The year saw 2164 incidents of different levels of significance, the report says, adding that the Parliament breach "saw the ACSC [Australian Cyber Security Centre] operate at a heightened state of activity to provide advice and assistance to Australia's major political parties and government agencies after they were targeted by a sophisticated state-sponsored actor".
Since July 2018, the ASD has become a statutory agency under the Department of Defence and the ACSC operates as part of the ASD.
Forty percent of the other incidents reported were low-level malicious attacks, including "targeted reconnaissance, phishing emails and non-sensitive data loss". About a quarter of these incidents were reported to the ACSC by the public.
The ACSC has also opened a Critical Infrastructure Lab to increase the awareness of security issues in critical infrastructure and research best practice in system configuration.
The report also made mention of the ban on Chinese telecommunications vendor Huawei Technologies from participating in the rollout of 5G networks in Australia, though it did not mention the company by name.
"In consultation with operators and vendors, ASD worked to see if there were ways to protect Australia's 5G networks if high-risk vendor equipment was present anywhere in these networks," the report said.
"The review concluded that persistent and legitimate access to 5G networks by high-risk vendors – who are likely to be subject to extrajudicial directions from a foreign government that conflict
with Australian law – no matter how tightly controlled, will provide hostile intelligence services with an enduring presence in the network.
"This could be leveraged to undermine the confidentiality, integrity and availability of our networks." The ban was announced in August last year.
The ASD said it had incurred a deficit of $31.3 million for the 2018-19 year, but when adjusted for depreciation, this turned into a surplus of $28.7 million.
During the year, Mike Burgess, the first head of ASD, moved to head the ASIO. Lieutenant-General John Frewen has been acting director-general of the ASD after Burgess moved on.
Last year, News Corporation reported that there was a discussion within government circles to extend the role of the ASD and have it also conduct surveillance on Australians. At the moment, the organisation's functions under the Intelligence Services Act of 2001 are to:
- collect foreign signals intelligence;
- communicate foreign signals intelligence;
- prevent and disrupt offshore cyber-enabled crime;
- provide cyber security advice and assistance to Australian Governments, businesses and individuals;
- support military operations;
- protect the specialised tools ASD uses to fulfil its functions; and
- co-operate with and assist the national security community's performance of its functions.
The ASD made no mention of any planned expansion of its functions in the report.
The report said ASD had 1775 full-time employees at the end of the financial year and an attrition rate of 8.3%. During the year, it paid $2.42 million to consultants while the director-general received a total of $685,286 in salary for the year.