Australia’s spy boss says authoritarian nations ready to commit ‘high-impact sabotage’ The head of Australia’s Security Intelligence Organisation (ASIO) has warned that authoritarian regimes “are growing more willing to disrupt or destroy critical infrastructure”, using cyber-sabotage. In a speech delivered today, Director-General of Security Mike Burgess referred to recent telecoms outages in Australia, one of …
Well, that's probably putting it too strongly. In the same way that the cops are trained to see "bad guys", so that's what they see, spooks are trained to see threats to national security, so that's what they see ... everywhere. When they (it's only Burgess, really) speak about that, it might come across as pro-authoritarian.
He might need to soften his language a bit or get a new speech writer, though. His second-to-last speech involved him describing the threat matrix but parts of it were poorly-worded and seemed to roll in everyday people who are "disenfranchised" and similar. Given how many people are suffering serious cost of living and housing issues, and are thus disenfranchised, or are frustrated with (lack of) action on climate change, angry at Gaza or the war in Ukraine, sick of arrogant billionaires, fearful of a rising China or AI, and so on - that's a large chunk of people, perhaps a majority - I thought it was at least clumsy to place them adjacent to the real bad actors who deliberately inflame tensions or actively seek to disrupt and damage (such as foreign-sponsored trolls, genuine extremists, hackers, saboteurs, etc).
You can read that speech here: https://www.lowyinstitute.org/2025-lowy-lecture-delivered-director-general-security-mike-burgess-am
You need to also see his many other efforts, eg his briefings to government etc. Variously reported over the last 3-4yrs. He has a very standard mental problem.
Eg, if you are getting near-daily reports of major city-wide urging of death in 3+ major cities (over 40% of Australia's population), and nationally: public marches, violent attacks (on people and their property) driven by foreign ideological basis itself explicitly anti-pleb anti-West etc, collaring people in the process of implementing mass shootings/bombings/etc, etc, all to SUCH level now that even the media is feeling they need to report bits of it to avoid losing any more credibility, but publicly you try to deflect by pointing at and declaring Top National Priority one --perhaps as many as two-- dozen wannabe LARPERs who come together occasionally in one already-messed-up city to pwetend to be weal-wife white Nazis, then you are operating according to priorities starkly at odds with the nominal purpose of your job.
Burgess' speech linked above was wide-ranging - he mentions neo-Nazis but it's not the focus of his speech - the majority of the speech ranges across other subjects. The most recent speech (the subject of the article) was on nation-state-backed cyberattacks/cybersabotage - no mention of neo-Nazis at all.
It seems to be the state premiers and their police commissioners who focus on the neo-Nazis (and use them as justification for stronger hate speech and anti-protest laws). Personally, I don't think more laws are needed, merely more considered and consistent application of existing laws, but that's just an opinion. The danger, as usual, is the mission creep (or unintended consequences) that comes with more/stronger laws.
Not so much critical USA kit, but energy systems are the real issue, especially in AU where so much of the generation is now solar/battery.
Almost all invertors and batteries use and expect an internet connection to a foreign data collection, configuration, and firmware update server.
They are all software controlled. Many have no way to be connected and brought to life without the internet, even if you have a stockpile of new boxed units.
All invertors can be irreparably destroyed by malicious firmware update,
Manufacturer integrated battery units like Tesla and Sigenergy, can probably have the battery set on fire by firmware update.
Where a street has a significant number of the same invertors, you can burn out other consumer electronics (chargers, internet, induction hobs, car chargers), and simple electric motors
You can force branch disconnects at the street transformer level.
You can overheat and damage distribution equipment.
And almost nothing that can be done to defend against it now so much gear is installed.
A major brand stops working after a period without phoning home, ensuring you must let it connect to firmware updates.
The same as anschluss with Canuckistan: Resources. Either taking them in the economic sense, or trying to stop the sale of them to CN.
A future where AU has to choose between China, and an unstable US that has become a faded but still dangerous former power a la Russia today, is quite imaginable.
In this case, US cyber attacks on anyone and everyone who supplies material to China (which is most of AU's economy), would be "justified".
The US (and China to a lesser extent) is already threatening "us or them" choice, though this has quieted down since CN appears to have won this round of the trade war, and the US has realised it is the one without many cards to play.
until the PHB brigade become personally financially liable for cost cutting on coal face crew numbers, relying on lowest cost outsorcering (sic) nothing will change. As for the spooks, funding has been increasing since the disastrous Howard years. Got to have staff to arrest grannies and grumpy old sods posting memes about groups above criticism. Same behaviour as NSW pollies pretending the peaceful "neoNazi" protest in Sydney was not a false flag operation. Also done to insinuate more intrusive snooping which seems strangely ineffective at stopping gang warfare and murders.
Anon to increase time before door in kicked down
Exactly. those at the "top" in businesses flit around from job to job for the next big payday & golden hello, short termism led bonus / salary rise cultures usually operate - spending money & resources on improving security is at odds with C suite financial interests (let's face it, that is usually their top priority not the business they are currently working at).
