Chapter 2 Administration

2.1                   This review of administration and expenditure is the third full review of the administration and expenditure of the six intelligence agencies conducted under Section 29 of the Intelligence Services Act 2001(the Act) since the act was amended in December 2005. It is the second full review of administration and expenditure carried out by the Committee of the 42^nd Parliament. For the 2007-08 review, the Committee again looked broadly at all aspects of the administration of the agencies including re-visiting human resource management, organisational structure, security clearances and breaches, accommodation issues, workforce diversity and growth management.

2.2                   Working within the constraints of not including any classified information, this chapter reports broadly on some of the areas discussed during hearings and/or in submissions relating to the administration of the AIC agencies.

Organisation of agency structures

2.3                   Five out of the six agencies amended their organisational structures in 2007-08. These amendments were the result of recommendations made via external reviews of agency management, budget measures, refocusing of agency priorities and changing customer service needs. One agency stated that it has created two new branches, to ‘refocus’ its priorities.[1] Another agency stated that when increasing from a three to four branch structure, it had added a Senior Executive Service position to accommodate this change and guarantee a top-down approach to managing an expanding and complex customer base.[2]

2.4                   ONA reported that as a result of the transfer of staff and responsibilities from the Open Source Branch (OSB) from the Department of Foreign Affairs and Trade, the agency structure had subsequently grown.[3] ONA stated that it has developed a strategic plan to ensure the new branch is closely integrated into the agency and the AIC and that it continues to provide customers with high quality service.[4]

2.5                   ONA engaged an external consultant to review, benchmark and report on the agency’s corporate services. The consultant’s recommendations led to a ‘modest’ restructuring of this branch and the enhancement of strategic planning capabilities.[5]

2.6                   In its unclassified submission, ASIO stated that as of 1 July 2007, its organisational structure was expanded to strengthen strategic management oversight of critical work areas. This expansion resulted in the addition of eight new Senior Executive Service positions. ASIO also noted that its Executive Division was also expanded to three branches further enhancing ASIO’s governance framework in light of extensive organisation growth in preceding years.

2.7                   ASIO’s unclassified submission also reflected on the increased workload associated with counter-espionage being undertaken by the agency.[6] As a result the Counter-Espionage and Interference Division was expanded to incorporate an additional branch, Foreign Intelligence Support.[7]

2.8                   Another agency reported that it had also made significant structural changes to generate more targeted management of priorities. This is particularly relevant when the agency is faced with diminished staff surge capacity during crisis scenarios. This involved splitting two branches into smaller branches to redistribute resources and manage risk on lower priority targets. When re-structuring, the agency noted the need to establish a careful balance:

…between current intelligence, operational support, capability assessment and longer term strategic assessment.[8]

Impact on agencies of recent legislative changes

2.9                   Out of the six agencies, two reported having to accommodate legislative changes in 2007-08. In general, all agencies reiterated their commitment to ensuring that their staff are aware of legislative requirements as they relate to agency functions and operations, and that where applicable they received targeted training to ensure understanding and compliance.

2.10               Legislative amendments associated with the Telecommunications (Interception and Access) Amendment Act 2007 and the Telecommunications (Interception and Access) Amendment Act 2008 had impacted on ASIO’s functions and technical capabilities.[9] These amendments transferred provisions relating to access to telecommunications data for national security and law enforcement agencies from the Telecommunications Act 1997 to the Telecommunications (Interception and Access) Act 1979. 

2.11               In practice and taken together, the amendments give ASIO greater access and monitoring powers over telecommunications data as it relates to ASIO security functions. The 2007 amendments allow ASIO, with appropriate authorisation, prospective access to telecommunications data for up to 90 days.[10] This authorisation can however be revoked where the grounds for access no longer exist, in that they are no longer necessary for the performance of ASIO’s functions.[11]

2.12               The 2008 amendments extend ASIO’s network protection exceptions to allow them to monitor all communications within their corporate networks, for the purpose of protecting and maintaining their networks and their professional standards.[12] These amendments also clarify ASIO’s ability to intercept multiple telecommunications devices on a single named person warrant.[13] All access to telecommunications data is subject to oversight by the Inspector General of Intelligence and Security (IGIS).[14]

2.13               ASIO noted that under the ASIO Act 1979 and the Telecommunications (Interception and Access) Act 1979 it can be authorised to use special powers under warrant, including powers to intercept communications, enter and search premises, and compel persons to appear before a prescribed authority to answer questions relating to terrorism matters.[15]

2.14               ASIO’s Legal Division plays a central role in ASIO’s use of these special powers, with lawyers from this Division reviewing every warrant request prior to its consideration by the Attorney-General.[16]

2.15               DSD advised the Committee that, under section 8(1) of the Intelligence Services Act 2001, it was appropriate for the Minister for Defence to provide an updated written direction to the Director DSD specifying which DSD activities required Ministerial Authorisation - to better reflect current agency focus and priority. On 25 June 2008 the Minister for Defence issued a revised direction that updated, and more precisely defined, the circumstances in which DSD is required to seek ministerial authorisation. At the same time, the Minister also issued a new direction under 8(2) to be observed by DSD in the performance of its functions.

2.16               DSD also noted that changes were made to the declarations under sections 6 and 8 of the Defence (Special Undertakings) Act 1952 relating to the Joint Defence Facility Pine Gap. The Head of Defence Legal initiated a review of these declarations as a result of the Northern Territory Court of Criminal Appeals’ decision to quash the convictions of four protestors who broke into the Pine Gap facility.[17]

2.17               As a result of this review, and recommendations made by the Australian government Solicitor on 8 April 2008, the Minister for Defence issued new declarations - under section 6 and 8 of the Act – which specified the work conducted at Pine Gap as a special defence undertaking, and listed Pine Gap itself as prohibited area. This contemporary statement reinforced the criticality of Pine Gap to Australia and US interests, but could not entirely remove the requirement for Defence to provide potentially classified evidence in support of the declarations. To provide greater protection to classified information, the Act was amended in March 2009 to specifically declare Pine Gap as a prohibited area, and works or undertaking conducted there as a special defence undertaking. This amendment substantially reduces the risk that any classified materials will be required in evidence in any future prosecution for unlawful entry to the facility.

