 Good afternoon ladies and gentlemen and welcome to this full house to the Lowy Institute I'm Michael fully loved the executive director here at the Institute And I'm delighted to welcome you to this special event with the head of the Australian Signals Directorate Mike Burgess Ladies and gentlemen, it seems that every week we read another big story about cyber attacks the hacking of the Australian Parliament and the political parties here in Australia the North Korean attack on Sony the worm that crippled the UK's national health service and of course the Russian meddling in the US presidential election. But all those stories if you like are on the defensive side of the ledger. They are attacks on Australia and on Western countries by other state actors. The other element of the game is offense. The actions taken by Western governments to disrupt and deter our adversaries. And we don't hear about those so often. There was some coverage of the Stuxnet worm which is thought to have been used by the United States and Israel to damage Iran's nuclear centrifuges. There has been speculation about hacking of North Korea's missile programs. There's been a few things like that. But in general we hear more about operations against the West than operations by the West. And as my colleague Richard McGregor said to me recently it's a bit like watching a boxing match where you can only see the punches thrown by one of the fighters. And that's why today is such an interesting event in which the head of Australia Signals Intelligence Agency will tell us about Australia's offensive cyber capabilities. Ladies and gentlemen, Mike Burgess has served as the head of ASD since January 2018 when it became a statutory agency in July last year. Mike became its first director general. Previously he worked as an intelligence official and a private sector chief information security officer. He served on boards including the federal government's Naval Shipbuilding Advisory Board. Mr Burgess holds a degree in electronics engineering from the South Australian Institute of Technology. I will have a conversation with Mike and Mike has agreed to take your questions. But first of all, please join me in welcoming Mike Burgess to the lectern. Good afternoon everyone. It's my great pleasure to be here and a few familiar faces in the audience. Let me start by first acknowledging the Lowy Board members. Thank you Michael and the Lowy Board members for being here. The Honourable Margaret Stone, the Inspector General of Intelligence Security. It's nothing like standing up and speaking in front of your oversight. Welcome Margaret. Philip Lowe, the Governor of the Reserve Bank of Australia and Lieutenant General John Fruin, my Principal Deputy Director General of the Australian Signals Directorate. For me and John, it's a great privilege to lead this organisation and as you would understand in any good organisation it's not actually the leadership. Sorry John. It's actually the great people who work for us and we have the privilege of not just leading but in reality we actually have the privilege of working for the men and women of the Australian Signals Directorate and they do an absolutely fabulous job. I would like to acknowledge in that regards then some of my staff who are actually in the room. Mark Sinkin who is the Head of Strategic Communications at the ASD. Avet. I'm not going to give her a surname just to protect individuals. Who's the Director of Communications. Jo, my Chief of Staff and JJ's Chief of Staff. Scott Logan. I gave you a surname away sir. Apologies. Tell her I'm not really good at this big stuff. Scott has an interesting job title. I didn't tell him I'm going to do this but it's military effects and network operations. There's something interesting about the title of our workforce. Final staff member I want to acknowledge is Michelle. Michelle is the Head of Strategy and Strategic Policy. She's an absolute whiz at that bit of a unicorn but that's not her real strength. A lot of what I'm talking today, the policy framework through which we operate and do this effectively and legally is all down to individuals like Michelle and Michelle has been outstanding in her leadership. So late last year I gave a public speech where I promised to bring the Australian Signals Directorate out of the shadows. At that time I committed to be more being more transparent about our role and for an organisation like ASD that was a very difficult thing to do. It would be really easy to stay in the shadows out of public's attention but that wouldn't have been the right thing to do. I cannot stress enough how important I believe it is that the public understands how ASD defends Australia from global threats and why our work is so important and most importantly that we act legally and ethically in everything that we do. Transparency also has other benefits. For the first time we can start talking in more detail about what our staff do and what kind of skills we have and why they might want to come and work with the Australian Signals Directorate. So why is that important? Transparency helps inform, helps dispel myths and most importantly helps with our value proposition to prospective employees. So in the spirit of transparency, let me be open up front. While today's talk might be very attractive from the point of view of the topic I've chosen to speak about, my prime objective is simply to sell ASD as a rewarding place to work. So sorry Michael, I actually think this might be the first time Lowy has been used as a real live job advertisement. So thank you so much. A job where you'll belong to a great team defending Australia from great global threats, where you'll be operating in that slim area between the difficult and the impossible and where you can have a rewarding career that makes a difference. So let me start with one of our myths. One of the most common misapprehensions around ASD's offensive cyber mission work is around what that might look like. Probably not surprising given the cliches in the movies. There's always a geek, invariably a guy wearing dark clothing, working in low light, hacking systems at will. Usually they're cavalier, they have no regard for the law, and they can just hit the enter key and blow up buildings or do impossible things with electrical surges. The real hackers in ASD couldn't be further from this stereotype. But to understand why, you need to understand a little bit about our capability. So when we say offensive cyber, what do we mean? At ASD we're referring to a broad range of activities designed to disrupt, degrade, or deny our adversaries. And to be clear, all of our activities are conducted offshore. We do this using specialized tools and techniques to disrupt the communications of and interfere with the way they operate. And in my experience, when people generally think of offensive cyber, they go to the high end of the spectrum, thinking about computer network attacks that destroy adversaries, communications devices. Yes, this is something