Obviously a few C suite people will care about the business, but they will be in the minority as you do not tend to get those C suite roles if you are a decent human being (you will have long since been backstabbed by the sociopaths)
"false flag operation"
Hmmmm. I don't know, but that NSW rally, and the late-night neo-Nazi march in Victoria a couple of months ago, were both suspicious as hell for their timing, coverage and the political commentary that rapidly followed. One could easily be forgiven for thinking they could have been staged in order to justify more/stronger anti-protest laws that the Vic premier immediately said she'd introduce - and I wouldn't be surprised if NSW followed suit - because who'd argue with stopping Nazi's, right?
However, according to reasonably trustworthy documentaries going back several years, the neo-Nazi's are real. So, make of that what you will.
(Anyone else remember how Ken Thompson backdoored every unix? Twiddled a core compiler.)
There's another major risk arisen recently, not obviously nation-state but ideological, and a lot larger/wider than most nation-states can manage.
You may have noticed the Rust OSS community has been hijacked by people you could generously describe as psychotic: anti-pleb, anti-West, anti-personalchoice, anti- pretty much everything that's created the society & societal wealth that lets them play on computers with their adopted Language Of Virtue.
You may also have noticed that they've done a systemd: forced out previous code versions in favour of their own language's copies of same, across multiple distros.
This is parTICularly insane, given that their versions are regressions: failing even basic Unit Tests(!).
It is also parTICularly odd, that they've focussed in the first instance on very simple&reliable but core utilities which every box and —more importantly— every complex or large installation critically relies on.
Eg NTP. Heard of any egregious memory safety bugs in NTP in the last many years? Nor have I. But tell you what, if every box in a high-availability replicating database backend switched to different times all of a sudden, WOULDN'T we have fun watching the front-end's service-provision collapse in a shower of "argh".
An oddly fawning Ubuntu team post credited the entire drive to swap out long-standing battle-tested functional code for test-failing regressions of Rust code, to one particular group. That group and its funders likewise seem obsessed with swerving the usual memory-bug risky culprits in favour of taking over core low level tools which lend themselves very well to sabotage. sudo, for example.
Check out Trifecta Tech Foundation then their funders. Eg, one of their funders proudly boasts that their code has now completely replaced the NTP servers for Lets Encrypt.
Worth noting that Rust's compiler is now Rust. Anyone else remember how Ken Thompson backdoored every unix?
HE did it innocuously, just as a mental exercise and also to point up the security exposure.
Diametrically-opposite-wise, given the anti-pleb psychosis (proudly) displayed by many of the Rust community, we are now looking at all but a handful of Linux distros now carrying material risk of that exposure being not just created but "weaponised".
I would not be deploying a Rust-affected Linux for anything critical until I'd seen the results of some pentesting teams reverse-engineering the binaries.
“Boards need to be curious and discerning about the information provided to them. You can’t PowerPoint your way out of this risk. Don’t let management do that to you.”
I guess this is sugar coating the pill that it has been the boards refusing to invest, rather than being misled but their minion management. Whatever the cause, the quote seems to be the wrong way arouund.
Look look, they are coming after ya.
Be scared!
Now give me moneyz plz.
I mean these spy bosses are a laughing stock. Their countries are being robbed by governments colluding with big corporations and all they can say is:
"Corporations under invested in the IT and has no defences".
You don't need a "spy" agency to figure that out, you just need at least two brain cells.
Why downvotes?
Remit of spy agencies is protection of democracy among other things.
Then how do you explain big corporations dining with ministers and "shaping policies" bypassing democratic process?
Then you have spy bosses mumbling something about cyber attacks.
I mean, dummy, if corporations are engaged in full on asset stripping in collusion with government, what would you expect?
If you were doing your job, you wouldn't be in a position to make such dumb statements.
Your infrastructure should never connect to the public internet. And then it is safe.
So all this reds-under-the-bed crap is only relevant if governments have allowed their infrastructure to be vulnerable through their own failure and incompetence.
Maybe instead of whining about it publicly as a cheap Cold War 2 scare tactic, they should just fix it. Everybody involved gets a big enough bloody pay packet. Maybe they could just do their job.
Quote (Mike Burgess): ".... the risks are foreseeable and the vulnerabilities are knowable...."
Yup....the "Five Eyes" both know "the risks" and know "the vulnerabilities".................
......and, of course, they just sit still and take the hit!!!!!
You know....."DEFENSE" and never "ATTACK",,,,,,,,,,,,,,,,,,,,,,,,,
Misinformation...............??????
Set up a system where the equipment is only capable of sending simple wireless canary messages, and always sends these on a regular basis - even if it's just "All OK".
Have a fairly local key holder who can go to sort out minor issues, and call backup if it's more serious. If the messages stop coming assume the worst and send a full swat team. If it really needs real-time control then there simply must be warm bodies on site.
Yes, I know that will cut the investors profits (by some minimal fraction).
> Can't hack what you have no remote access to.
It is a mistake to assume that hackers associated with a nation-state do not have local access (indeed, even ordinary, criminal hackers can have local access).
Plus, supply-chain attacks are a thing. All that critical hardware/software came from somewhere.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