2.18               The Committee is satisfied that the agencies are responding adequately to changes in their relevant legislative frameworks and that they are managing any impacts through increased training and education.

Human resource management within the agencies

Management of growth

2.19               All six of the agencies under review reported moderate growth in staff levels in 2007-08. For some of the agencies, the competitive job market meant that they did not reach their growth targets and had difficulty in recruiting high calibre staff. For other agencies, this growth has placed pressure on leadership, training and human resource information systems. This led to the agencies implementing a mixture of reforms to their human resource management systems and training programs, using enhanced recruitment methods, including more sophisticated advertising campaigns, and implementing flexible working arrangements to retain existing staff.

2.20               One agency reported that it has introduced a range of reforms to recruitment practices, workforce planning and performance management. The agency stated that these reforms were undertaken with the aim of ensuring ongoing access to superior talent.[18] This agency noted that it had employed the services of recruitment consultants to develop a range of enhanced performance and career management tools to support supervisors and staff in planning over the course of their career.[19] This was also combined with improved access to information about workforce trends to allow broader planning within the agency.[20]

2.21               This agency also noted that whilst it has since resolved this issue, it had experienced a particular challenge attracting some corporate service professionals, to fill technical roles within Finance and Information Technology areas.[21]

2.22               One agency commented on the pressure that continued growth in 2007-08 has put on leadership within the agency. The agency noted that from an organisational development perspective:

…continued growth has presented the organisation with a challenge in meeting its leadership capabilities. High levels of internal promotion and workforce demographics have resulted in [the agency] having a significant proportion of young and relatively inexperienced supervisors.[22]

2.23               In response to this, the agency indicated that it has ‘invested heavily’ in staff training during 2007-08, focusing in particular on developing leadership skills of supervisors and internal governance. This issue will be addressed later in the chapter in the section on Training.[23]

2.24               Another agency reported that it has experienced significant growth as a result of a number of government-approved programs to counter terrorist activity, proliferation networks, illegal fishing and people smuggling and other security threats to Government.[24]

2.25               ASIO reported to the Committee that ‘2007-08 was the most challenging year, in recent times, for the recruitment of new staff and the retention of existing staff’[25] with the positions of Intelligence Officers and Intelligence Analysts being particularly difficult to recruit. ASIO stated that in 2007-08 it achieved a net growth in staff of 136, as against a target of 170.[26] ASIO stated it is confident it will reach its 2010-11 target of 1,860 staff.[27]

2.26               As a result of information submitted to the Committee by the Australian National Audit Office (ANAO) in relation to its audit of ASIO, the Committee questioned ASIO on some of the weaknesses that the ANAO identified in their human resource information system. These weaknesses were associated with ‘the method and processes used to download information’[28] on leave provisions for employee entitlements. As a result the ANAO was concerned that ASIO’s financial statements were inaccurate.[29]

2.27               ASIO provided evidence to the Committee that they have since devoted extra staff to addressing this issue, stating that:

We have…been working through all of the leave records for all the employees and doing an audit of those. We have a number of staff offline working solely on that project. We are at about 98 per cent of the data clean-up in terms of the existing staff and are still wrapping up a couple of final issues…we are quite confident that ANAO will not have any concerns with our HR processing and leave balances moving into the future.[30]

2.28               The Committee also heard evidence that these human resource management issues were a result of the considerable growth and commensurate corporate transition experienced by the agency over the last few years:

…what the organisation, and certainly the corporate area, is getting a far better grip on now is that it has taken a while to settle into the additional growth. It took probably some 12 to 18 months to recruit the new corporate people and then probably 12 months or so for them to settle in, to get used to the organisation.[31]

2.29               Overall the Committee is satisfied that this issue has been given requisite priority within ASIO and that they have put in place the necessary measures to address these weaknesses in their human resource information system.

Recruitment

2.30               Recruitment remained a high priority for all the agencies in 2007-08 with many agencies investing significant resources into reviewing and developing their recruitment strategies. For some of the agencies this development involved engaging the services of external recruitment/marketing consultants and for others the development occurred internally.

2.31               For the Defence agencies, recruitment remained a challenge as a result of a competitive job market and increasing workload. One of the agencies stated, that whilst it overachieved against its recruitment target, it:

manages a relatively small workforce in comparison with the scope of work it does in support of ADF operations, senior decision making and capability planning.[32]

2.32               Some agencies require specialist technical skills in order to perform their role. This specialist requirement can often present the agencies with a challenge in attracting suitable high calibre applicants. One of the agencies reported that it recruits through an Intelligence Development Program which provides recruits with a structured learning program and on-the-job training.[33] In addition, the agency stated it had updated its promotional material and advertising and instituted a new aptitude testing process. As a result of these recruitment initiatives, the agency reported a 45 per cent increase in development program applications over the agency average, since the program was inaugurated in 2003.[34]

2.33               Another agency reported that workforce planning remained a high priority in 2007-08 in order to more efficiently direct the type and level of recruitment needed to meet Government requirements. To this end, in August 2007, senior leadership within this agency developed a workforce plan to identify staff based capability gaps stemming from budget growth and predicted attrition.[35] A Strategic Recruitment Timeline was also introduced by the agency, to keep senior staff informed of the number and timing of new recruitment actions.[36] This strategy saw 131 new staff start with the agency in 2007-08, a figure which the agency stated ‘met approved growth targets for the year’.[37]

