In a recent interview for 7NEWS Australia I discussed the escalating cyber threats facing Australia, why the People's Republic of China remains our most significant cyber rival, and what Australians — businesses and individuals alike — must do right now. Drawing on my five years as Director‑General of the Australian Signals Directorate (ASD), this report explains the technical and strategic issues behind the headlines and sets out clear actions to reduce risk.
Table of Contents
- Snapshot: what you need to know
- From codebreaker to cyber policy: my perspective
- Red Spice: building offensive and defensive muscle
- What is Salt Typhoon — and why it matters
- Why the private sector must act now
- Global scale: China’s cyber effort dwarfs others
- Intelligence sharing: Five Eyes remains central
- Other threats: Iran, Russia, dark web and social cohesion
- Russia, Ukraine and the role of deterrence
- Cyber threats to individuals: AI and everyday scams
- ASD’s role in defence and the broader funding debate
- Closing thoughts — action over indifference
- FAQ
- Further reading and resources
Snapshot: what you need to know
- ASD and Five Eyes partners have publicly attributed a campaign labelled "Salt Typhoon" to Chinese state‑linked actors; that actor has been observed operating in Australia.
- Salt Typhoon targets telecommunications providers and other critical networks, enabling global tracking of communications and potentially disruptive or destructive operations.
- Australia has invested heavily in ASD through the Red Spice program — billions of dollars to double ASD's size and massively expand offensive cyber capability — but the private sector must act now to find and remove intruders.
- Other threats persist — Iran, Russia and North Korea continue to pose cyber risks, while AI is already lowering the bar for cyber criminals who target everyday Australians.
From codebreaker to cyber policy: my perspective
My own career began in cryptanalysis and evolved into leading ASD. I was recruited as a code breaker in the mid‑1990s and later led the organisation as Director‑General. That history matters: ASD was born from signals intelligence during World War II and remains tightly linked to Australia’s war‑fighting capability.
Red Spice: building offensive and defensive muscle
Red Spice is the near‑$10 billion package (now extended into the $12–$13 billion range) that is reshaping ASD: doubling the organisation, creating major hubs in Brisbane, Melbourne, Perth and Canberra, and tripling offensive cyber capabilities. That investment recognises that intelligence and cyber operations are central to modern defence.
"It is tripling ASD's offensive cyber capabilities, which is so important in this day and age, especially for the deterrence impact that that can have."
What is Salt Typhoon — and why it matters
Salt Typhoon is a sophisticated campaign attributed to parts of the PRC apparatus — the People's Liberation Army, the Ministry of State Security and several private Chinese firms. Its primary focus has been telecommunications operators, including systems that carry military communications.
In practical terms the actor gains access to routers and edge devices. That access can be used to:
- track individuals globally via their service provider;
- intercept communications;
- reroute or deny traffic, causing outages for businesses or whole communities;
- implant dormant malware (a technique sometimes referenced as "Vault Typhoon") designed to be triggered later to damage critical infrastructure.
The potential impact is real. If an actor remains in a telco network it could reroute traffic or, in a conflict, shut down services. That hypothetical — Telstra or Optus being denied service — would cause immediate and serious societal disruption.
Why the private sector must act now
The extraordinary part of ASD’s advisory was the clear statement that Salt Typhoon has been observed in Australia. Most critical infrastructure in Australia is privately owned: ASD provides detailed, technical guidance to find and remove this actor, but the work must be done by network owners and operators.
My blunt message to corporate Australia: don’t assume it won't happen to you. If the actor is in one telco, one critical provider, the national consequences are significant.
Global scale: China’s cyber effort dwarfs others
To put this in perspective, US and allied officials have noted the PRC fields a hacking program larger than every major nation combined. The scale complicates defence: even concentrating all FBI cyber resources on China would leave adversary numbers vastly greater.
Intelligence sharing: Five Eyes remains central
Relationships with the United States, UK, Canada and New Zealand are foundational and deep — born from signals intelligence cooperation in World War II. These links are not merely transactional; they are people‑to‑people, operational and technical partnerships that enable rapid attribution and coordinated action.
