Go to top of page

Key Activity 2: Cyber security services

Performance Criterion: ASD’s cyber security advice, assistance and operational responses prevent, detect and remediate cyber threats to Australia.

2020-21 Result: Achieved.

ASD’s ACSC leads the Australian Government’s efforts to improve cyber security, supported by ASD’s wider organisation. Over the reporting period, ASD has delivered whole-of-economy cyber security services to Australian governments, business and critical infrastructure, as well as communities and individuals.

ASD responded to more than 1,630 cyber security incidents during 2020–21. Compared to the previous financial year, the total number of reported cyber security incidents in the 2020–21 financial year decreased by 28 per cent. A higher proportion of cyber security incidents this financial year were categorised by the ACSC as ‘substantial’ in impact. This change is due in part to an increase in attacks by cybercriminals on larger organisations and the impact of these attacks on the victims. The attacks included data theft, extortion and/or rendering services offline.

During this financial year, ASD continued to work closely with the Department of Home Affairs, the Australian Federal Police and other partners, including the states and territories, to deliver the effects and capabilities outlined in the Australian Cyber Security Strategy 2020. The Australian Cyber Security Strategy 2020 details the Australian Government’s plans to invest $1.67 billion over ten years to create a more secure online world for all Australians.

A key component of the Australian Cyber Security Strategy 2020 is $1.35 billion for ASD’s Cyber Enhanced Situational Awareness and Response (CESAR) program. CESAR is designed to enhance protection and cyber resilience for all Australians, from providers of critical infrastructure, to small-to-medium enterprises and individuals.

This financial year, CESAR has completed its first year of a 10-year program. Initial CESAR initiatives have focused on enhancing situational awareness of online threats faced by government, industry and the Australian public. This has included increasing cooperation with government and industry partners and implementing a number of pilot initiatives, such as strategic host-based detection and threat blocking. These initiatives are already delivering benefits, successfully detecting and blocking threats across government agencies.

Key Performance Indicator 3

ASD’s Australian Cyber Security Centre provides high quality, impactful cyber security services to government, critical infrastructure and services, businesses, families and individuals.

Government

Over the reporting period, ASD has provided a broad range of cyber security advice and assistance to Government. This has included:

  • working with Commonwealth entities to increase their cyber security posture including conducting 14 cyber uplift activities. This effort assisted government agencies to improve their alignment with the Essential Eight Strategies to Mitigate Cyber Security Incidents, enhance basic cyber hygiene and business practices, and better equip agencies to respond to cyber security incidents.
  • publishing Cyber Hygiene Improvement Programs (CHIPs) reports quarterly to Commonwealth, state and territory government agencies. These reports focus on measurable areas of cyber security, producing objective data to guide cyber security management. Additionally, 34 high priority operational tasking activities were undertaken.
  • engaging and advising extensively with the Digital Transformation Agency to support the planning of the Government Cyber Hubs Pilot, under the Hardening Government IT Project (HGIT). The Hubs model is designed to uplift multiple Commonwealth entities’ cyber resilience and provide a more cost-efficient way to implement a best practice, whole-of-government approach to detecting, preventing and responding to cyber threats across government systems. ASD has provided specialised input into the design and definition of core services.
  • signing up 16 Australian government agencies to the Australian Protected Domain Name Service (AU PDNS), processing more than 5.5 billion queries and blocking over 400,000 malicious domain name requests.
  • iteratively updating the Australian Government Information Security Manual (ISM), and the publication of advisory documents to cyber.gov.au and the Partnership Portal to ensure advice stays relevant for a rapidly changing threat environment.
  • updating the Information Security Registered Assessors Program (IRAP) policy and procedures. ASD has partnered with the Australian Cyber Collaboration Centre and the Canberra Institute of Technology Solutions to deliver IRAP new starter training and examinations. The number of active assessors has grown by more than 20 per cent since the program reopened in January 2021.
  • improving the sharing of cyber security best practice information among federal government entities through the Chief Information Officer (CIO) / Chief Information Security Officer (CISO) and IT Security Advisor (ITSA) forums. During the period ASD hosted three CIO/CISO forums, and four ITSA forums.
  • providing technical cyber security advice and guidance to the Department of Defence to support Australia’s national naval shipbuilding enterprise, including the Future Shipbuilding and Future Submarine Programs.