2.34               ASIO advised the Committee that it engaged the services of TMP Worldwide to assist with candidate management for ASIO’s larger recruitment campaigns. In 2007-08 ASIO extended this relationship in order to refresh and reinvigorate its marketing and advertising campaigns.[38] TMP subsequently re-developed the advertising strategy and concepts for the Surveillance Officer, Intelligence Analyst and Intelligence Officer campaigns. This strategy involved the use of radio, an increase in information available online through ASIO’s website, and a sharpened focus on selected print media and other cost effective options, including job boards, news sites, postcards and digital displays to promote job opportunities, and a more extensive use of information outlets. ASIO stated that these campaigns resulted in a ‘strong field of applicants’ and was also successful in ‘attracting applicants from a wider cross-section of the Australian community’.[39]

2.35               The overall cost of this recruitment advertising was $2.192 million, up slightly from $2.126 million in 2006-07.[40] However, ASIO stated that it expects to reduce this expenditure on advertising, as it moves forward, by relying less on print media and on other forms of electronic advertising.[41]

Workplace Diversity

Recruiting Indigenous Employees and people with disabilities

2.36               Of the six intelligence agencies, only two Defence agencies addressed these issues in their submissions to the Committee.

2.37               DIO submitted to the Committee that it participates in the National Indigenous Cadetship Project (NICP), which provides sponsorship for indigenous Australians either intending to enrol in full time tertiary studies or for those already enrolled. The Cadet is placed in Defence for each twelve week break between academic years and paid an Australian Public Service (APS) 1 salary. Upon completion of their degree, the cadets are offered permanent positions at the APS 4 level.[42]

2.38               DIO has participated in this cadetship program since 2001 and in 2007-08, sponsored two cadets, with an additional cadet scheduled to start in 2008-09.[43]

2.39               Another defence agency stated workplace diversity continues to be a priority for the organisation, and that it provides work opportunities for people with disabilities. The agency stated that it currently employs two people with a disability and that support and training are provided to both the individuals and the staff involved with them.[44]

Gender

2.40               All six of the agencies submitted data on the workforce demographics within their agencies for 2007-08. Overall the proportion of women employed by the agencies, as against men, was low in comparison with the APS average of 57.6 per cent.[45] The Defence agencies were particularly low, with percentages for the three agencies ranging from a low of 27 per cent to a high of 38 per cent.[46] Within all six of the agencies women also remain underrepresented in the Senior Executive ranks.

2.41               One of the Defence agencies submitted that its low representation of women was due to their low numbers within the ICT and Engineering fields across wider Australian industry, with females constituting only 19 per cent of all Information Technology and Engineering domestic university graduates between 2001 and 2007.[47]

2.42               ASIO and ONA reported that, of their workforce, women make up 45 per cent [48]and 47.8 per cent[49], respectively. ASIO stated that this figure represents an improving trend. However, women still remain significantly under-represented in the Senior Officer and Senior Executive ranks within ASIO.[50]

Training and Development

2.43               All agencies within the AIC reported investing heavily in training in 2007-08. Most agencies reported participating in AIC wide training programs for both new recruits and senior officers. For new recruits these programs are aimed at providing an understanding of how the AIC works collaboratively to meet intelligence needs and enhance our national security posture. Senior Officers are provided with a strategic-level understanding of how to work collaboratively to meet the government’s intelligence requirements.

2.44               The Defence agencies reported instituting a number of mandatory training requirements under the Defence Collective Agreement 2006-2009 (DeCA). Under this agreement all defence staff, including those in the intelligence agencies are required to undertake training in and maintain proficiency in Occupational Health and Safety, Fraud and Ethics Awareness, Equity and Diversity and, DeCA Awareness: your roles and responsibilities.

2.45               Employees were also provided with specialist tradecraft training courses to enhance the core skills needed within the intelligence field. Defence intelligence employees may also attend subject matter specific conferences and seminars and undertake familiarisation trips to better understand assessment targets and themes.

2.46               One of these agencies reported focusing on being able to deliver specialist training in-house rather than outsourcing to contractors. As a result of this focus 20 staff within the organisation completed a Certificate IV in Training and Assessment in 2007-08.

2.47               Another agency reported to the Committee that following an extensive period of growth and development over previous years, in 2007-08 it consolidated its analytic and corporate training program with all 32 new employees in 2007-08 attending a suite of internal, AIC and APS courses. In total this agency provided about 600 days of training to its employees in 2007-08.[51]

2.48               ASIO reported to the Committee that it established a new training branch on 1 July 2007.[52] The agency has also endorsed a new Learning and Development strategy which provides the foundation for all training course development and delivery and links training programs to business user needs. This strategy aims to allow ASIO to identify, maintain and evaluate the knowledge and skills employees need to fulfil ASIO’s vision and mission.

2.49               ASIO also reported to the Committee that it introduced a new study initiative in 2007-08 aimed at building its strategic capability and developing specific tertiary skills. As a result 13 high potential employees took the opportunity to undertake post-graduate study for up to one year on a full-time basis.[53]

2.50               Another agency reported to the Committee that it has engaged in regional capacity building efforts by providing training in tradecraft to security and intelligence agencies in our region.[54]

2.51               One agency provided evidence to the Committee that providing ‘state of the art’ training to its officers was crucial so that we are able to be measured against the higher expectations of our counterparts, stay ahead of technological developments in the field and are also able to exercise remarkable discipline and professionalism in ‘extreme circumstances’. This means the agency places:

…a great emphasis on continuous improvement and experiential training.[55]

2.52               One agency provided evidence to the Committee that it maintained concerns over meeting its high capability requirements via its current training capacity. Officers from the agency stated:

It is an ongoing battle. You cannot allow things to remain static. You have to continue to invest…just to maintain capability, and there is a further injection of funds needed if you are going to enhance that capability.[56]

2.53               The Committee notes these concerns and is mindful of the importance of providing our intelligence agencies with sufficient capability so as to effectively integrate with our partners and ensure sustainable future growth.

