Areas of focus
4.1
As identified in Chapter 1 of this report the Committee requested specific areas of focus for intelligence agencies to provide feedback on in submissions for the 2019-20 reporting period and Review No. 19.
4.2
Those areas of focus were:
the impact of COVID-19 on agencies’ administration and expenditure;
recruitment and retention, including positive vetting processes across the National Intelligence Community;
the implications of a constantly evolving threat environment to agencies’ administrative practices and expenditure; and
the health of agencies’ cyber security, including cyber resilience.
4.3
All agencies addressed these areas of focus in their submissions and in evidence provided at the classified hearings of 14 and 15 April 2021. Agencies either made statements regarding these areas throughout their submissions, or provided discrete sections dedicated to those topics.
4.4
The first area of focus related to COVID-19 will be addressed in a separate section below, but the other areas of focus were addressed to some degree in Chapters 2 and 3, but the following observations are made below regarding other areas of focus.
Recruitment, retention and security clearances
4.5
The issue of recruitment and retention has been an avenue of enquiry that the Committee has investigated for numerous Administration and Expenditure reviews. Over time the challenges facing intelligence agencies have emerged and subsided, but the perennial issues of retention of skilled operators and security clearances continue to challenge the work of the agencies.
4.6
The comments made in Chapter 2 are relevant to this section, but the Committee feels that the inherent connection between security clearances, recruitment and retention of staff in intelligence agencies requires further comment.
4.7
Across the series of classified hearings that the Committee held for the two reporting periods, the issue of lead times for recruitment related to security clearance timing, maintenance of security clearances once obtained, retention of staff with clearances and specialist skillsets (especially regarding movement to industry), as well as the pressures of the evolving work of intelligence agencies was a recurring theme.
4.8
Observations of the evidence received regarding the attractiveness of ancillary benefits, other than salary, were made in Chapter 2. The Committee believes that robust and varied employment conditions, including salary as well as benefits and working conditions, is crucial to the dynamism of the NIC, and especially the agencies under review by the Committee. Many of the agencies described their staff as committed and ‘mission oriented’, but the desire to secure our nation must be met with commensurate support, both financial and wellbeing support.
4.9
To this end, the Committee believes that the recommendation in this report to establish a shared psychology support service, as well as a NIC-wide Ombudsman service, is a good first step to enabling the stable support required for staff to operate effectively, without the worry that mobility of specialist staff that undermines services is either based on psychology skillset or a desire to have more effective complaints and advice services.
4.10
The issue of other ancillary benefits is one that the Committee will follow up with agencies on in future reviews, but the Committee will welcome news regarding the identified consultation between agencies and the APSC.
4.11
The Committee is also cognisant of the ongoing pressures that security clearances create for certain agencies, especially those reliant on the services provided by AGSVA. The internal review and taskforce mechanisms that are underway are crucial to maintaining service and evolving flexibility in this space and the Committee will welcome updated on this in future reviews.
4.12
The Committee is also in the unique position of receiving multiple classified briefings and evidence from agencies regarding other inquires that it undertakes during the reporting periods, many of which result in reports of the Committee that make recommendations that touch on elements of administration and operations of agencies that would otherwise be investigated at hearings for the reviews relevant to this report. This leads to the Committee being aware of issues that might be relevant for future inquiry in these reviews that do not stem from agency submissions or evidence from classified hearings.
4.13
Relevant to this part of the report are two such issues that the Committee has become aware of – transfer of security clearances between agencies when staff mobilise within the NIC or to other Australian Public Service (APS) agencies that may require clearances, and repetition of shared training upon transfer.
4.14
As the concept of the NIC continues to evolve, the Committee believes that staff who do mobilise between agencies should not have to be delayed in having a security clearance transferred, especially if that clearance has been appropriately maintained and has rigour around its suitability and health. Similarly, staff should not have to repeat training that develops core competencies, such as basic intelligence analysis, that shared development level standards could recognise as prior learning.
4.15
Additionally, as the enterprise concept of the NIC develops further, the concept of shared capability and shared services (where appropriate) would be supported by shared access to facilities and systems. The Committee has heard compelling evidence of cooperative endeavour in the name of national security, frustrated by the limitations of staff having to wait months to be approved access to a building. This sort of physical barrier needs to be removed if shared effort is deemed appropriate.
4.16
As these issues have not been raised directly in the context of the reviews being reported on in this report, the Committee does not intend to make any further comment or associated recommendations, but uses this report to highlight to agencies that these issues may be pursued in future reviews.