Case Study 1: Vaccine supply chain

Since mid-2020 ASD has been instrumental in providing technical advice and assistance to key private entities involved in the COVID-19 vaccine supply chain, including industry, as well as federal, state and territory governments. ASD and the Department of Prime Minister and Cabinet briefed executive members of vaccine supply chain entities to ensure a common understanding of the threat environment and to seek cooperation throughout all phases of vaccine distribution, including in the event of a cyber incident. ASD proactively committed to assist research, logistics, and health entities by providing technical advice and assistance to reduce the risk of disruption to vaccine distribution. During February 2021, technical officers from ASD conducted onsite visits to logistics, transport, biomedical, and healthcare services premises to obtain an understanding of vaccine supply chain systems and better tailor specialist advice.

Critical infrastructure and industry partnerships

ASD has provided extensive support to critical infrastructure owners and operators over the reporting period. Critically, ASD has continued to provide high-quality cyber security services and advice to industry partners through the Joint Cyber Security Centres (JCSCs) and the Partnership Program. This has included:

  • expanding the reach and capabilities of the JCSC program by launching a Northern Territory (NT) Outreach Office in conjunction with the NT Government on 25 June 2021. This outreach office will improve ASD’s ability to engage with the NT Government and businesses, and will be crucial in developing strong partnerships and sharing actionable cyber security advice and threat awareness with our NT partners.
  • expanding the Partnership Program to include three tiers of membership: Network, Business, and Home. The new business and home membership tiers are designed to extend ASD’s services to smaller entities who previously might not have engaged with the program. At the end of the reporting period, the ACSC has more than 1,700 network partners, a 230 per cent increase from the previous financial year; 2,000 business partners, a 190 per cent increase from the previous financial year; and tens of thousands of home partners.
  • engaging with critical infrastructure owners and operators through the Partnership Program and the JCSCs, including through information exchanges, sector specific working groups, and cyber security and threat briefings.
  • launching the Critical Infrastructure Uplift Program (CI-UP) pilot on 17 May 2021, to help protect Australia’s most critical systems. This program aims to improve ASD’s understanding of the cyber security maturity of Critical Infrastructure and Systems of National Significance owners and operators. By the end of the period more than 100 entities had registered.
  • conducting incident response cyber security exercises, through the National Exercise Program, with critical infrastructure organisations, and cyber security training workshops for industry and government.
  • initiating the next phase of the development of a Cyber Threat Intelligence Sharing (CTIS) capability, co-designed with more than 50 industry partners, to create a means to bi-directionally share cyber threat intelligence between the ACSC, industry and government stakeholders.

Case Study 2: Industry partnerships

ASD is working to leverage the expertise, capability and visibility of key ACSC Partners through the Industry Integration Program. The program helps create a national threat picture and directly assists cyber security uplift across the Australian economy. Partners are identified based on the mutual strategic and operational needs of ASD and the organisation. Over the period of the program, ASD has brought on board initial partners, with more partners in the process of completing a Memorandum of Understanding, and designing the most appropriate method of integration into the ACSC.

This program facilitates enhanced information and resource sharing. One example is an integree from the Australian Energy Market Operators (AEMO), who has provided unique value and experience by providing immediate industry perspectives and complementing skills to the ACSC. This integree has helped the ACSC implement a fit-for-purpose program to uplift the cyber resilience of Australia’s critical infrastructure.