2.54               The Committee is satisfied that all the agencies continue to invest appropriately in training, giving it a high priority despite entering a period of budgetary consolidation and cost cutting. Indeed providing the necessary training in tradecraft, specialist skills and general public service culture is a crucial component of generating a high calibre and professional intelligence community.

Language skills

2.55               For most of the agencies within the AIC language skills remain a vital investment and a key aspect of workforce planning. Developing and sustaining effective intelligence collection and assessments, which are responsive to customer needs, means that agencies rely on having the appropriate language skills to draw upon as needed.

2.56               One agency stated that providing language training to its staff and maintaining their proficiency is recognised as a long term investment in a vital professional skill which also reinforces the relationship with our foreign partners.[57]

2.57               ASIO stated that it too continues to invest in language skills including providing:

n  Full time training in languages relevant to ASIO’s investigative work;

n  Comprehensive language training for ASIO Liaison Officers involving full time language courses with DFAT, including one-on-one tutorials, small group learning and ‘in-country’ training; and

n  Training for ASIO’s linguists to refine and enhance their skills.[58]

 

2.58               Only one of the Defence agencies requires language skills as a core component of its workforce profile, with fifty languages currently covered by the agency’s linguistic capacity.[59]

2.59               This agency meets this core skill by employing a combination of APS, military, and contract linguists. The agency submitted to the Committee that such is there requirement for language skills within the agency, no single model of employment can deliver this capability.[60] The majority of linguists however are APS or military based, with only 20 linguists employed on a contract basis. The agency stated that it plans to conduct a review of its linguist contract arrangements in 2008-09, as the current contract is due for renewal in late 2009.[61]

2.60               Another agency stated that its language skills are crucial to its analytical capacity. Overall, at 30 June 2008, 57 per cent of the organisation’s staff members were proficient in a language other than English, covering 20 languages. Within this agency, language proficiency is considered an essential requirement upon recruitment, and is encouraged further through additional remuneration and in-country experience.

Separation rates and retention strategies

Separation rates

2.61               The average separation rate across the APS for 2007-08 was 8.2 per cent.[62] Across the agencies within the AIC the separation rate ranged from a low of 7.6 per cent for ASIO to a high of 27.5 per cent for ONA. The defence agencies ranged from 9.13 per cent to a high of 16 per cent. All agencies reported to the Committee that achieving a balance between retaining staff and encouraging mobility was a constant challenge.

2.62               The Defence agencies reported to the Committee that the majority of staff separating from their agency remained within the wider Department of Defence or moved into another APS agency. All Defence agencies conduct exit surveys of staff that have separated. One agency commented that, whilst many people reported leaving due to personal reasons, such as travel or study, one of the main reasons was a perceived lack of promotional opportunities or chance at career progression.[63] However, this agency reported that it was tackling this issue through its revised Retention Management Plan. This will be dealt with later in this section.

2.63               ONA reported to the Committee a separation rate 27.5 per cent for 2007-08. This was an increase from 16.7 per cent in 2006-07. ONA submitted that it aims to maintain a separation rate of around 18 per cent so as ‘to provide a balance of continuity and change’.[64] At the hearing the Committee questioned ONA on the reasons for the spike in its separation rate. The Director-General responded stating:

…we will always have high separation rates and we actively encourage mobility in and out of the office…in the overall scheme of things, [it is] good for the organisation to have people coming and going.[65]

2.64               The Director-General then went on to attribute this spike to a re-orientation of the OSB, which ONA recently acquired from the Department of Foreign Affairs and Trade (DFAT):

I suppose there have been a couple of factors which may have affected our separation rates more recently. One is that after the Flood report we took in the Open Source Branch from DFAT. In bringing them into the office, we wanted to change the way in which they work. They were essentially a translation service and we wanted to make it into a centre of expertise for the exploitation of open source material…over a period of about two years we had close to a 90 per cent turnover in Open Source Branch.[66]

2.65               The Committee considered this situation and was satisfied that when this separation rate was attributed to ONA’s experience with turnover in the OSB it directly contributed to the organisation’s high separation rate overall for 2007-08. The Committee expects to see an improvement in this figure in coming years.

Retention strategies

2.66               The majority of the intelligence agencies indicated to the Committee that retention strategies, which aim to retain talent and critical skills within the agency, remained a key priority in 2007-08.

2.67               One of the Defence agencies reported to the Committee that it developed a formal Retention Management Plan in 2007-08. A formal reference group was set-up in February 2008 which represented a mix of organisational capabilities. This group presented a draft for senior leadership consideration in 2008-09. This draft plan proposed a number of new initiatives designed to address known separation drivers and aimed to achieve six outcomes including developing a workplace that supports flexibility, a culture of employee return, and employee-identified career paths within the organisation.

2.68               Another Defence agency stated that it employs a number of retention strategies to enhance its ability to retain critical skills in a competitive job market. Some of these include targeted secondments to broaden experience levels, health and wellbeing programs, flexible working arrangements, and additional forms of communication between management and employees to allow an upward flow of ideas.

2.69               ASIO stated in their submission to the review that they are committed to retaining high calibre staff and have a number of strategies to achieve this outcome. One of these strategies is the New Employee Support Officer Scheme. This scheme was introduced in 2007-08 to assist new starters to settle into the organisation by providing them with a support person outside the new employee’s immediate work area to provide them with informal support and guidance after commencement.[67] The New Employee Support Officer initiates contact with the new employee in their first week and follows this up with informal meetings and advice on administrative matters and other settling-in issues.

2.70               The Committee is satisfied that agencies are committed to developing and sustaining retention initiatives that allow these agencies to retain the critical skills they need by fostering a supportive and positive working environment.

Security issues

Security Clearances

2.71               The Committee heard evidence that many agencies were able to either clear their security clearance and evaluation backlog or significantly reduce processing times.