ASD does, but in very specific circumstances and within strict legal frameworks. But it's just one of the ways we can disrupt our target's behavior online. Our operations are carefully designed to achieve their objectives in a much more precise, subtle and sophisticated way. And to be honest, that is far more exciting than smoking computers in cyberspace. So for example, our targets might find their communications don't work at a critical moment, rather than being destroyed completely. Or they don't work in a way they expect, they might find themselves not being able to access their information or accounts when they want to. These kinds of operations are more representative of what offensive cyber looks like, highly targeted and proportionate, timed to precision. Whatever the technique, our objective is to use our offensive cyber capability to keep Australians and Australians safe. It's also again important to remember that we are a foreign intelligence agency. Our operations disrupt, degrade and deny offshore adversaries who pose serious threats to Australia. The Prime Minister first announced or disclosed the existence of ASD's offensive capabilities in 2016. Since then, further announcements have been made establishing how our capability supports the Australian Defence Force, including military operations in the Middle East, where offensive cyber has helped disrupt Daesh's communications, launch attacks or helped stop them launching attacks and their spread of propaganda. The government has also revealed the role ASD's offensive capability plays in disrupting foreign cyber criminals targeting Australians. Regardless of the context, all of our operations are conducted in accordance with international and domestic law. Every mission must be targeted and proportionate and is subject to rigorous oversight. All our actions are deeply considered and subject to meticulous planning to consider the potential for unintended consequences. ASD takes its legal responsibilities incredibly seriously. We pride ourselves on being meticulous in execution and we operate within the law. As I said in my ASB address last year, I've heard of some boardrooms in Australia contemplating the prospects of hacking back to protect themselves against attacks. So let me be clear, ASD's offensive cyber capability is enabled by the Intelligence Services Act and authorised at the direction of our Minister. No corporation or individual should contemplate the prospects of hacking back to defend themselves from hackers. That would be an illegal act and the obligation to protect one's corporate assets does not extend to breaking the law. So what do our hackers really look like? ASD's offensive cyber operators look and act nothing like they do in the movies. It takes teams of experts to make these operations successful and to ensure all our actions are considered legal and ethical. Our operators and planners are imaginative and disciplined with a strong sense of propriety. They are cool under pressure and they love working as part of a team. It's as far away as you can get from the cliche in the movies. They come from all sorts of backgrounds, everything from computer science to marketing, international relations, the law, linguists, biology and mathematicians to name a few. Regardless of their background, all of them go through an intensive comprehensive training program to make sure they have what it takes to be an offensive cyber operator. Some of them are expert at generating technical effects to degrade or destroy an adversary's communication device. It's the type of effect that might be crucial to support a military operation. Working alongside our operators are our software developers. These programmers are responsible for developing highly surgical tools to cause the effect. It's precision work requiring reverse engineering skills and a deep understanding of computer operating systems. They have to find a way to bypass the target security mechanism and make sure the tool causes the exact effect that has been approved under our legal framework and only that effect. Our operators create the effect by focusing on the person behind the device as well, the intelligence target themselves. They draw on a range of intelligence sources to understand their motivations, the online technology use and more importantly how they use it. And of all our operations rely on stealth and obfuscation. It's not just as simple as setting up an internet connection and away you go. So backing up our operators are a group of talented individuals, system administrators and security professionals who know how to build and sustain the infrastructure we need to hide our tracks online. So let me share some real examples. Naturally we don't often talk about the detail of what ASD does but to help explain why our work matters and what kind of people we're looking for I've decided to declassify aspects of two operations. The Australian Signals Directorate has a long history of supporting military operations with the beginnings of this going back to World War II. In that time or since that time we've provided critical support to the nation's warfighter including providing intelligence on threats to Australian personnel and tracking the locations of military adversaries to enable ADF and coalition operations to be conducted and the operations are highly targeted. That long-standing support has expanded into offensive cyber. Offensive cyber is a crucial part of Australia's military arsenal and ASD supports those on the front line. For the first time I can tell you a little bit about what that looks like involving some insights from our operators who conduct these activities. The work we do makes a difference and in the Middle East our offensive cyber operators have helped make a difference between success and failure, life and death. At the height of the fight against ASD working at the direction of the ADF helped shape a crucial battle. Just as coalition forces were preparing to attack terrorist position our offensive cyber operators were at their keyboards in Australia firing highly targeted bits and bytes into cyberspace. Dayish communications were degraded within seconds. Terrorist commanders couldn't connect to the internet and they were unable to communicate with each other. Terrorists were in disarray and driven from their position in part because of the young men and women at their keyboards some 11,000 kilometers or so away. While the effect was almost instantaneous it took many weeks of planning by specialist ASD and ADF personnel to make what happened and to ensure it went exactly to plan. When it came to the day of the operation our operators were constant contact with deployed military elements to make sure the effects were carefully coordinated and timed to precision. Our effects were generated in support of and in coordination with ground maneuvers. This operation marked a milestone for both Australia and coalition partners. It was the first time that an offensive cyber operation had been