As Australia grapples with increasing geo-political uncertainty and rising transnational crime, the Australian Signals Directorate is “probably one of the busiest arms of government”, says Director-General Abigail Bradshaw. Sifting through a never-ceasing storm of foreign electronic communications to gather intelligence, ASD computer experts monitor electronic communications important to Australia and its allies and track down and disable cyber-criminals.
“Part of our job is to gather foreign signals intelligence which helps to provide greater certainty about the intent and capabilities of foreign actors,” Bradshaw says.
As well as collecting electronic intelligence, ASD mounts offensive operations, often working in partnership with allies’ security agencies. “Some of our more significant recent operational successes relate to the maturation of our offensive cyber capabilities,” Bradshaw says, adding those offensives are deployed against active cyber-criminals.
“We have computer network operators who are capable of hacking into computers, … and then utilising those accesses in order to have disruptive impacts,” Bradshaw says.
Working with Australia’s Five-Eyes allies (the UK, Canada, New Zealand and the US), the ASD has disrupted the ability of ISIS to spread its message online, and more recently, disabled Russian cyber-criminal operations.
The combined Australian-led cyber-criminal offensive collected signals intelligence from the Russian network and then disrupted its servers to cut into its command-and-control capabilities. The network was using sophisticated mainframe platform Z servers in Europe to store data stolen from Australia and elsewhere in the world, Bradshaw says.
The cyber-criminal network marketed its services on the dark web, offering servers to host stolen data, along with tools to assist other cyber-criminals to steal data and compromise private networks. Some of these tools were AI-enabled, some were simply malicious software – common ransom-ware or tools that enable credential theft.
“That combined Five Eyes effort resulted in one of our most complex and longest offensive cyber operations, led from Australia in the first half of this year,” Bradshaw adds.
As well as cooperating on various offensive operations, Australia shares signals intelligence with Five Eyes allies, and the allies divide the “burden of effort” between them, she says. “We do share intelligence to make sure that we’re not doubling up on efforts, both in terms of targets and technologies.”
Now employing thousands of specialists, from software engineers to cryptologists and mathematicians, the ASD is developing increasing expertise in quantum computing, artificial intelligence (with a specific AI hub), and a “top-secret” cloud to support Australia’s intelligence community. This cloud is intended to enable Australia’s intelligence agencies to rapidly share sensitive information, in order to foster collaboration at speed and at scale.
The reason to have a foreign signals intelligence capability is to inform government policy, to inform the development of defence capabilities and to inform the prioritisation, for example, of domestic resilience activities,” Bradshaw says.
In response to a deteriorating regional situation characterised by rapid military expansion, an increase in coercive behaviour and increasing numbers of cyber-attacks, the ASD is growing in size, strength and reach.
Announced in March 2022, Project REDSPICE, with a budget just shy of $10 billion over ten years, has expanded ASD’s remit and facilitated a “huge uplift in ASD capability that includes almost doubling the size of the workforce”, Bradshaw says, adding that about 40 per cent of the ASD workforce strength is now stationed outside Canberra – around the country and alongside Five Eyes counterparts.
The ASD closely monitors electronic activity in those nations where the Australian Defence Force is deployed; nations that have included Iraq, Afghanistan and East Timor. “Our primary role of signals intelligence is to provide overwatch and support to deployed Defence personnel, ADF as well as allies,” Bradshaw says, “and of course, to inform the war-fighter in terms of the development of plans.”
Australia’s first super-computer was acquired by ASD back in 1986. Used to break codes, the Cray weighed five tonnes. Now, nearly 40 years later, Bradshaw declines to list current ASD computing strength, saying “our mantra is ‘we talk about what we do, not how we do it’.”
Appointed ASD director-general in 2024, Bradshaw had been the head of ASD’s Australian Cyber Security Centre since 2020, taking the top ASD job at a time of increasingly complex geostrategic challenges and the rise of cyber criminals and malicious cyber actors.
The ASD works to ensure the networks that support Australia’s democratic federal and state elections are as “resilient as they can be”, Bradshaw says, adding the ASD does not monitor disinformation content, but ensures the security of the networks used in the ballots.
“We can provide a sense of assurance as to the integrity of that democratic process, but only insofar as it relates to a potential technical compromise of the networks,” she adds.
Assisting the private sector with cyber expertise and network protection is an important ASD responsibility “We use the insights that we’ve gleaned from foreign intelligence in order to understand the intent and capability of malicious cyber actors, and that’s why we’re great at giving cyber security advice and assistance, because we’re good at hacking into other people’s computers,” Bradshaw says. “We’re really good at protecting Australian networks.”
The ASD focus is on those organisations with critical functions – including energy providers, the financial sector, aviation and the ports. “We do detect the targeting of Australian critical infrastructure by malicious cyber actors,” Bradshaw says, adding that even more importantly, the ASD works hard to find the existing cyber vulnerabilities in Australian organisations before the bad actors can take advantage of them.
Doubling in the first three years of REDSPICE, the ASD’s “persistent hunt activities” entail sending teams to work with the private owners of critical infrastructure to detect malicious cyber actors, she adds. ASD has developed partnerships with more than 130,000 Australian organisations, so ASD advisories and alerts can be sent to those best able to take action.
Australian organisations have dealt with massive data breaches in recent times, but Bradshaw sees a greater threat. “Whilst we are very concerned about data exfiltration, we’re trying to encourage businesses actually to be more concerned about perhaps less probable, but certainly more impactful, and that is the possibility of disruptive cyber-attacks.”