Why Australia's cyber spy agency has stepped up its government surveillance

The Australian Signals Directorate (ASD) is using increasingly complex intelligence to hunt cyber breaches in other agency computer systems, including those that hold swathes of personal information about citizens.

Only 35 per cent of agencies that participated in the ASD's 2025 posture survey reported at least half their cyber security incidents in the year prior, a report tabled in late February revealed.

The powerful and secretive cyber spy agency had its funding increased by a record $10 billion in 2022, which saw its workforce nearly double to over 4000 staff in mid-2025.

A spokesperson for ASD said the major funding boost had increased the directorate's ability to protect government data.

ASD notified government entities of potential malicious cyber activity 223 times last year. Its notifications to Australian entities overall increased 85 per cent from the year prior.

The University of NSW's cyber security school head, Debi Ashenden, said that though low reporting rates were concerning, a ramp-up in ASD surveillance was the right approach to an increasingly dangerous cyberspace.

"[Attacks on Australia's cyber security] are no longer a case of 'if'. They are a case of 'when'. That moves the conversation. It's not enough now to just protect. We have to make our systems resilient," she said.

Professor Ashenden believed all government organisations care about data security, but many did not have the right knowledge or computer infrastructure to properly respond.

"If you're going to be resilient, you can't do it in silos. It's a question of how you map dependencies across departments."

"ASD has the ability to be far more aware of the threatened environment than the average person, organisation, or even other government departments. That is a good thing," Professor Ashenden said.

But other academics in the cyber industry, speaking anonymously, told The Canberra Times they were worried about sensitive personal data being shared widely across government.

"It's always a trade-off. It comes down to how you have a conversation to ensure both sides are comfortable," Professor Ashenden said, adding that more surveillance ultimately made private information safer.

The ASD has, in recent years, hardened its guidelines for other departments, which often require major technology updates to reach.

In February, the agency released an open source testing and analysis portal, which allows agencies to upload their files and scan for malicious content. Known as Azul, the tool is designed to cut down work time for malware analysts.