Evolving threat environment, cyber security and cyber resilience
4.17
The Committee received evidence from agencies regarding the shifting and evolving nature of the threat environment that Australia and its national security and intelligence agencies face. The summary provided by ASIO every year to these reviews, as well as the Director-General’s public threat assessment address, provides umbrella insight into the enduring threats that our nation faces. However, the Committee, through these reviews and the other Bills and legislation that it inquires into and briefings that it receives, gathers extra information that supplements that overall threat picture.
4.18
The agencies provided contextual information to the Committee in submissions and at classified hearings regarding their unique responses and challenges in the face of changing threats. Almost universally, the role that technology has in enabling threats such as espionage, sabotage and foreign interference are well known and acknowledged by the agencies. The constantly changing threat of technology itself, in the form of cyber security, has also become the ‘new’ field of conflict for agencies to adapt to.
4.19
Not only do cyber security threats from state actors present as national security threats, but the increasing menace of cybersecurity threats from criminal organisations (some state-sanctioned) places more and more pressure on maintaining security and safety within our nations.
4.20
ASIO provided the Committee with detailed evidence regarding the implications of changing threats, ranging from evolving extremist threats and fixated individuals, to physical and premises security as well as the challenge of adapting to rapidly shifting technology and platforms for communication.
4.21
ASD continued to provide the Committee with evidence and statistics regarding the challenges it faces in being the Australian Government’s frontline on cyber security and communicating threat warnings and building resilience. Threat advisories, news pieces and technical advice form the chief tool that ASD can utilise in addressing threats to government as well as the Australian community. The constant flow of advice and response provided by ASD and the ACSC are evidence of this ongoing challenge.
4.22
ASD also set the cyber resilience markers for organisations, both government and private sector, in its Essential Eight Maturity Model, which was updated during the review period in February 2019. This model provides guidance to agencies and entities to assess cyber resilience and computer security posture against the standards of the Information Security Manual.
4.23
This maturity model assessment was indicated against by most agencies for the Reviews, but not all, and some assessments relied on the ‘disconnection’ of agency systems from the internet as a basis for non-assessment or high maturity results.
4.24
Whilst the Committee accepts that isolation of classified IT systems does remove the primary method of compromise, if ASD has set a maturity model that outlines assessments, not all of which assess against elements of internet connectivity, then all NIC agencies should be assessing accordingly and introducing remediation to achieve the highest level of maturity.
4.25
The Committee will seek ongoing updates and evidence on these assessments in future reviews.
Committee comment
4.26
Overall, the Committee was satisfied with the six agencies and their evidence regarding the areas of focus request for the No. 19 review. This attention to the areas of focus and the associated reporting that will eventuate in future reviews is expanded on in the future directions section below.
Impacts of COVID-19
4.27
The emergence of the COVID-19 pandemic in late 2019 and the associated impacts domestically in Australia in early 2020 were profound, and the Committee acknowledges that the impact of COVID-19 is continuing to the present day and impacting nearly every corner of the globe.
4.28
The challenge that COVID-19 presented to the six intelligence agencies during the reporting period was substantial, as it was to most public service agencies, governments, private industry and individuals. However, the ongoing requirement to continue to produce operational capability and effectiveness was challenged in the early months once the pandemic reached Australia.
4.29
As is to be expected, intelligence agencies cannot simply shut their doors and have staff work as normal from home. The Committee received evidence from all agencies regarding the staffing and working arrangements that had to be implemented, at a rapid rate, to ensure that capability could be maintained and effective security upheld. The Committee pursued more information on these arrangements, which are mostly classified, at the review hearings.
4.30
Generally speaking the Committee can make some comment on the following observations of response from agencies regarding COVID impacts:
Most agencies were able to continue essential capabilities by implementing staggered staffing arrangements, with associated accommodation changes and increased cleaning. The impact of cleaning requirements was quantified by ASIO, manifesting in a nearly doubling of cleaning costs for the agency between the 2017-18 reporting period and the 2019-20 period.
Critical operations requiring access to sensitive and classified information and systems was able to continue, but with other staff utilised in different ways.
Nearly all agencies implemented working groups or committees to meet and assess the changing health requirements and respond in the most appropriate fashion.
The requirement for coordination and de-confliction of activities in response to COVID-19 saw the enterprise management role of ONI to come to the fore and the coordinated response across the NIC managed and focused.