conducted so closely synchronised with movements of military personnel in theatre and it was highly successful. Without reliable communications the enemy had no means to organise themselves and coalition forces regained the territory. As part of another operation we worked with coalition partners to damage the terrorist media machine. We locked the terrorist out of their servers and destroyed their propaganda material undermining dayish's ability to spread hate and recruit new members. Our work makes a difference. These operations in these operations cyber operators in Canberra helped fight and defeat terrorists on the other side of the world. On other occasions our offensive cyber operations take on a different character literally. Some activities involve ASD operatives assuming false online identities to disrupt terrorist networks. One case involved a man who had been radicalised and was in remote location overseas trying to join and fight for a terrorist group. The risk was significant and the stakes were high. If the terrorist didn't accept a newcomer they would likely execute him. If they did accept him they would further radicalise him and train him to kill. It was literally a matter of life and death. When ASD first was alerted to the situation we stood up a specialist team and developed a sophisticated plan. The team included linguists, cultural experts and behavioural experts and was led by one of our top operatives, a highly trained young woman, a science graduate turned covert online operator. ASD tracked down and reached out to the man over the internet pretending to be a terrorist commander our lead operator used a series of online conversations to gradually win her target's trust. Our operative type in deliberately broken English and was so convincing she was able to influence the man's behaviour. To ensure he couldn't contact or be contacted by the real terrorists she got him to change his method and mode of communications and eventually she convinced the aspiring terrorist to abandon his plan for Jihad and move to another country where our partner agencies could ensure he was no longer a danger to others or himself. In this case a young operative sitting at a computer in Canberra was successfully pretended to be a senior terrorist fighting in a far away war zone. Her online persona was the inverse of a real one, different gender, age, culture, language, status and a radically different ideology. One word or reference out of place and the whole thing could have fallen apart potentially with grave consequences. The work that our operators do is extraordinary but talented operators like this come from fairly ordinary backgrounds. Like many of us she grew up in the suburbs of a major Australian city. She enjoys yoga, hiking and playing touch football and when she was studying at university she would never have dreamed that one day she'd be posing as a terrorist online helping to defend Australia from global threats. We spotted she had the aptitude to do this work early when she joined ASD. She was an imaginative, had great problem-solving skills and was a team player. After completing an intensive training program she joined our team of COVA online operators, a job title that remains secret until today. So if you're looking for a job, do you pick a fence? In the past it was difficult to recruit people with aptitude for this work. If we continue to live in the shadows you can't exactly put COVA online operator on your LinkedIn profile. We suspect a lot of people wrongly concluded also that our offensive cyber mission was just for techies or worse still we were looking for those cavalier types that you see in the movie. By being more transparent about the work we do really will help get the fascination and attention of other people who can consider a career in ASD's offensive cyber mission. And while a lot of our staff have technical backgrounds, yes offensive cyber is not just for techies and it's not as male dominated as you might think. Our most experienced COVA online operators are all women and all our staff in this field are imaginative, curious, minded and persistent and when we set them objective they always find a way. Or do you pick defence? A good offence is only as useful if you also play defence and play that well and in cyber it's the defence mission that really counts. On the cybersecurity side of ASD there's also a range of fascinating roles where they focus on a different kind of adversary. These are the malicious actors that try to compromise Australian systems, steal our information and take advantage of Australians online. ASD works hard to make Australia a safest place to connect online. My staff in the cybersecurity centre are central to that. Cyber security is a great career for people who love problem solving skills, for people who love diving into the detail to find security flaws that other people might have overlooked and in this respect they are amongst the greatest critical thinkers we have in my organisation. They have to be to think about all the ways our systems might be vulnerable and what are the best ways to protect Australians themselves and when we find hackers compromising of a network we call on our incident responders who work out to how to get them out and how to keep them out. These kind of operations rely on specialists who love fast-paced operational work and are great in a crisis and that work is really rewarding when you consider the activity you might be defending against as all the hallmarks of a sophisticated cyber actor are worthy peer competitor. That's when ASD really comes into its own. In these situations we draw on combined expertise of our organisation. Our experts from both the offensive and defensive side work side by side to ensure we understand the techniques these malicious actors are using and more importantly we understand how to protect Australia and Australians from what's happening because sometimes to catch a thief you have to be one or at least think like one. So be a real poacher turn gamekeeper and pick both. This is one of the great things about ASD you don't have to pick just one job. Some of our staff have long spanning careers in defence and offence. This is something you cannot do anywhere else. These are the real poachers term gamekeepers or in some cases gamekeepers term poachers. Having experience in both mission gives our staff a broad perspective and they are all the more expert because of it. So today I've shared more about the nature of the work that we do because we want people to understand what a career in ASD looks like. But naturally there's only so much I can say about our operations and how they help or to help people think about the career options that they have. Much of the detail surrounding this will continue to be classified for obvious reasons. Fortunately there is another way we can give people insights into what it's like to work for ASD and that's from our organisation's five values. We make a difference. We strive for excellence. We