployed military elements to make sure the effects were carefully coordinated and timed to precision.

Our effects were generated in support of and in coordination with ground manoeuvres. This operation marked a milestone for both Australia and our Coalition partners. It was the first time that an offensive cyber operation had been conducted so closely synchronised with the movements of military personnel in theatre. And it was highly successful. Without reliable communications, the enemy had no means to organise themselves. And the Coalition forces regained the territory.

As part of another operation, we worked with our Coalition partners to damage the terrorist media machine.

We locked the terrorists out of their servers and destroyed propaganda material, undermining Daesh’s ability to spread hate and recruit new members.

Our work makes a difference.

In these operations, cyber operators at computers in Canberra helped fight and defeat terrorists on the other side of the world.

On other occasions, our offensive cyber operations take a different character – literally.

Some activities involve ASD operators assuming false online identities to disrupt terrorist networks.

One case involved a man who had been radicalised and was in a remote location overseas trying to join and fight for a terrorist group.

The risks were significant and the stakes were high. If the terrorists didn’t accept the newcomer, they would likely execute him.

If the terrorists did accept him, he would be further radicalised and trained to kill. It was literally a life and death scenario.

When ASD was alerted to the situation, we stood up a specialist team and developed a sophisticated plan.

The team included linguistic, cultural and behavioural experts, and was led by one of our top operators – a highly-trained young woman.

A science graduate – turned covert online operator.

ASD tracked down and reached out to the man over the internet. Pretending to be a terrorist commander, our lead operator used a series of online conversations to gradually win her target’s trust.

Our operative typed in deliberately broken English and was so convincing, she was able to influence the man’s behaviour.

To ensure he couldn’t be contacted by the real terrorists, she got him to change his modes and methods of communication.

Eventually, she convinced the aspiring terrorist to abandon his plan for jihad and move to another country where our partner agencies could ensure he was no longer a danger to others or himself.

I cannot stress how difficult, complicated and nuanced operations like this are.

In this case, a young operative sitting at a computer in Canberra successfully pretended to be a senior terrorist fighting in a faraway war zone.

Her online persona was the inverse of her real one: different gender, age, culture, religion, language, status and a radically different ideology.

One word or reference out of place and the whole thing could have fallen apart, potentially with grave consequences.

The work that our operators do is extraordinary. But talented operators like this come from fairly ordinary backgrounds.

Like many of us, she grew up in the suburbs of a major Australian city. She enjoys yoga, hiking and playing touch football. And when she was studying science at university, she would never have dreamed that one day she would be posing online as a terrorist, and helping to defend Australia from global threats.

We spotted she had the aptitude to do this work early when she joined ASD. She was imaginative, had great problem-solving skills and was a team player.

And after completing an intensive training program, she joined our team of covert online operators – a job title that remained secret until now.

So, if you were looking for a job, do you pick offence?

In the past it was difficult to recruit the people with the aptitude for this work. If you are living in the shadows, you can’t exactly put ‘covert online operator’ on your LinkedIn profile!

We suspect a lot of people wrongly concluded that our offensive cyber mission was just for techies. Or even worse, that we were looking for those cavalier hackers in the movies.

By being more transparent about what the work really involves we hope that a wider range of people might consider a career in ASD’s offensive cyber mission.

And while a lot of staff have technical backgrounds, offensive cyber is not just for techies.

And it’s not as male-dominated as the movies would have you believe. Our most experienced covert online operators are all women.

All of our staff in this field are imaginative, curious-minded and persistent. When we give them an objective – they always find a way.

Or do you pick defence?

A good offence is only useful if you also play defence and play that well. And in cyber, it is defence that really counts.

On the cyber security side of ASD – there is also a range of fascinating roles, where they focus on a different kind of adversary.

These are the malicious cyber actors who try to compromise Australian systems, steal our information, or take advantage of Australians online.

ASD works hard to make Australia the safest place to connect online. My staff in our Cyber Security Centre are central to that.

Cyber security is a great career for people who love problem-solving.

For people who love diving into the detail to find security flaws that other people might have overlooked.

In this respect, they are amongst the great critical thinkers we have in my organisation.