Staff support arrangements were bolstered, with assured mental health support. This highlighting of support services informed the Committee’s deliberations on the recommendations contained in Chapter 2.
Agencies with staff located overseas faced unique challenges, many of which had never been faced before. The Committee received evidence on support for staff, as well as special circumstances for travel and support of overseas operations.
Travel expenditure was substantially impacted and alternative mechanisms for collaboration and capability were developed and tested during the latter half of the 2019-20 reporting period.
4.31
In extremis, the agencies’ response was commendable in the face of an unprecedented health crisis.
4.32
The increased use of technology by society in general was echoed by the use of technological media to undertake the traditional avenues of interference, coercion and persuasion that agencies work against. As mentioned in Chapter 1, the rise of extremist ideology by technical means under COVID-19 posed a challenge for agencies, and will continue to pose a similar and evolving challenge that the Committee will pursue evidence of in future reviews.
Committee comment
4.33
The Committee is very grateful for the candour and openness that the agencies brought to the discussions regarding operation under COVID-19 restrictions. These are valuable lessons regarding business continuity during unprecedented challenges, and have undoubtedly stood these agencies in good stead when further lockdowns or restrictions have occurred.
4.34
The Committee was appreciative of the open dialogue that agencies brought to conversations regarding COVID-19 realities during the Committee’s April 2021 classified hearings. The Committee also notes that many of the mechanisms that have been put in place out of necessity during the pandemic have continued after the initial restrictions and can potentially inform business improvement and efficiencies into the future.
4.35
However, the Committee also notes that whilst ONI did bring a coordinating role to that initial period of change, there has not been an indicated continued role of coordination and guarding against unnecessary duplication after the initial emergency had passed.
4.36
The Committee is eager to see such coordination and efficiency pursuit continue, especially as the NIC continues to evolve and ONI develops its enterprise management function. This activity may be in development, but the Committee sees merit in a central review of lessons learned from the COVID-19 response in NIC agencies and would like to see those lessons, challenges, failures and successes inform consolidated business improvement and capability development going forward.
4.37
The Committee recommends that the Australian Government resource the Office of National Intelligence to conduct an enterprise-wide review of lessons learned from the initial and ongoing response to the COVID-19 pandemic in the next 18 months. This review should then be provided to all National Intelligence Community agencies for consideration, development and implementation.
4.38
A copy of the full classified review report should be provided to the Committee for information and consideration during the relevant Administration and Expenditure Review in which its conclusion falls.
Future direction of Administration and Expenditure Reviews
4.39
The Committee has been undertaking Administration and Expenditure Reviews since it was constituted as the Parliamentary Joint Committee on ASIO, ASIS and DSD in the early 2000s.
4.40
The important duty conveyed on the Committee by paragraph 29(1)(a) of the IS Act fulfils a crucial oversight and accountability function regarding the agencies reviewed, as traditionally many of these agencies were not subject to other forms of public scrutiny, let alone parliamentary scrutiny. In essence, these reviews were to be in lieu of Senate Estimates for these agencies.
4.41
However, since the introduction of the reviews into the IS Act, and especially in the last four to five years since the conduct and release of the Independent Intelligence Review, there has been a shift in public scrutiny and visibility of some of the agencies under review by this Committee. ASIO, ONI and ASD all now appear before Senate Estimates hearings. ASIO and ASD have public Annual Reports including financial statements
4.42
The agencies continue to operate in a covert manner, with very little public information regarding their operations, and for very good reason. ASIS, DIO and AGO provide valuable services to the government, the Australian Defence Force, the rest of the NIC and the Australian community at large, and for the protection of their people, capabilities and the security they bring our nation, all of their information must remain a secret. However, where possible, information about how all the agencies reviewed by the Committee administer the considerable funds they receive should continue to be analysed.
4.43
In saying this, the evolution of the Administration and Expenditure Reviews has transformed along with the expectation that the Committee must outline what little information it can regarding all information requested of agencies. The Committee believes this must change, and on this basis will, for future reviews, report on an exception basis regarding its analysis of administration and expenditure information.
4.44
This streamlining is especially important given the ever-increasing workload of the Committee and the delays that can be experienced when focus is taken away from an essential statutory role. This became especially evident with the delay of the No.18 review and its paired reporting with the No. 19 review in this report. The result of this is that the Committee is now delivering this report covering information about these six agencies that relates to a period starting over three years ago.
4.45
The Committee has cast a critical eye to the review process, and the result is reflected in the format of this report and this directions statement.
Senator James Paterson
Chair
20 October 2021