Businesses, families and individuals

Increasing the amount of assistance and advice provided to businesses, families and individuals is an important focus of the Australian Cyber Security Strategy 2020. Over the period, ASD provided direct support to these groups, including:

  • launching the Act Now, Stay Secure awareness campaign in December 2020. The awareness campaign provides simple, easy-to-use advice to improve cyber security practices and help Australians protect themselves against cybercrime. The awareness campaign directs people to cyber.gov.au, consolidating legacy information sites and incorporating Stay Smart Online.
  • publishing more than 40 step-by-step guides to support older Australians, families and businesses to implement sound cyber security practices, along with guides to assist businesses prevent and response to ransomware attacks.
  • managing ReportCyber, on behalf of federal, state and territory law enforcement agencies. The ReportCyber website allows large organisations and critical infrastructure, government organisations, small and medium businesses and individuals to report cyber security incidents, and provides additional assistance and referral pathways depending on the nature of the incident or cybercrime. ASD tracks and shares trends and patterns in cybercrime as they are reported. During the period, over 67,500 reports were made via ReportCyber and were referred to the appropriate state or territory law enforcement agency for assessment and potential investigation.
  • operating the Australian Cyber Security Hotline ‘1300 CYBER1’ (1300 292 371). The hotline, which is contactable 24 hours a day, seven days a week, provides advice and assistance to Australian organisations impacted by cyber security incidents. Since the start of the 2020–21 financial year, ASD has seen a significant increase in the number of calls to 1300 CYBER1. The number of calls in the 2020–21 financial year totalled more than 22,000, an average of 60 calls received per day. This is an increase of more than 310 per cent, compared with the previous financial year where ASD received 5,300 calls.

Case Study 3: Ransomware

ASD assesses ransomware as one of the most significant cybercrime threats Australian organisations face. In 2020–21, ASD received approximately 500 ransomware cybercrime reports via ReportCyber, an increase of nearly 15 per cent compared with 2019–20, and responded to approximately 160 cyber security incidents related to ransomware.

To support Australians avoid and recover from ransomware incidents, ASD provides technical advice and guidance to the public on active ransomware software via cyber.gov.au. In December 2020, the ACSC launched the Act Now, Stay Secure media campaign, the first phase of which focused on providing advice to Australians on protecting themselves from ransomware. The awareness campaign promoted new technical ransomware guides, published by ASD and available on cyber.gov.au, including a prevention and detection guide, an emergency response guide and two step-by-step guides. In addition to the Act Now, Stay Secure campaign, ASD provided advice on a range of other mitigation methods, including an updated Essential Eight Maturity Model, threat level services, and the Partner Portal that informs the public of Australia’s current cyber threat levels.

Incident response

ASD’s incident response capabilities span the full range of cyber security incidents, from national crises to incidents affecting individual members of the public. Over the reporting period ASD has:

  • responded to more than approximately 1,630 cyber incidents, assisting critical infrastructure, businesses and Commonwealth, state, territory and local governments.
  • published 27 Alerts and 12 Advisories on cyber.gov.au. Alerts provide timely notification on threats or activity with the potential to impact individuals, businesses, organisations, government, devices, peripherals, networks or infrastructure. Advisories provide timely information and advice on current security issues, vulnerabilities, and exploits. There were more than 7.8 million visits to these Alerts and Advisories on cyber.gov.au during the period.

Case Study 4: Microsoft Exchange

Microsoft Exchange is an on-premises product which customers can install themselves to access mail and calendar services. On 3 March 2021, Microsoft announced vulnerabilities in the Microsoft Exchange server that allowed an attack to access emails and other information or content stored on, or accessible by, that server. Microsoft issued a patch to organisations affected by this vulnerability; however, this did not by itself remove any malicious actors who had already accessed victim’s networks before the patch was applied. Following Microsoft’s announcement and patching advice, ASD observed other malicious actors rapidly beginning to exploit these vulnerabilities in unpatched Microsoft Exchange servers.