"These are profound relationships that go back 80 years ... deep exchange on technical capabilities that we build jointly."
Other threats: Iran, Russia, dark web and social cohesion
Cyber is only one front. ASIO and AFP action linking Iran to violent acts in Australia showed hostile interference can quickly move from cyberspace to the physical world. Iran, North Korea and Russia also pose cyber threats, but no country currently matches the PRC in scale and scope.
The dark web amplifies risks: malware, ransomware‑as‑a‑service and hateful content circulate in a lawless environment. That distribution network can radicalise or empower people to commit violent acts, undermining social cohesion.
Russia, Ukraine and the role of deterrence
Early in the Ukraine war many expected large destructive cyber operations from Russia. In practice much activity fell into information operations — misinformation and disinformation — rather than outright mass destructive cyber strikes. That restraint suggests deterrence and the prospect of reciprocal costs are factors shaping adversary choices.
Cyber threats to individuals: AI and everyday scams
Most Australians will encounter cybercrime in everyday ways: bank fraud, invoice fraud and impersonation. AI now makes scams more convincing — fake invoices, deepfake voices and realistic phishing messages.
Simple hygiene reduces risk. My recommendations for individuals:
- Use unique, strong passphrases and a password manager where possible.
- Patch devices promptly — when your device offers an update, apply it now.
- Verify changes to payment details by calling the vendor on a known phone number before transferring money.
- Enable multi‑factor authentication on sensitive accounts.
ASD’s role in defence and the broader funding debate
ASD’s remit is both intelligence and war‑fighting support. Red Spice is a major bet on cyber capability. While debate about overall defence funding continues, the investment reflects recognition that signals intelligence, cyber defence and offensive cyber options are now core to national security.
Closing thoughts — action over indifference
I remain optimistic. The fact our allies and ASD can find, attribute and advise on Salt Typhoon demonstrates capability and cooperation. The biggest threat now is indifference: reading warnings but failing to act.
Whether you run a telco, a hospital network or home Wi‑Fi, basic steps taken today make national impact. Follow the technical guidance ASD and our partners publish; prioritise remediation; and keep cyber hygiene simple, consistent and routine.
FAQ
Q: What exactly is Salt Typhoon?
A: Salt Typhoon is a name given by intelligence partners to a campaign attributed to Chinese state‑linked entities that targets telecommunications and critical infrastructure networks to collect intelligence, track targets globally, and potentially disrupt or destroy services.
Q: Has Salt Typhoon been observed in Australia?
A: Yes. ASD and Five Eyes partners publicly stated that Salt Typhoon activity has been observed in Australia. That makes this an immediate call to action for network owners and operators.
Q: Could a telco be shut down by these actors?
A: It’s technically possible. Actors with access to routing and edge devices can reroute traffic or deny service. That’s why early detection and removal are critical.
Q: How serious is the Chinese cyber threat compared with others?
A: The PRC fields a cyber effort larger than every major nation combined and represents the single largest cyber threat to Australia today.
Q: What should individuals do to stay safe?
A: Use unique passphrases, patch devices promptly, enable multi‑factor authentication, verify payment details by phone, and be cautious with unsolicited links or attachments. These simple steps prevent many common scams.
Q: Is ASD primarily defensive or offensive?
A: ASD has three legal functions: foreign intelligence collection (including hacking), national cybersecurity advice, and authorised offensive cyber operations. Red Spice boosts both defensive resilience and offensive capability for deterrence.
Further reading and resources
- Follow ASD advisories and technical guidance for organisations responsible for critical infrastructure.
- Consult the Australian Cyber Security Centre (ACSC) for updates on vulnerabilities and mitigation steps.
- Use eSafety resources and guidance on reducing online harms and protecting children from dangerous content.
If you’re responsible for network security: act on the advisory now. If you’re an everyday Australian: tighten your passwords, patch devices and double‑check invoices before you pay. Small actions add up to national resilience.