They have to be – to think about all of the ways that our systems might be vulnerable, and what the best way is for Australians to protect themselves.

When we find that hackers have compromised Australian networks – we call on our incident responders who work out how to get them out – and keep them out.

These kinds of operations rely on specialists who love fast-paced operational work and are great in a crisis.

And the work is really rewarding when the activity you might be defending against has all the hallmarks of a sophisticated cyber actor – a worthy adversary.

That’s when ASD really comes into its own.

In these situations, we draw on the combined expertise of our organisation – and have experts from our offensive and defensive teams work side by side to understand the techniques those malicious actors are using.

And more importantly, how to protect Australians and Australian systems.

Because sometimes it takes a thief to catch a thief.

So, be a real poacher turned gamekeeper and pick both

This is one of the great things about ASD. You don’t have to pick just one team.

Some of our staff have had long careers spanning offence and defence – something you can’t do anywhere else.

These are the real poachers turned gamekeepers, or in some cases, gamekeepers turned poachers.

Having experience in both missions gives our staff a broad perspective – and they are all the more expert because of it.

ASD’s values matter

Today, I’ve shared more about the nature of our work than we ever have before – because we want people to understand what a career in cyber at ASD might really involve.

But naturally, there’s only so much I can say about our operations to help people think about career options.

Much of the detail surrounding our operations will continue to be classified out of necessity.

Fortunately, there is another way that people can get an insight into what it might be like to work at ASD – it’s our organisation’s five values:

  • We make a difference
  • We strive for excellence
  • We belong to a great team
  • We are audacious in concept
  • We are meticulous in execution

These values say a lot about the culture of our organisation – and the people who choose to work at ASD.

And they take on special meaning when you look at them in the context of our cyber operations.

We make a difference

Is all about giving our customers, those we serve, a critical edge.

Whether that is providing offensive cyber support to ADF operations overseas or responding to serious compromises of Australian systems.

We strive for excellence

Is about seeking and fostering talent, being committed, enthusiastic and responsive – and being world class in all we do. The stakes are high in our cyber missions.

And we have a highly talented workforce of cyber specialists who love what they do and do it to the highest professional standards.

We belong to a great team

Is recognition we succeed through teamwork and partnerships. And there is no better exemplar for teamwork at ASD than in our cyber missions.

Whether its offence or defence – it takes a team of talented individuals with a range of skillsets to be truly successful.

We are audacious in concept

This is about the work that we do, which by its very nature requires ASD staff to operate in the slim area between what is difficult and what our adversaries consider to be impossible – and it’s bloody hard.

Whether that is using offensive cyber tools to disrupt the communications of a terrorist – even when they are trying to evade detection.

Or uncovering new techniques used by our cyber adversaries to bypass security measures in Australian systems.

Last but not least, we are meticulous in execution

This is about precision and always acting legally and ethically. And being accountable to the public through government for everything we do.

This one underpins everything we do in cyber. All our offensive operations are conducted in accordance with the law. They are subject to meticulous planning, to ensure our activities are proportionate and highly targeted.

And the value guides our cyber security teams who are meticulous in the way they search for vulnerabilities to keep Australian systems safe.

So which team is for you?

By being more transparent, we hope to give people a better sense of what ASD does.

The Australian Signals Directorate is a great organisation to be part of. Our staff love what they do and the work matters.

ASD places an enormous emphasis on diversity – we desire and require it – a diversity of people with a diversity of skills.

The operations I’ve outlined today require linguists, software developers, analysts, code-breakers and behavioural experts to name a few.

Some of our people wear sharp suits to work. They sit alongside uniformed personnel from the ADF’s Joint Cyber Unit.

And quite a few wear the hoodies and jeans that you might expect to see in a tech start-up rather than the public service.

If you would like a licence to hack legally, can keep a secret and want to make a difference, then ASD might have a job for you.

There’s something for anyone who is curious-minded and up for a challenge.

Over the next few years, we will be recruiting many hundreds of people to be part of our cyber workforce.

It’s really just a matter of working out which team is for you – offence, defence or both.

Thank you,

I look forward to answering your questions.

 

Author Bio