“Then we try to reach out to the company to clarify if the media reports are true, and they don’t want to talk to us.
“Five days later, we’re still getting a very sort of sluggish engagement of trying to get them to provide data to us and deploy some of our tools… that goes for 13 days, this incident had a national impact on our country.
“Three months later, they get re-infected, and we start again. That is the sort of scenario where this legislation actually gives us the authority through [the Department of] Home Affairs more leverage [to intervene].”
Ms Noble said sometimes the ASD was forced to use its “very senior level contacts” in the government who “might know members of boards or chairs of boards to and establish trust and build a willingness to cooperate”.
“We have at times then spent nearly a week negotiating with lawyers about us even being allowed to obtain just that basic information [data from network],” she said.
The ASD boss said the threat environment in the cyber world was “definitely deteriorating“.
“To give you evidence of that, there’s been a 60 per cent increase in ransomware attacks against Australian entities between this year and last year,” she said.
“One of my US colleagues recently said that she thought there was a significant risk of catastrophic cyber attack in the United States. My contention is actually if you’re JBS, or if you’re Nine or you’re Toll Group – all very brave companies who have spoken publicly about what’s occurred on their networks – those catastrophes have already happened.”
“We see both state-based actors and also criminals operating against Australian entities. They’re motivated by a range of different imperatives. Anything from espionage to generating influence or actual interference to preparing to or actually disrupting degrading or denying services, not to mention just the pure criminal motivation of stealing money.”
Home Affairs secretary Michael Pezzullo said cyber attacks would “soon reach global pandemic proportions”.
“This has been building for about five years but it has accelerated over the course of the global pandemic,” he said.
”Basic cyber security protections will always help, but malicious actors such as cyber criminals, state-sponsored actors and state actors themselves, will defeat the best defences that firms, families and individuals can buy.
“Just as we do not rely on home security alarms and door locks to deal with serious and organised crime, we cannot leave firms, families and individuals on the field, on their own.“