2.72               Across the Defence agencies, the average time taken by the Defence Security Authority (DSA) to process Top Secret Positive Vet (TSPV) clearances was 6.4 months.[68] It was reported to the Committee that this was a minor improvement from 6.5 months in 2006-07, although still over the targeted benchmark of six months.[69]

2.73               One agency reported that it had ceased to use outsourced providers to undertake security clearance assessments and that it had cleared its backlog of outstanding security clearance re-evaluations. Re-evaluations are required after five years of holding a TSPV clearance.[70]

2.74               ASIO once again provided the Committee with a detailed overview of its part in the security assessment process for the APS. Under Part IV of the Australian Security Intelligence Organisation Act 1979 (the ASIO Act), ASIO is responsible for providing security assessments to Commonwealth agencies.

2.75               In making their assessment, ASIO officers are required to limit the factors underpinning security assessments to grounds related to ‘security’ as is defined in the ASIO Act.[71] Within the act, ‘security’ is defined as the protection of Australia and its people from espionage, sabotage, politically motivated violence, the promotion of communal violence, attacks on Australia’s defence system and acts of foreign inference.[72] Once ASIO has provided advice to the requesting agency in relation to whether the assessment should be granted, the requesting agency then makes the determination as to whether to grant the clearance.

Visa security assessments

2.76               ASIO stated in their submission that any person applying for a visa to travel to, or remain in, Australia may have their application referred by ASIO to the Department of Immigration and Citizenship (DIAC) for a security assessment. ASIO then makes an assessment of the risk that the person’s presence in Australia would pose to security (as defined above).

2.77               ASIO reported to the Committee that it has substantially reduced the time required to process visa security assessments in 2007-08 due to a combination of factors.[73] These included ongoing improvement of processes, careful prioritisation of workloads and the implementation of phases one and two of the Next Generation Border Security initiative.[74]

2.78               This initiative has enabled a transition from paper-based to electronic processes for certain temporary visa referrals. This is known as the Security Referral Service (SRS) and, by establishing electronic connectivity between DIAC and ASIO, it delivers significant improvements in the security assessment process including an improvement in processing times.[75]

2.79               At the hearing, ASIO reported to the Committee that it continues to work to improve delivery times of visa security assessments, whilst dealing with an increasing volume of assessments:

[ASIO] continues to work with other Australian authorities, particularly the border security authorities, to improve our delivery in terms of visa security assessments and to help preserve the integrity of Australian borders…we did some 72,000 assessments last year, which were referred to us by Immigration…up by about 20,000 on the previous year.[76]

2.80               The Committee is satisfied that ASIO is working with the relevant agencies to continue to improve and streamline the visa security assessment process.

ASIO Personnel security assessments

2.81               ASIO also undertakes personnel security assessments at the request of other APS agencies to determine if an individual can have access to security classified material.

2.82               ASIO reported that in order to improve the timeliness of this service, it is working to establish direct electronic connectivity arrangements with its primary clients, including the DSA.

2.83               In relation to completing security assessments for ASIO personnel, ASIO submitted to the Committee that it endeavours to complete the TSPV vetting process within 16 weeks, but that with applicants with complex backgrounds this can take up to six months. Assessing an individual’s suitability to be granted a clearance is done according to the Protective Security Manual (PSM) and its classified supplement. Some of the measures ASIO has taken in 2007-08 to minimise the impact of this process on the timely recruitment of applicants are:

n  The creation of a Diploma of Personnel Security (Vetting) for AIC agencies in cooperation with other AIC agencies and the Canberra Institute of Technology (CIT).

n  Conducting an external review of recruitment and vetting practices to identify inefficiencies and process improvements. Implementation of the recommendations contained in the report from the review commenced in 2008 and will continue to be implemented into 2008-09.

Counter-terrorism security assessments

2.84               ASIO also carries out security assessments for government authorities requiring accreditations, primarily the AFP and AusCheck. AusCheck was established in 2007 within the Attorney-General’s Department and has responsibility for coordination and assessment of back ground checks for Aviation Security Identity Cards (ASICs) and Maritime Security Identity Cards (MSICs).[77]

2.85               ASIO reported to the Committee that it completed 89,290 counter-terrorism security checks in 2007-2008, with 99 per cent completed in less than 10 days. There were no adverse or qualified security assessments in 2007-08. ASIO stated that these assessment included:

n  70,084 security assessments for ASICs for pilots, trainee pilots, air crew, and persons requiring access to controlled areas at airports, and MSICs for sea vessel crew and persons requiring access to controlled areas at sea ports;

n  4,502 security assessments for persons requiring licences to access ammonium nitrate;

n  1,251 security assessments for staff and visitors to the Australian Nuclear Science and Technology Organisation (ANSTO) facility at Lucas Heights, Sydney; and

n  13,453 security assessments for persons requiring accreditation for special events such as the APEC forum and World Youth Day.[78]

2.86               The Committee is satisfied that ASIO is handling this assessment workload efficiently.

Breaches of security

2.87               During 2007-08 there were no security breaches reported by any of the agencies which resulted in the compromise of national security classified material.

2.88               All agencies reported to the Committee that they continue to foster and maintain very strong security cultures within their organisations. This involves providing staff with a variety of avenues through which security awareness can be reinforced throughout the agency. Many agencies have specific branches which employ security policy advisors, accreditors, and guards so as to effectively generate, sustain, and evaluate a security conscious culture.

2.89               Some agencies reported a number of internal security breaches, such as failure to comply with a clear desk policy and failure to use the appropriate storage container for TOP SECRET material.[79] Another agency reported that a mobile phone was found within their premises.[80]

2.90               One agency reported to the Committee that it had engaged a security contractor in 2007-08 to review and enhance the organisation’s internal security processes. This review delivered several outcomes including the facilitation of an organisational consultation process to define security roles and responsibilities, a planning document for reducing the complexity of existing ICT networks, and a security risk management framework to record and report security incidents.[81]

Staff surveys

2.91               All agencies conduct staff surveys annually or biennially. Those agencies who conducted their staff surveys in the review period 2007-08 reported their results to the Committee.