belong to a great team. We're audacious in concept and we're meticulous in execution. These values say a lot about the culture of the organisation and the people who choose to work at ASD and they take on a special meaning when you look at them in the context of cyber operations. We make a difference. This is all about giving our customers those we serve a critical edge whether that's providing offensive cyber support to the ADF operations overseas or responding to serious compromise of Australian systems. We strive for excellence. It's about seeking and fostering talent, being committed, enthusiastic and responsive and being world-class in all that we do. The stakes are high in our cyber activity and missions and we have a highly talented workforce of cyber specialists who love what they do and do it to the highest professional standards. We belong to a great team. This is recognition we succeed through teamwork and partnerships and there's no better exemplar of this teamwork at ASD than in our cyber operations. Whether it's offence or defence, it takes a team of talented individuals with a range of skill sets to be truly successful. We're audacious in concept. This is all about the work we do which by its very nature requires ASD to operate in the slim area between what is difficult and what our adversity thinks is impossible and its bloody hard work. Whether it's using offensive cyber tools to disrupt the communications of a terrorist even when they're trying to evade detection or uncovering a new technique used by a cyber adversary to bypass security measures in Australian systems. Last but not least, we are meticulous in execution. This is about precision and always acting legally and ethically and being accountable to the public through government for everything we do. This one underpins everything we do in cyber. All our offensive operations are conducted in accordance with the law. They are subject to meticulous planning to ensure our activities are proportionate and highly targeted and this value also guides our cyber security teams who are meticulous in the way they search for vulnerability on Australian systems. So which team is for you? By being more transparent about this we hope it gives people a better idea of what ASD does. The Australian Signals Directory is a great organisation to be part of. Our staff love what they do and they work with a great team. We place enormous emphasis on diversity. We require it and we desire it. A diversity of people with a diversity of skills. These operations I've outlined today require linguists, software developers, analysts, code makers, code breakers and behavioural experts to name a few. Some of our people wear short suits, suits to work alongside ADF members in uniform from the ADF's joint cyber unit. Quite a few of our staff wear hoodies and jeans that you might expect to see in a tech startup, not like a normal public service organisation. If you'd like a licence to hack legally, you can keep a secret and want to make a difference then ASD might have a job for you. There's something for anyone who is curious, minded and up for a challenge. Over the next few years we'll be recruiting many hundreds of people to join our cyber workforce. It's really just a matter of which team is for you, offence, defence or both. Thank you ladies and gentlemen. I look forward to taking your questions. That's a foreign state actor just calling in. Thank you very much, Mike. You've continued today to bring ASD out of the shadows and if you like, on to LinkedIn. So I'm glad you got in your job ad. Happy to help. And maybe in return you can help us with a few questions about your world, if you don't mind. Let me start on the subject of your speech on offensive cyber. You gave us these two very interesting examples of operations by which ASD operators have helped to defend Australians and Australia against global threats. First of all, an operation alongside the ADF in which operators disrupted the work of Daesh. And then secondly, this fascinating example of a young, yoga loving, touch football playing Australian woman, a covert online operator, which is a job title that I now aspire to, assuming the identity of an older male terrorist commander. And I'm intrigued and I think probably a lot of us are intrigued. How do you assume that identity? How do you persuade somebody online that you are somebody else? Share a bit of the tradecraft that your colleagues use if you can. For example, in that case. Sure. Thank you again for having me here and thanks for the question. It really is a team sport. So as much as that individual is an outstanding impressive individual, it's not just her. Yes, it's her at the keyboard leading the interaction. But she's guided by many experts and keep including people who have language experience, cultural experience, behavioral experts, psychologists. So when we develop a plan and when we're live executing a plan, our operators are backed up by a very comprehensive team and a body of knowledge that says we know how to interact with that individual. We already know what our objective is. That helps a lot. The other thing as part of that, it's not just the great team, it's the comprehensive training program we put our individuals through and the tradecraft we've developed over many years that help us do this very well. There's something magical about my organisation, which isn't a good thing. We're an organisation that's both poacher and gamekeeper, offence, defence, to catch a thief. You need to think like a thief. We go to great efforts to understand the behaviours, the motivations of the individuals and actually understand the character themselves so we can tap into that and win their trust. And in this case, it's a great example of where we did that at short notice based on our experience and our training. We were able to win the individuals trust and she was able to move him into a safer place so he wasn't a danger to himself or others. Let me ask about that question from a different point of view. I like that phrase you just use to catch a thief. Sometimes you need a thief. And I guess in that case, that young woman was using deception, manipulation. I'm sure ASD operators use phishing attempts and phishing tools and so on. Now, in Western countries, we get on our high horse when we hear about foreign hackers launching those kinds of attacks against us. But aren't you doing exactly the same thing? Yes, to a certain extent. I might claim we're doing it better than others. But to get to the nub of your question, remember we're doing this in very strict limited circumstances. In this case, we're using this to disrupt someone who is either radicalized or potentially radicalized from doing bad things. In this case, that's very targeted. Generally what's on the receiving end of Australians every day is not so targeted. It's just it's pretty broad brush. Most of it comes from the criminal gangs who are looking at making money. We're not like that organization. We're here to defend