So what's new about this? The ASD follows the NSA in this respect and it has been known for a long time that what it knows is private knowledge first, and public knowledge a very poor second.
Does this indicate that a leak of exploits from the ASD is forthcoming and the agency is publishing this undated document to cover its backside? One never knows.
To people who practise "access journalism" — where one paints government/official handouts in the best possible light in order to keep receiving this stream of information, often in advance of others — this kind of "news" it is certainly a matter to crow about. It would only evoke cynical laughter from a journalist.
Spy agencies would love it if people believed that they were open and dedicated only to protecting the country in which they are based. But such is very rarely the case, as has been exemplified by all the details about the NSA's blanket surveillance which was revealed by whistle-blower Edward Snowden.
There are security companies which also obtain details of vulnerabilities and then keep them secret, using them as a means to market their own wares. One such firm is Immunity, an American outfit run by ex-NSA employee Dave Aitel and bought by Cyxtera Technologies last year.
There are plenty of others who buy vulnerabilities from every grade of hacker — white hat, black hat, grey hat and even so-called blue hats — and use them to create tools for governments to break into devices. One such Australian outfit, Sydney-based Azimuth, headed by Mark Dowd, was again bought by am American company, L3 Intelligence, last year.
Doubtless the ASD has put this information online to push the myth that it is an open organisation. But then one wonders why it pushes false information – as it has done by claiming that there is no separation between the core and the radio access network when it comes to 5G.
This myth has been pedalled by the ASD's director Mike Burgess and repeated by others who parrot anything that serves their cause, two good examples being former prime minister Malcolm Turnbull and Nigel Phair, director of UNSW Canberra Cyber.
5G edge separation between the core and the radio network was demonstrated in New Zealand in 2018 by the telco Spark, using the Cisco evolved packet core and Huawei 5G NR and radio access network.
Burgess was quoted by The Australian in October last year as saying: "The distinction between core and edge collapses in 5G networks. That means that a potential threat anywhere in the network will be a threat to the whole network."
When iTWire queried this statement, the ASD claimed that Burgess was referring to "mature" and "far more capable 5G network architectures". This has also been found to be incorrect as was pointed out in a 3GPP panel discussion in September last year.
If the ASD claims to be so open, perhaps it could fess up about spreading this misinformation. Then its claims about "making Australia the safest place to connect online" would, perhaps, have a little more heft to them.