2.92               One agency, which conducted a survey, stated that they are:

…an important instrument for gauging workforce morale, understanding perspectives on issues relevant to staff recruitment and retention, and to assess the effectiveness of organisational leadership from the employee’s perspective.[82]

2.93               One agency reported that it achieved a survey response rate of 86 per cent, which was better than the previous two years. The agency stated that overall the survey results were very positive and indicated a high level of morale for its workforce.[83] In particular, the staff of this agency indicated that they are highly committed to the agency and believe the work they perform is important and has value. Some areas for improvement which the survey identified were managing underperformance, defining specialist career paths and generating more upward feedback within the agency.

2.94               Another agency reported to the Committee that it conducted a ‘pulse’ survey in 2007 to capture the views of staff between major biennial surveys.[84] The survey achieved a strong response rate and identified some areas for improvement.

2.95               The agency stated that when compared against national and international benchmarks, the survey results revealed that this agency remained consistently ahead across almost all the indicators of staff satisfaction. Only 6.9 per cent of staff reported that they were unsatisfied.[85] Key indicators such as staff satisfaction with the agency as a good place to work, sufficiency of effort by senior management to obtain the opinions of staff, and satisfaction with support and guidance from supervisors all improved according to the survey results for this agency.

2.96               The agency reported to the Committee that its staff were least satisfied in areas such as workload levels and recognition for work well done, although they were still improved from previous surveys.[86]

2.97               Another agency submitted that they engage external consultants every two years to conduct a staff attitudinal survey, to judge how they think the organisation is performing across a range of areas. This survey focused in particular on reviewing the efficiency of work processes, improving communication between employees and management, and monitoring the impact of changes within the agency.[87]

2.98               Overall the survey results were very positive with the agency setting a new benchmark high for senior leadership, when compared against 92 external agencies, including 23 federal agencies and 29 state and local departments.[88] Some areas identified for improvement included supervisor-employee communication, workloads, and the operation of the performance management framework.

2.99               The Committee believes that staff surveys are an important management tool and are pleased to see that all agencies use them.

Accommodation

2.100           All agencies reported to the Committee that they experienced accommodation pressure during 2007-08. Taking account of this, one agency conducted an accommodation review which sought to identify whether the current space could be re-arranged to allow for more accommodation.[89] Another agency reported that it was likely to exceed its current holdings and was preparing to conduct an accommodation feasibility study in 2008-09 to determine the best solution for its headquarters facility.[90]

2.101           Another agency reported to the Committee that it had recently moved into new facilities designed to enhance business continuity and ICT security. This move has relieved accommodation pressure within the agency.

2.102           ASIO again provided the Committee with information in relation to its new central office in Canberra. Following the Government’s decision in 2005 to increase ASIO’s capability much pressure was placed on ASIO’s existing accommodation. ASIO reported to the Committee that in the 2007-08 budget, the Government approved the development of a new purpose built facility in Canberra to house ASIO’s central office. A design concept for the new building was developed in 2007-08, which will be in keeping with the National Capital Plan, under the guidance of the National Capital Authority, and will include elements of environmentally sustainable design.

2.103           ASIO stated that the new building is designed to:

…accommodate up to 1800 people and operate 24 hours a day, with a level of security commensurate with ASIO’s intelligence functions. The building will include offices and open plan work areas, technical workshops, data centre, training areas and staff amenities.[91]

2.104           ASIO also stated that a managing contractor (Bovis Lend Lease) and project architect were appointed in September 2007 to conduct the planning phase of the project. At its hearing ASIO stated that the new building will take three and a half years to complete and that they are confident it will meet agency requirements:

We are very confident…The first sod is going to be turned around the middle of this year [2009], a June or July time frame, but an enormous amount of analysis of the requirements of the agency has gone into this. A great deal of consultation has gone into the functions and also our strategic plans in terms of what sort of technology and infrastructure we will be requiring in the future…It is a major construction project so…it will be a challenge to project manage.[92]

2.105           The Committee sought evidence from ASIO as to the initial lease arrangement for this new building and how long ASIO expects to use it as its central office:

From a construction perspective the ASIO new central office has a life span of 50 to 80 years and our involvement with the design process has been with that time horizon in mind.

ASIO (the tenant) and the Department of Finance and Deregulation (the landlord) are currently negotiating the terms of a Memorandum of Understanding which would be based broadly on the MOU for ASIO’s current central office. The details are yet to be finalised. However the critical lease term is likely to be in the order of 15 years with options to renew.[93]

2.106           The Committee is satisfied that the design and construction of the new ASIO Building is progressing. The Committee will take a keen interest in the progress of this project through updates and further reviews in the coming years.

Performance management and evaluation

2.107           All agencies within the AIC engaged in performance management and evaluation in 2007-08, both at the organisational level and at the individual employee level. All agencies submitted to the Committee that performance management, at both levels, remains a key element of strategic planning and organisational growth.

2.108           One agency reported to the Committee that as it is a customer-driven service provider agency, it employs a variety of means to collect feedback and evaluate its performance. To achieve this, evaluation sheets are distributed with each intelligence report to allow customer comment on the use, accuracy and timeliness of the reports.[94] This is combined with informal gathering of customer feedback by those within the agency in direct contact with customers.

2.109           The agency submitted that both these feedback streams are then fed into an annual evaluation process, which allows the agency to make a qualitative assessment of the value placed on the agency’s products and services by its customers.[95] The results of these evaluative processes then feed directly into operational planning and the development of strategic goals within the agency.