Australia from global threats and everything we do is proportionate and legal and in limited circumstances enabled by law. What about comparing ASD's work to the work of other foreign intelligence services, other signals intelligence services? Are there or what are the things that a signals intelligence service in a democracy such as ASD would not do that a signals intelligence service in a non-democracy, for example, like Russia or China might do? I will answer that question. I'll start though by saying obviously I'm here to talk about ASD's capabilities. I can help the audience in so far as there are I'm confident there are things that we can do technically in terms of generating the effect that very few other nations could do. But the best way to compare us and other nation states is actually in the premise of your question. Look at the legal and cultural settings of our country. Everything we do is enabled by law. It has to be right. It has to be legal. It has to be right. It has to be proportionate. We just don't go up with some crazy scheme. It's thought about. There has to be some authoritative basis for which we're doing it. There are some countries, a smaller number of countries who don't have the same legal frameworks as we do and they might do things which were not proportionate to the issue they may rightly be dealing with. In our case, I can assure you our action is always proportionate. It's a fundamental premise of everything we do in the offensive cyberspace. What about when, not when you're targeting foreign states, but what about when you're targeting transnational criminal networks, for example, people smugglers? How does that work? So my agency is a foreign intelligence agency and we have this thing called offensive capability. If someone has the authority to disrupt people smugglers, we can use this capability to support them. It's just like anything else. What's the authoritative basis on which someone is operating and can't ask to help them? So yes, we do have the capability to help people who have the authority to disrupt people smuggling networks. All right. Let me ask you a couple of questions about the Five Eyes, if I can, this very intriguing intelligence alliance between five major Western democracies. A decade ago, Five Eyes was almost never mentioned in the press. It was a very sort of niche topic and now it's dropped into news stories all the time. You see ministers posing with media banners behind them referring to a Five Eyes meeting thanks to a story in the old Fairfax Media last year. We learned, indeed, that Five Eyes chiefs were served lobster at a dinner in Canada in July 2018. Why is the Five Eyes coming out of the shadows in this way? That's a great question, Michael. To be honest, I'm not sure why Five Eyes, this thing, it's a strange language, isn't it? Strange terminology, but it's something in my business we've been comfortable for many years. Yes, it's been more known about in recent times. I'm not sure why that is the case, but if I bring it back to our particular circumstance, I just happen to be a Director-General who believes that in our democracy, transparency is important. It's important that the public understand what ASD does when we say we defend Australia from global threats. It's important they understand the legal framework and the oversight mechanisms under which we operate. I think that's incredibly important in any democracy. That's why I'm passionate about being more transparent, up to a point, because you appreciate there are things we do need to protect. I think that's incredibly important. The other thing you'll see is our cybersecurity mission. We can't do that in the shadows. Actually, that's a very public thing, and it's right that we're very public in that space, so a combination of more transparency for democratic reasons, but also our cybersecurity activities have taken us out of the shadows for sure. I'm confident that's the same in our allied Five Eyes countries. Are the Five Eyes agencies working together more closely now than they did in the past? I think it's safe to say we have worked closely together for the last since it was formed just after the Second World War. Let me ask you, let me go on to a slightly different topic, but it's not unrelated. That's the question of 5G. Two weeks ago on this stage, I asked the Foreign Minister why the government had decided to block what it called high-risk vendors, such as Huawei from Australia's 5G network. I should say this is a question that CEOs put to me very often. It's the subject of a lot of discussion in the business community, and often they will say to me, well, if Huawei, for example, provides the best and cheapest technology, why wouldn't we use it? When I put that question to the Foreign Minister, the only answer she put on record was that the government listened to the advice of the security agencies. Now, obviously ASD was a critical part of providing advice to the government in relation to that decision. So can you tell us, especially given that we have CEOs in the audience today, why was that decision in Australia's interests? Certainly. Firstly, ASD was one of the agencies, but it was a team effort giving advice to government. It's best to look at how we think about 5G and what 5G will become. I must say up front, though, that the notion that some companies are better than others, I'm not sure I agree with that, and the companies, the telcos that we've spoke to across the globe, including here in Australia, may not all agree with that. I mean, in terms of the quality across the technology, 5G is not yet a fixed thing. We're on a path to 5G. But back to the reasoning, or at least the way I view 5G. For us, in its mature form, it will be at the top of this nation's critical infrastructure list. Why? Because 5G is not just faster data to your mobile phone, as much as some of our children might like that. It's not just that. Yes, it will be that in some cases. It's also more device density will be supported. Why is that important? It's not because just there'll be more humans with multiple devices. There will be machines talking to machines, devices talking to devices enabled by 5G, and there'll be a whole range of new applications because the latency, the speed of signal travelling and returning will be lower and guaranteed. That will see a whole range of new industrial and applications, some of which we probably have not yet foreseen. Because of that, 5G will be critically important in this country. The way I also view it, because everyone will be so reliant on it, if it's not there, availability, if it's impacted in some way, it will impact industrial applications and machines talking to machines, which will have consequences, real world consequences potentially, on our society. Elements of the power grid may not work, water supply, sewerage pumps may not work. It has the potential to impact our country greatly. So, top of our critical infrastructure list, for the reasons I've explained, then it comes down