“The last year has again demonstrated the growing public appetite to understand and defend against the evolving cyber threats facing Australia. High profile incidents of cybercrime have exemplified the speed with which cyber threats can propagate globally, how rapidly adversaries can adapt to security responses, and how easily a compromise can impact an organisation’s core functions or services.

There are thousands of adversaries around the world willing to steal information, illegally make profits, and undermine their targets. Malicious software in the form of ransomware – such as the WanaCry incident – is deliberately crafted to exploit known vulnerabilities and take advantage of gaps in cyber defences. Australia was not significantly impacted by WanaCry, but as tradecraft and threats adapt and evolve, adversaries will act faster to exploit new vulnerabilities and develop more innovative approaches.

The ACSC has observed two distinct trends when it comes to the level of sophistication employed by adversaries and cybercriminals. At one end of the spectrum, increasingly sophisticated exploits are being developed and deployed against well-protected networks, particularly government networks. This reflects investment in new tools and techniques to keep pace with our efforts to protect networks. On the other end, the ACSC continues to observe many adversaries, particularly criminals, compromising networks using publicly known vulnerabilities that have known mitigations. Too many of the incidents the ACSC responds to could have been prevented had organisations employed established and relatively straightforward cyber security measures. WanaCry, for example, used a publicly known vulnerability that had been patched months before and that the ACSC had publicly reported.

Also worthy of highlighting has been the global campaign by advanced adversaries to compromise some private sector providers of ICT services, including ICT security. Some managed services providers and ICT providers around the world, including in Australia, have been compromised by these adversaries. And of concern, we know that through this compromise, adversaries have accessed the networks of some of these companies’ clients. The ACSC has been working with affected services providers, but when even ICT security providers are being compromised and exploited, it is a clear wake-up call for everyone to be conscious of contemporary cyber security risks and best practice mitigations.

Defending a network from compromise is far less costly than dealing with the costs of compromise. The old adage of “good security is built in, not tacked on” still rings true today. Cyber security must be a consideration at the start of a project, not an afterthought when critical vulnerabilities are discovered. The Australian Signals Directorate’s (ASD) Essential Eight provides a prioritised list of practical actions that organisations can take to make their computers and networks more secure. These are the answer to the cyber threat and are now considered to be the baseline for Australian organisations. Additionally, CERT Australia’s Stay Smart Online program provides simple, easy to use advice on how to protect yourself online as well as up-to-date information on the latest online threats and how to respond.

Looking forward, the ACSC will maintain a focus on providing world-leading advice to protect Australia’s most sensitive information from highly skilled adversaries and criminals. We will also work with the Australian private sector to ensure that a strong security baseline is in place to stop opportunistic adversaries getting ‘easy wins’. While government plays a role, the responsibility remains with all of us – individuals, the private sector and government – to increase the effectiveness of our prevention, detection and response capabilities.

Next year will see the ACSC adapt our operational response, stakeholder engagement and technical capabilities. As the Prime Minister announced in July, the Independent Review of the Intelligence Community recommended a suite of reforms to the ACSC designed to further boost Australia’s cyber security. Among them, the ACSC will grow its 24/7 capability to respond to serious cyber incidents and take a whole-of-economy focus. The ACSC’s leadership is working with partners across government and the private sector to develop the model for how this will work. The ACSC will also move to a purpose-built facility, which will allow it to operate at lower-classifications and much more closely with the private sector and academia.

For the first time, this year’s Threat Report also includes insights into how the ACSC works and highlights some of the ways in which we have both proactively and reactively responded to cyber threats. Due to the sensitivity of some of the information used by the ACSC, and because of our focus on protecting relationships with victims, much of what we do is not visible and very little of the efforts of the staff of the ACSC agencies, or the significant success stories, can be promoted publicly. Similarly, much of the preventative efforts and tailored advice is not recognised. By highlighting our efforts, we hope to build public awareness of the role the ACSC plays within the cyber security environment, and draw attention to the tools and information available to government agencies, businesses and the public alike.

Clive Lines

Coordinator, Australian Cyber Security Centre”




Australian Cyber Security Centre, ACSC Threat Report 2017,