2.110           Another agency reported that it has an ‘ongoing program for tracking organisational performance’.[96] This includes providing customers with feedback forms with each intelligence product, regular interviews with key customers, regular liaison with customers to obtain a more in-depth understanding of their requirements and consultation visits to key agency establishments.[97]

2.111           Another agency stated to the Committee that a key aspect of assessing agency performance is by measuring its achievements against its strategic priorities. To do this the agency focuses on key outcomes, such as establishing a world-class counter-terrorism effort, and matches them with key enablers, such as developing the expertise to master our most difficult targets.[98] Success against these strategic priorities is reviewed on a quarterly basis to ensure the agency is well positioned to meet Government requirements.

2.112           At the individual employee performance level, each agency submitted to the Committee the process or framework it employs to manage and evaluate their staff. All agencies use a formal Performance Management Framework through which managers can evaluate an employee’s performance against a range of indicators. These indicators are linked with the agency business plan and to achieving its strategic priorities.

2.113           ASIO stated that it made enhancements to its Performance Management Framework in 2007-08 which included greater automation of the process and the introduction of a four point rating system.[99] This has allowed line managers to address underperformance matters in a more informal manner by working with the staff member over a defined period before being required to enter a formal underperformance assessment.[100]

2.114           Another agency reported that it implemented a new Performance Management Framework in October 2008. This was done to give the framework a clearer link with the APS Integrated Leadership System.[101]

Other issues

E-security

2.115           In the Review of Administration and Expenditure: Australian Intelligence Agencies No. 6, the Committee took particular interest in whether the agencies felt there was adequate resources behind e-security and if any of the agencies held concerns with regard to this issue.

2.116           At the hearing the Director-General of ASIO provided evidence to the Committee that effective e-security remains a challenge in a fast-paced threat environment:

The technologies for espionage expand all the time. You only have to get your head around…the whole concept of the opportunities that the internet offers… for offensive activities of an espionage or information-stealing nature and the exploitation of cyberspace and new digital information technologies. When combined with traditional espionage methods…those opportunities represent…a very significant challenge for security agencies.[102]

2.117           In 2007-08 there was a whole-of-government review of Australia’s e-security policies, programs, and capabilities.

2.118           ASIO reported to the Committee that it has contributed to the review (which was still ongoing at the end of the reporting period 2007-08). In its submission to the review, ASIO emphasised the importance of a balanced approach to e-security through the implementation of appropriate administrative and personnel policies and procedures, protective security measures, and effective e-security awareness activities.

2.119           ASIO stated that it has responded to potential threats to its IT systems by implementing several measures to mitigate risks. These included:

n  targeted ICT security education programs for ASIO staff, ICT staff and ICT contractors;

n  enhanced audit and investigation capability across ASIO ICT systems, including real-time monitoring and response;

n  an active program of ICT systems review for security vulnerabilities, and provision of remediation recommendations; and

n  provision of ICT security advice, including advice in response to general enquiries and design, development, and implementation advice to ICT projects.[103]

2.120           One agency reported to the Committee that it had completed an ‘ambitious’ technology upgrade in 2007-08.[104] This agency is now functioning with improved working conditions and utilising secure IT systems which have increased the efficiency and productivity of staff and has enhanced the timely delivery of intelligence reporting to Government.

2.121           At the hearing, Defence officials provided evidence to the Committee that as part of the Defence White Paper, a development path that would enable continued growth in intelligence collection capability and in processing and communications capabilities, has been put forward for Government consideration.[105] This development path would also include regular refreshes of IT and communications systems. Defence also gave evidence that as part of this recommendation, it has asked for its IT systems to be more fully integrated and rationalised across all three agencies.[106]

E-Passports

2.122           The Committee is also aware that electronic passports have been ‘cracked’. This has been accomplished by the following people:

n  Auckland University researcher Peter Gutmann and Jeroen van Beek in 2008; and,

n  Adam Laurie, a British security consultant cracked the UK’s biometric passport in 2007.

2.123           Whilst the Committee has no evidence that Australian e–passports have been ‘cracked’ the Committee is concerned that, due to the similarities in software used by e–passports throughout the world, Australian e–passports could be vulnerable.

2.124           The Committee sought advice from DSD about potential vulnerability of Australia’s e-passports. DSD provided a classified response that satisfied the Committee on this matter.

AIC collaboration: being effectively joined-up

2.125           At its hearing, ASIO officials provided evidence to the Committee that being ‘properly joined up’ is becoming increasingly important in a complex security environment. ASIO stated that it:

…is becoming increasingly important for…the intelligence community to be properly joined up. Terrorism has taught us that no one agency can handle the security threat. Security threats have to be handled by the government as a whole and the agencies responsible working together. That is a real challenge because you are bringing together so many different cultures. You are bringing together different legislative bases… and there is an awful lot of effort now being put into ensuring that we are effectively joined up.[107]

2.126           It is clear to the Committee that although being effectively joined up is a challenge, the agencies of the AIC are committed to generating mechanisms to ensure this collaboration occurs. In ASIO’s case in particular, the challenge has been largely centred on integrating the intelligence culture of ASIO with the investigative culture of the AFP and State Police. ASIO stated to the Committee that ‘it is a process of continuous improvement’.[108]

2.127           The Committee is also mindful that a key element in the AIC being effectively joined up is the new role of the National Security Adviser, Mr Duncan Lewis AO and the Office of National Security within the Department of Prime Minister and Cabinet. This new role and office provides a central component of Australia’s integrated national security structure.

National Security Adviser and the Office of National Security

2.128           At its hearing the Committee heard evidence that the National Security Adviser has a key responsibility to bring about a more joined-up culture within the AIC by ensuring:

…not simply that information is shared between the various elements of the intelligence community to produce a whole-of-government effort but that there is greater capability sharing between the organisations…[109]

2.129           The Committee also questioned officers from the ONA in relation to this issue and where the Office of the National Security Adviser sits with regard to their functions. The Director-General responded by stating that:

…the statutory responsibilities of ONA remain unchanged as a result of the new arrangements. The National Security Adviser has responsibility for coordination across three overlapping spheres of intelligence: the foreign intelligence sphere, security intelligence and lastly, border protection law enforcement intelligence.[110]

2.130           While ONA has responsibility for the coordination of Australia’s foreign intelligence activities and for the evaluation of the AIC’s performance against Australia’s foreign intelligence priorities and requirements, the National Security Adviser has responsibility for all spheres of Australian national security. ONA will now link in with the new national security structure, working closely at all times with the National Security Adviser.