to what are we concerned about, and I've just said that. We're concerned primarily about the availability because it's going to be top critical infrastructure. We want it to be available. Security has always been about confidentiality, integrity and availability. And yes, in the mobile phone networks that we currently know today, yes, government agencies do care about the privacy of your communications. That's not our concern with 5G. It's the availability piece. What does that look like? So, if it's disrupted by a nation-state, that's a bad day because of the impact I've just mentioned. So, high-risk vendors for us are categorised as vendors that actually have headquarters in countries where those countries have capability, form and intent and coercive laws that compel their companies to cooperate on matters of national intelligence. I do not have a coercive power that allows me to go to an Australian company and say, you must do this and you must keep it secret, and this being something overseas to help me do signals intelligence. I can't do that. So, when we have countries that have coercive powers that operate outside of their own sovereign borders and that country has capability, form and intent, those vendors will fall into the category of high risk. We worked hard in ASD with other agencies to look at what yes would look like. In the end, I concluded that yes wasn't acceptable, but the decision was taken by government and I think it's the right decision that has been made. Now, we're watching sort of play out similar decisions being taken in the capitals of other five-eyes countries. For example, in Britain, there's been some reporting to the effect that Britain may not take the same decision, may not take the same decision that Australia did, although I think that there's a process that they're going through. What about the United States? Because I also asked the Foreign Minister on this stage about that infamous tweet by President Trump where he seemed to offer an olive branch towards Beijing in relation to Huawei in the middle of these trade negotiations and he said, I want the United States to win through competition, not by blocking out currently more advanced technologies. And a lot of commentators read that as a signal that maybe if Xi Jinping played ball, then perhaps there's a possibility of the President overturning any decisions taken on 5G. And I guess it would be awkward for Australia, wouldn't it, if the United States were to take that position on 5G after we had taken our decision. Of course, we're both sovereign governments, but still given the relationship that would be very awkward. Can I ask you from your interactions with US officials, how confident are you that in that decision that they'll maintain a similar decision to ours? Firstly, I would say I think that was a great aspiration of the US President, the notion that you will win on your merits rather than taking some forceful actions is a pretty damn good one. When it comes to sovereign nations, it's a matter for every country to make a decision on how they manage their risk. It's a question of risk appetite when it comes to critical infrastructure. It's for sovereign nations. If the US made a completely different decision to Australia, that doesn't matter because Australia has made its own decision based on our own risk appetite and that's the way it should be. This is a thing that sits inside our country, it impacts our country and risk appetites are decision for governments of sovereign nations. All right, let me ask you another Trump-related question if I can and it's an offensive cyber-related question too. I think by this point, Russian interference in the 2016 presidential election is pretty well documented by US intelligence agencies and many other observers and over the weekend, the special counsel, Mr Muller, added his voice to theirs and he talked about or at least the summary of the report that we have seen talks about Russia attempting to influence those elections both through disinformation and social media operations but also through offensive cyber. As a fellow professional, what would you say about the effectiveness of Russia's attempts to interfere in the US presidential election? That's a great question. I'm sorely tempted to say I look forward to your next question. I'm not sure I can comment on that. Did it have an outcome? If they were successful, were they successful? I think only the American people can be a judge of that. There is no doubt that in this connected world, cyberspace gives opportunities for nations who might want to do nefarious things or use it to disrupt counterterrorism, for example, that gives a world of opportunity and foreign interference through amplifying or disaffecting people may or may not be an effective tool. The strength, so really again, I come back to it as a question for the American people whether that's had an impact or not. Having said that, I would say in our democracy, the ability for us, the freedom of speech and what we say and how we debate things is actually a positive and even if someone is sending out bad messages and trying to push people, the way you counter that is actually have a good robust conversation in society. That's a good thing. What about how democracies should respond when our adversary is trying to meddle in our affairs? There's been a lot of discussion about how the Obama administration reacted to the early indications, the early advice they were getting about the Russian operations and there's reporting that President Obama looked President Putin in the eye and told him to cease and desist, but there's also been a lot of criticism that more robust countermeasures weren't taken by the United States. For example, people have written about exposing ill-gotten gains of the Russian leadership or making some of those ill-gotten gains disappear. What's the value of deterrence in stopping our adversaries, not just exposing them, but actually showing them that we will impose a cost on them if they continue with this action, which is deleterious to our interests? Sure. Again, that's how long is a piece of string. If you have clear evidence that a nation is interfering in your country, then of course you should have that conversation with them. Interestingly, in this conversation in cyberspace, whenever there's something that cyber-enabled people go straight to, there should be a cyber response. Cyber does not beget cyber. If you have evidence that a nation is interfered in your country, then you have the full range of the state in response. What that looks like depends on what you're seeing happening to you, the evidence you have and then actually what you need to do about it. All right, let me ask you one or two more questions and then I'm going to go to the audience, so please get your questions ready and put your hand up as quickly as you can so I can come to as many people as possible. Let me finish by asking this section of the event by just asking you about Christchurch, about those