Blood will flow in the streets, human entrails will adorn our flagpoles, and zombies are on the way to eat our brains, according to one of the architects of fortress Australia.

As well as promising cyber jihadist attacks, former Australian Security and Intelligence Organisation (ASIO) boss David Irvine, whose credits include long advocacy for the data retention regime that was enacted by the government this year, also told the country our “cyber maturity” has slipped.

Actually, it hasn't, in spite of the hyperventilation that a superannuated spook should warn us about “terrorists” developing “destructive attack capabilities in the near term”.

Irvine was launching this document by the Australian Strategic Policy Institute, which has been widely – and wildly inaccurately – cited as saying that Australia's cyber security is slipping.

It's not, it's just that the breathless community of national security reporters didn't bother to read the report (which is probably worth its weight in cybers, given the woeful inadequacy of political and administrative clue in Canberra).

Australia's score in the Australian Strategic Policy Institute's Cyber maturity in the Asia-Pacific Region 2015 rankings rose slightly between 2014 and 2015; so did some other countries, three of them slightly further than Australia's.

In other words, if you accept the basis of the ASPI's assessment, Australia gained slightly in its cyber maturity, as did every country on the list except North Korea, Myanmar and Papua New Guinea.

The change in Australia's readiness, a score-improvement of 4.1 was pretty close to the average for all the nations that are present in both the 2014 and 2015 assessments (score change of 3.9), and similar to Indonesia, India, and the United States.

Here, however, is the stinger: in spite of Irvine's apocalyptic vision (which The Register has heard from natsec types ever since Richard Clarke told the world planes were about to drop out of the sky ... in 2001) doesn't speak to the actual content of the ASPI report.

The report is an assessment of policy, administrative, and to a degree, enforcement arrangements. To quote from the report:

“‘Maturity’ in this context is demonstrated by the presence, effective implementation and operation of cyber-related structures, policies, legislation and organisations. These cyber indicators cover whole-of-government policy and legislative structures, responses to financial crime, military organisation, business and digital economic strength, and levels of cyber social awareness.”

The ASPI document is a policy document; that's its purpose and value. It's not a technical assessment – it does not, for example, tell us how hard it would be to get from an iPhone in Syria to an electricity generator's control system at the thermal coal plant in bucolic Wallerawang. ®