2.131           At the hearing, the Director-General of ONA, Mr Peter Varghese, gave evidence to the Committee of how this new integrated approach will work, by stating that ONA will now:

…lock into this broader machinery which has not existed before. One way we will do that is through the setting up of a national intelligence coordination committee, which supersedes the Foreign Intelligence Coordination Committee which ONA used to chair.[111]

2.132           One issue which was brought to the Committee’s attention during the hearing was the need to resolve how ONA and the National Security Adviser will handle the two reports produced each year for the Prime Minister. One being an evaluation report, which evaluates the foreign intelligence effort and the other being a report on AIC resources. ONA has traditionally produced these reports for the Prime Minister with regard to the foreign intelligence sphere. The National Security Adviser also has responsibility for producing an evaluation and resourcing report but this report covers all three spheres of national security. At the hearing ONA stated that the most sensible way to handle this was to:

…continue to send our evaluation report directly to the Prime Minister but that it makes more sense for us to feed our resources report into the National Security Adviser, so that he can take that into account in coming up with the broader resources picture for the Government.[112]

2.133           ONA assured the Committee that whilst there has been some overlapping of responsibility, they are not overlaps which will cause a difficulty.[113]

Defence White Paper and its effect on the Defence intelligence agencies

2.134           All three Defence agencies reported to the Committee that in 2008 a significant amount of time and effort was devoted by each agency to the Defence White Paper process. This included reviewing several major projects and developing proposals for the progression of key capabilities. This support was provided by the agencies at a challenging time of sustained operational tempo.

2.135           At the hearing the Committee heard evidence that the white paper had been:

…a priority issue for the Defence intelligence agencies over the past 15 months and much work was done to map out a development path for the capabilities of the three agencies to 2030.[114]

2.136           The Committee also heard evidence that particular attention was given to the development of communication capability and the protection of Government IT networks. A comprehensive plan was developed for growing Defence intelligence capabilities, which was put forward for Government consideration.

2.137           The Committee looks forward to being briefed on the outcome of this process at a later date.

Issues raised by the IGIS

2.138           The Committee received an unclassified submission from the IGIS in which Mr Ian Carnell stated some specific concerns he had about the administrative functions of the AIC agencies.

Visa security assessments

2.139           The IGIS reported to the Committee that between 1 July 2007 and 30 June 2008, he received a total of 193 new immigration complaints. This is up from 76 in 2006-07. The IGIS stated that there are a number of causes for the increase in complaints. These include:

n  Connectivity/communications issues affecting passage of documents

n  A greater awareness of the part of migration agents and migrant networks about the right to complain to my office about such cases; and

n  >A greater propensity for visa applicants who are located overseas to lodge a complaint via email (due to the relative speed, ease and availability of this means of communication compared with other methods of communications such as post.)[115]

2.140           The IGIS stated that in order to process these complaints in a timely manner his office has established effective working relationships with the relevant areas in ASIO and also in the Commonwealth Ombudsman’s office.

2.141           The IGIS reported to the Committee that ASIO has also reallocated some of its internal resources to better service requests from the IGIS office for information on these matters, which has improved responsiveness to IGIS inquiries and provided a greater level of detail on the circumstances of each case. The IGIS stated in his submission that ASIO ‘continues to devote resources to improving its internal management of visa applications and its communications with external stakeholders’.[116]

Organisational Suitability Assessments (OSA): DIO, DSD and DIGO

2.142           The IGIS reported to the Committee that as a result of receiving a number of OSA related complaints, he commenced an inquiry into the OSA processes within DSD, DIO and DIGO on 5 June 2007 and concluded this inquiry on 15 February 2008, presenting the final report to the Minister for Defence.[117]

2.143           The IGIS reported to the Committee that the overall picture which emerged from the inquiry was positive. The IGIS stated that the inquiry included:

Consideration of documentation setting out each agency’s OSA policies and procedures, an examination of the psychological testing instruments being used, and interviews with staff, human resources managers, psychologists and security experts.[118]

2.144           The IGIS stated that he put forward 18 recommendations, which if implemented will bring about improvements to existing practices. Defence officials have advised the IGIS that all of his recommendations have been accepted and are in the process of being implemented.[119]

Conclusion

2.145           The Committee is satisfied that overall the administration of the six intelligence and security agencies is currently sound. The Committee found that after a period of substantial growth and transition all the agencies are moving towards the consolidation of existing agency structures and staff levels.

2.146           The Committee found that a key aspect of gauging and managing agency performance has been staff surveys. The agencies reported the results of these to the Committee and they provide a clear profile of each agency’s strengths and weaknesses, staff satisfaction and commitment, and overall performance. They also contribute to each agency’s strategic outlook and their ability to meet Government requirements into the future.

2.147            The Committee also found that being effectively ‘joined-up’ remains a key priority within the AIC. The fast-paced and technologically advanced threat environment requires cross-agency collaboration in new and sustainable ways. The Office of the National Security Adviser will be a key element in achieving this and the Committee will remain engaged with how this collaboration is achieved in the future.

2.148           The Committee also notes that achieving greater gender equity remains a challenge for many of the agencies but is satisfied that all agencies are aware of this and are mindful of this situation as the agencies move forward.

2.149           The Committee was pleased to hear that the new ASIO building project is progressing as planned. Through the evidence provided by ASIO at the hearing, the Committee understands that the new building will have the requisite capabilities and capacity to adapt to the changing needs of intelligence and security into the future.