awful events 10 days ago or so. What has been the role of ASD in the Australian intelligence community in the response to Christchurch and is there any truth to the allegation or the suggestion that you've seen reported for example that Western intelligence agencies have taken their eye off the ball in relation to far right-wing extremism because they're so focused on other forms of extremism? Firstly, let me obviously say like all of you how horrific those events were in Christchurch. Obviously my condolences to the people of New Zealand, the victims and their families. I think the New Zealand community response has been nothing short of impressive but what a terrible thing to happen. I can confirm for you that on that Friday when that individual was deemed a threat to security because none of us knew about him beforehand. I sought my Minister's authorisation and since that time we have been supporting ASIO and our New Zealand counterparts in investigations about what we know, what other further elements of that. Obviously that's subject to ongoing investigations which I won't speak of here. New Zealand government has announced a Royal Commission and that's right for them to do so. No further comment on that. In terms of the other part of your question though, violent extremism regardless of the ideological cause is always going to be taken seriously and of great interest to the Australian law enforcement and security agencies. In fact there is actually the Director-General of Security has said that we've actually been looking at that for some time. There is a court case underway for a matter that happened in 2016. I won't comment any further so the notion that we've been focused over there and not over here there's a live court case going on at the moment. It's actually extremist related and the rest I'd suggest you ask Duncan Lewis when you're next have him on stage. Alright we'll get him next week. Alright ladies and gentlemen we've got about 10 or 15 minutes to ask for questions so what that means is that people need to keep their questions very short. I'm not going to allow people to make statements or speeches. I'm interested in short sharp questions that can elicit a good response from the DG. So please raise your hand if you'd like to ask a question. I've seen a couple of questions from journalists and I'll take those but I want to take some questions from non journalists as well. I saw Deborah Snow first. Deborah if if if questions can wait for the microphone thank you. Sure. Okay thanks very much for the speech and the Q&A so far has been really interesting. Just don't Christ Church. Was there anything that could have been done perhaps did you see any role for an organisation like yours in trying to stop that perpetrator broadcasting his actions live on social media or having seen that done would that now be a priority for an organisation like yours to make sure but that couldn't happen again and just extending that slightly more broadly. How satisfying are you with the responses of the big tech companies to the challenges that this has thrown up? Excellent question. So my organisation is a foreign intelligence organisation so any role I play in there has to be the foreign end of that and as I explained we did have a role after the event and we do have a role after the event. In terms of the elements of social media companies or the ability of you stop something being broadcast yes it's true our offensive cyber capability could be used to do things like that as in stop a broadcast but that would not likely be the first port of call when that's happening and that's why I think it's right the government has approached the social media companies and said just like we do in our print media or our television media the internet should be no different in terms of there are obligations on those service providers to make sure it's safe I think that's the right way of doing it not going straight to let's unleash ASD to take down on some video streaming thing that's probably not the right way to go we need the help of the social media companies in terms of their response so far I'm not fully briefed on where we're up to on that that's not my lane in the road for obvious reasons but I think the question and the call for help and expectation of the social media companies by our government is the right one most definitely. So Jamie, Jamie Smith from the Financial Times. Good afternoon just on the Huawei ban question and you say it doesn't matter if the US or the UK you know don't ban it but does it not have implications for the Five Eyes Network in terms of future cooperation if they're using different types of kit would that not open up Australia to having problems in terms of cooperating? No again because it's each nation will make its own decision based on its risk appetite yes come back to my point around here in Australia it's about the availability if there was some reason I was worried about another country's availability of infrastructure that was actually in Australia's interests maybe you'd have a concern but no because it's actually this is about Australia's risk appetite I can assure you our differences of opinion which we will have from time to time and we've had in the past don't impact our mutual recognised need that we are far better as a result of our power to cooperate it's happened since the end of the Second World War we've seen the benefit of that time and time again and even differences on how we manage this particular risk will not actually fracture or damage our relationship at all at least from my perspective. Paul Mayly from the Australian. Hello Mike thank you for the speech. In February it was revealed that Parliament House and the major parties had been the target of I think quite a sophisticated hack that was attributed to or it was believed was the work of a foreign state actor I wonder if you could just update us on that have we identified have you identified who was responsible for that hack and if so can you tell us who it was? All I can say Paul is the investigation continues yes you are correct we did say it was a sophisticated nation state for reasons that you know when we do this work when we're hacking overseas for foreign intelligence purposes we work extremely hard and use tradecraft that says we will not be detected and if our activity was detected you could not prove it was Australia when you're coming up against this sophisticated nation state they do the same thing we still have an investigation underway. Yes sir in the front row if you could just wait for the microphone sir. Thanks very much Mike Turek talk I really liked your comments about culture a kind of bottom-up approach you get a job in business anytime you just spoke about legal and ethical frameworks and critical turning good culture is the ethical framework could you make some comment about that and how it's applied within your organisation? Yeah thank you it's a great question so for us culture and leadership are kind of tied good