The Australian Cyber Security Centre is located within the nation's intelligence agency, the Australian Signals Directorate.(ABC News: Mark Moore)
One call every 10 minutes
Based in the Australian Signals Directorate, the country's intelligence and security agency, the ACSC was set up in 2014 and leads Government efforts to improve Australia's security online.
In the watch room, someone is always on deck — but we can't tell you their names or show you their faces.
Five teams work an unusual schedule of shifts: two days, two nights, and then a few days off. And there's an order to things. A handover in the early hours of the day, a daily briefing for the executive and continuous triaging of the incidents that come their way.
They try to keep on top of all the ways Australians may be targeted online, as well as working with staff from the Australian Federal Police and the Australian Criminal Intelligence Commission.
Their information may come from public sources like online forums following the activities of hackers and criminal groups, from the briefings of security partners overseas, or calls from local businesses to the hotline.
All this allows the team to make "the best picture that they possibly can", Ms Bradshaw said, of cyber-criminal tradecraft and tactics, as well as spotting where vulnerabilities may emerge across industries and the country.
Overall, the team handles hundreds of daily communications from partners and industry, as well as a new cybercrime report every 10 minutes on average.
And each day, the centre identifies and responds to multiple security incidents.
That could be reports of scanning and reconnaissance activity, when attackers look for unguarded ways to access a network, such as passwords that have never changed from the factory setting.
Then there could be phishing activity — emails or text messages that encourage people to click a link or open an attachment, allowing an attacker to get their first foothold on the network.
The COVID-19 threat
The COVID-19 pandemic has been a busy time for the ACSC. The past few months have been marked by an uptick in cybercrime, and even warnings from the Australian Government directed at nations who were using the upheaval to hack healthcare companies.
The massive, nationwide shift to working from home brought new security challenges. Fear and confusion also offered an opportunity to exploit.
It was in late March and early April that analysts started to spot COVID-19-themed websites designed to support phishing campaigns, seeking to steal personal details or install malware.
Commander Chris Goldsmid oversees cybercrime operations with the Australian Federal Police.(ABC News: Mark Moore)
"We've seen COVID 19 themed phishing campaigns trying to attract people to click a link related to … government stimulus measures [and] COVID-19 testing," said Commander Chris Goldsmid, who leads cybercrime operations for the AFP.
In response, the ACSC identified IP addresses associated with the scam websites and handed them over to law enforcement. They also asked telecommunication companies to block certain IP addresses as they popped up.
Coronavirus-related scams appear to have tailed off somewhat for now. But before COVID-19, it was bushfire scams. And next month, it will be something else.
Attribution — identifying the attacker — is notoriously complicated by the fact that both criminals and nation states often use the same tools.
And it all goes on and on because, in the words of one watch room officer, "people keep clicking the link".
Bringing Australia's cybersecurity up to scratch
While the watch room tries to keep on top of online threats, Australia's overall preparedness for malicious internet activity or even cyberwarfare is hotly debated.
"There's a constant game or constant pattern of attack, defend, attack, defend," said Lesley Seebeck, chief executive of the Cyber Institute at the Australian National University
In her view, we must ensure cybersecurity does not become defined as only a question of national security, but also one of protecting civilians and business.
"We need to be able to give people, individuals, the tools they need to look after themselves," she said.
A Department of Defence review, recently obtained by the ABC , suggested Australia was unprepared for cyberwarfare, among other threats. And regular audits of the cybersecurity preparedness of government departments shows they need improvement .
In fact, the Commonwealth Cyber Security Posture in 2019 report , prepared by the ACSC, found that most Commonwealth entities had only "ad hoc" or "developing" compliance with the government cybersecurity mitigation framework.
In the Australian Cyber Security Centre, analysts war game out attacks on a town's infrastructure.(ABC News: Mark Moore)
Australia's new and much-anticipated four-year cyber security strategy is overdue, but the Government recently announced $1.35 billion in funding allocation to beef up Australia's online security, including $470 million for 500 new jobs at the Australian Signals Directorate.
But given Australia's skill shortage in this area, Peter Coroneos, international vice president of Cybersecurity Advisors Network, assessed that goal as "very difficult".
"Where do you pull 500 cyber experts out of nowhere?" he asked.
Ms Bradshaw acknowledged that getting these new employees through the door is one of her biggest challenges.
"You might be part of a team that's pulling apart a piece of ransomware," she said.
"Or you might be a person that's preparing really practical advice for … people at home just trying to get on with their lives online."