Plenty of cybersecurity threats are easy to understand -- vandalism, stolen data, and ransomware are all pretty obvious cases in which malicious behavior has some kind of evident payoff for the bad guys. But the one that lingers like a monster under the bed is the “advanced persistent threat“, which is when an adversary gains access to a network and then waits in the shadows.

■ Like any other monster, it’s what we don’t know that makes the advanced persistent threat scary. The attacker gains access, then bides time until deciding to do something later on. It’s the cyber equivalent of deep-cover spies like Keri Russell and Matthew Rhys in “The Americans”.

■ The head of the Australian Security Intelligence Organisation just shared an ominous warning about advanced persistent threats: “I have previously said we’re getting closer to the threshold for high-impact sabotage. Well, I regret to inform you -- we’re there now.”

■ Mike Burgess didn’t make any obfuscations about it, either: He pointed straight at China as “conducting multiple attempts to scan and penetrate critical infrastructure in Australia and other Five Eyes countries, targeting water, transport, telecommunications, and energy networks.” And he says China complains about his efforts to raise the alarm, which seems only to firm his resolve to say even more.

■ When someone with top-tier access to information and a responsibility for public safety says, “I do not think we -- and I mean all of us -- truly appreciate how disruptive, how devastating, this could be”, the rest of us need to urgently pay attention. The whole problem is that we don’t know what might be on the other side of an attack, but some adversaries see enough value to start building the scaffolding to get in.