leadership can bring the culture but the other thing that guides us is our values rules guide us when people are watching values guide us when they're not so we work hard on the terms of our selection our leadership and our interactions with our team and expectations of them to make sure our values are right our values are very powerful that's a winning combination when you have people who you know strive for excellence they understand the you know what belonging to a great team because it's partnerships and teamwork that gets anything done they you know the audacious in concept because we do really hard things but actually the meticulous and execution delivers in spades we have an organisation that is actually incredibly focused on doing the right thing by the public and being lawful that's an excellent part of our culture born out of our values we put a lot of effort focusing on that. I saw a question from Angus Greig. Can I just follow up on Paul's question if you do identify the sophisticated state actor would you expect to name them? Thanks for the question yes let's have this conversation about attribution so the Australian government has done attribution before and China Russia Iran have all been called out in previous times we should not assume from that though that every time we determine who it is that actually they would be called out publicly it's always a matter for government depending on the circumstance actually how we take the next step and what we do about that once we know who it is so I can't answer that question at this point in time whether we would call them out or not and actually that would be a matter for government on advice from the agencies but I would want to leave you with the message that we should not assume every time we understand who it is that we would call them out publicly remember calling them out publicly is done for a reason not just to have the satisfaction of putting it into the press but it's done as part of a strategy to say some behaviour is unacceptable attribution publicly is not one way of always getting that message across. Yes sir. Thank you Mike George Potapas from Telstra Security just a question related to availability of services and in resilience in moving forward in the new world I read about an exercise in Russia of all places where they disconnected the whole country and ran an exercise in terms of seeing if the organisation can still operate are there any similar initiatives I guess at our national level thoughts about how we can test and prepare our larger organisations in terms of resilience and availability of services at that level. Sure thank you for your question absolutely organisations governments do need to exercise it's something we take seriously if you've not exercised the first time you're going to try yourself is actually when something bad happens so exercising is really important. I wouldn't necessarily agree to the Russian approach of let's disconnect Australia from the internet and see how we go that would be a bit of a crisis exercise on many levels but the your point is valid and yes we should all focus on making sure we're ready and we match fit for the day that something bad happens. Mike I might ask you the last question given really about the audacity of concept that ASD prides itself on and I want to ask you about the targeting process for ASD. Obviously a few years ago we all recall there were a lot of stories about Australian intelligence officials having access to the mobile phone of the wife of the Indonesian president and there was a big discussion then about protocols about between Australia and Indonesia in that period and more broadly over the last 10 or 15 years of course Australia's foreign circumstances have changed and in particular there's one country China that is looming ever larger both as an opportunity and a challenge for us so how does that flow through to the kind of targeting that ASD operates? Certainly so our again foreign intelligence agency so our intelligence priorities are set by the national security of committee cabinet and that's coordinated through Nick Warner's office of national intelligence so everything we do is guided by those intelligence priorities set on us that directs where we go it's the government's need of the day depending on our strategic circumstance and the need of government it works very effectively. It works very effectively and in what direction does it tend to move? So you'd appreciate there's some things that we don't talk about because the priorities themselves are classified but you would not be surprised that when it comes to threat to life that is a top focus and priority for government and the agencies so countering terrorism or supporting military operations supporting the warfighter they will always be at the top of our list and our resources where we apply our resources are very much focused on those ones so anything threat to life if an Australian was kidnapped offshore and the authorization was in place we would work to provide foreign signals intelligence to try and get the safe return of that Australian that's a given the other priorities are guided by strategic circumstances some of them may be obvious some of them not but I can't talk about them in this forum. There's always got to be a little bit of mystery of course when an intelligence official speaks ladies and gentlemen I think Mike Burgess has been very good humid actually and very open in answering my questions and your questions and I think that's all to the good it was a very interesting speech I noticed he made that comment about sometimes when ASD is involved in an offensive cyber operation you don't have to blow up a computer you can just make sure that it doesn't work at a certain time that often happens to me in my experience so so so now I know now I know who to blame some of you might have seen last year at the Aspen security conference Mike and some of his counterparts from other five eyes countries not that they're coordinating in any in any visible way but anyway they they did an event on stage and Mike talked about moving from admiring the problem to tackling the problem and I think today he has he has filled in the picture for us a lot about how ASD tackles some of the problems like your agency and thank you so thank you for that Mike and also thank you for taking the questions like your agency I might say you're a great listener you're also you're also a good a good talker let me thank let me thank everybody in the audience let me give you one quick ad and that is tomorrow night on this stage I'll be having a conversation with Stephen Hadley one of the most respected foreign policy voices in Washington and the national security advisor to the last republican president there's still a few tickets to that so please register now but for the moment ladies and gentlemen thank you for coming and most importantly thank you very much to the director general of the Australian Signals Intelligence Signals Director at Mike Burgess