Mike Burgess says he knows culprit behind ANU cyber attack | Alds

Australian Security and Intelligence Agency (ASIO) director-general Mike Burgess fronted a senate inquiry on Thursday into national security threats to the university sector, where he warned foreign interference was at a level “not seen since the height of the Cold War”.

The Australian National University suffered a serious cyber attack in 2018 by a culprit the federal government labelled a “state actor”.

Reporting suggested intelligence agencies believed China was behind the attack, but Mr Burgess would not confirm those reports.

RELATED:Spy chief’s grave warning to all MPs

“I do know who was behind it, but I will not say so publicly because I don’t believe it’s my role to do so,” he said.

He said “way more than one but less than 10” countries posed a cyber threat to Australia, but one in particular was “highly active”.

“Again, I don’t believe it’s my role (to identify that country publicly). My role, my organisation’s role is to identify that threat and help reduce the harm,” he said.

“There are many other factors that the government must take into account when they decide on how they deal with that particular problem.”

Melbourne’s RMIT University was also forced to suspend classes temporarily after being struck by a significant cyber attack last month.

The attack was under investigation, and Mr Burgess said he “genuinely did not know” who was behind it.

“It has not reached my level, (but) that’s not to say someone in my organisation is not working that problem,” he said.

The comments came after the Home Affairs Department’s Marc Ablong was pressed by Liberal senator James Paterson over the attack.

“Is it the case that we do know that it is China, but we just don’t want to say that publicly?” Mr Paterson asked.

But Mr Ablong warned naming cyber attackers was a “very complicated and complex exercise”.

“Just because it’s reported in the paper as it is believed doesn’t necessarily mean that we can prove anything,” he said.

“You need to be more than certain that you know who the actor is before you name them, because there are consequences not just for the actor involved, but for the country that does the naming.

“We as the intelligence agencies haven’t made a judgment about that yet, and nor will we.”

He said at least five state actors and other criminal groups had “the capability and the intent” to carry out strikes against Australian universities, which were not prepared to withstand cyber threats.

“The sophistication in the ability of either states or criminal organisations to undertake cyber hacks is very real, and it is only going to get worse,” he said.

“(The threat) is evolving constantly and hackers are constantly adapting their attacks to newly identified vulnerabilities.

“The entirety of the global information and communication technology environment is not as well prepared as it could be, and that includes the higher education sector.”

Mr Burgess revealed Australian universities engaged with ASIO 60 times in 2020, saying the threat of espionage had grown to a level unseen “since the height of the Cold War”.

“(Foreign interference at universities) is a significant security risk that does need to be managed effectively by this country and the research and university sectors. It’s the scale that concerns me,” he said.