ASD worked closely with government and industry partners to identify vulnerable organisations and offer remediation advice. ASD published an alert on its website on 3 March 2021, updated several times since, and a technical advisory on 12 March 2021 on the Microsoft Exchange server vulnerabilities. ASD supported Microsoft in identifying and assisting vulnerable customers using ASD’s CHIPs scanning activities.

On 19 July 2021, the Australian Government released a joint statement by the Australian Foreign Minister, Minister for Defence and Minister for Home Affairs, joining international partners in expressing serious concerns about malicious cyber activities by China’s Ministry of State Security (MSS), and the Australian Government’s determination that China’s MSS exploited vulnerabilities in the Microsoft Exchange software to affect thousands of computers and networks worldwide, including in Australia.

Key Performance Indicator 4

ASD delivers international partnership programs and advanced technical capability that strengthens national cyber security and resilience.

International partnership programs

ASD maintains strong international relationships with global cyber security counterparts in order to share information, mitigate incidents and enhance Australia’s cyber security resilience. Over the reporting period, ASD has contributed to furthering our international partnerships, including by:

  • engaging actively through the Asia Pacific Computer Emergency Response Team (APCERT), which enhances cyber security through cooperation, trust and genuine information sharing. ASD’s leadership role in the APCERT Steering Committee and its participation in a number of working groups and activities reinforces Australia’s commitment to promoting cyber security in the region. In September 2020, ASD participated in the first virtual APCERT Annual General Meeting and Conference and was again re-elected to the Steering Committee.
  • leading regional capacity-building through the Pacific Cyber Security Operational Network (PaCSON), an ASD initiative designed to develop regional cyber security capability including incident response, enhancing technical skills and knowledge, sharing cyber security threat information and reflecting best practice to strengthen cyber security defences. PaCSON, as a community of 17 countries, delivers beneficial outcomes to the Pacific region and aligns with the Australian Government Pacific Step-Up initiative. As PaCSON Secretariat, ASD hosted, for the first time virtually, a successful PaCSON Annual General Meeting in May 2021. Additionally, ASD supported the launch of the PaCSON website and portal during the reporting period, strengthening the connectivity and collaboration between PaCSON members.
  • working closely with our Five-Eyes partners to support our collective understanding of, and ability to respond to, malicious cyber activity. These efforts included cooperation on incident response, information sharing, and development of joint publications and advisories. ASD also engages regularly with European and regional partners to foster coordination and collaboration on cyber security, acting as a global leader in the international cyber security community and, when it’s in our national interests to do so, joining with international partners to publicly call out irresponsible and malicious cyber activity.

Technical capabilities

Over the reporting period, ASD has leveraged its technical capabilities in order to protect government agencies, Australians, and businesses from malicious activity by:

  • piloting a scalable cyber security defence capability, the Australian Protective Domain Name System (AU PDNS). The AU PDNS capability seeks to prevent access to domains by blocking access to sites that host malware, ransomware, phishing attacks and other malicious content. ASD PDNS processed over 5.5 billion queries and blocked more than 400,000 known malicious domain names during the period across federal agencies. The program continues to expand partnerships, with participation now including states and territories. This service has demonstrated success, providing agencies with support to identify cyber threats, resulting in improved security measures for partners.
  • launching a pilot website-takedown service to remove confirmed malicious activity on subscribed organisations websites. Between the launch of the pilot in March 2021, and the end of the period, the service performed more than 7,700 requested removals of malicious activity.
  • piloting a program in conjunction with Telstra and Services Australia, to block cybercriminals impersonating Services Australia, under Telstra’s Clean Pipes initiative. This program, announced in September 2020, succeeded in identifying and rejecting illegitimate phishing text messages impersonating myGov and Centrelink, before they reached Telstra customers. This program, which will eventually lead to industry-wide solutions, demonstrated how government and industry can work together to better protect Australians.
  • using unique offensive cyber capabilities to degrade and disrupt cybercriminal syndicates targeting Australians during the rollout of coronavirus support measures.