Not knowing the enemy: Australian cyber defender clueless about origin of 40 per cent of cyber attacks

Australia’s chief cyber security defender has revealed the government has no idea where about 40 per cent of cyber attacks against our country come from.

Major-General Stephen Day, head of the federal government’s new Australian Cyber Security Centre in Canberra, made the comments on Monday evening at the NSW Law Society’s Thought Leadership series.

“Where I come from, we have the nation’s most sophisticated detection capabilities and we have among the best brains at work in cyber security in our country,” he said.

“[But] about 40 per cent – there or thereabouts – of what we see we can’t attribute to anyone, whether it’s criminal, whether it’s espionage or whether it’s sabotage.

“In other words where the originator does not want to be found it can be mightily difficult to attribute these sort of actions.”

According to General Day, there were about 900 cyber-security related incidents against the Australian government and some of the country’s biggest companies last year. This did not include some of the unsuccessful attempts against the organisations, he said.

Asked if he would ever support companies or governments hacking back to retrieve stolen data, General Day said “in time” but it would be difficult.

“It’s called … ‘active defence’. There’s a lot of talk about it. My own view is that in time it might be something that gets done but it’s very difficult because … attribution is difficult,” he said.

“And even once you think you know who’s done it, actually getting to the source is an extraordinarily difficult and expensive thing to do.”

In an appearance at the University of Canberra earlier this year, General Day argued that his lack of a deep knowledge in cyber security was actually an advantage to the government.

“I am an ordinary, garden-variety soldier,” he said. “I have no special expertise in cyber, and …  I actually think that is an advantage,” he said.

He also argued it was a common mistake to leave cyber security in the hands of IT professionals.

“Environmental engineers maybe the people to work with us to keep the air healthy, but there’s no way we would use or leave environmental scientists to work out the future of air travel, or to design military campaigns through air,” he said.

General Day also said then that he thought the federal government was up to scratch when it came to defending against cyber attacks. The same couldn’t be said for state governments.

“We haven’t reached a critical mass of understanding in the state governments yet,” he said. “There are some who are at the very good end of the freeway and there are some at the opposite end as well.”


Just a figment of your imagination.