It’s not just software. Physical critical equipment can’t be trusted, either

Just auditing the software in critical equipment isn’t enough. We must assume that adversaries, especially China, will also exploit the hardware if they can.

The latest report on the dangers from China-made solar inverters is a strong reminder that the physical part of equipment must not be trusted. Reuters said on 15 May that investigators had discovered rogue communication modules embedded in Chinese solar inverters installed in critical US energy infrastructure.

These ghost machines, capable of wireless data transmission, had not been declared by the manufacturers and had no documented function. They were, in effect, silent participants on the US grid.

No specific act of sabotage has been confirmed, but the purpose of the devices is unclear. Are they passive intelligence collectors, quietly contributing to foreign data aggregation? Or are they latent access points with offensive potential, waiting to be activated?

Inverters could be coordinated to disrupt voltage regulation or overload circuits across distributed energy resources, causing instability or damage to grid infrastructure.

Presence of the rogue communications modules in the inverters reminds us that adversaries can exploit vulnerabilities hidden deep in hardware, creating potential strategic leverage across essential systems.

As globalisation enters a new phase defined by contested technologies and fragmented supply chains, treating hardware as implicitly trustworthy builds hidden risks into the systems designed to ensure our national resilience.

Governments and industries have embraced zero-trust security models, in which no user, device or connection is trusted by default. But, too often, this principle is only applied to software and user access, not to the hardware operating inside our critical systems. Physical infrastructure, such as the devices that run power, water and transport systems, is rarely scrutinised to the same degree. In part, that’s because hardware threats are harder to observe, difficult to attribute, and require specialised tools and skills to detect.

This is a dangerous oversight.

Modern infrastructure is not a single system. It is a complex patchwork of such globally sourced equipment as sensors, inverters, routers and gateways. Many of these devices run proprietary firmware, are updated irregularly and operate with little visibility once installed. The complexity is such that no single organisation, and often no single person, fully understands how it all works. Much like modern vehicles, we no longer repair these systems part by part. We replace entire black-box subsystems, trusting that what’s inside the new ones will be what we expect.

Inverters and controllers similar to those exposed in the United States are deployed across Australia’s solar energy sector, particularly in residential and commercial-scale distributed energy resources. Many are connected to the grid and managed remotely via mobile networks.

The structural risks highlighted in the US investigation almost certainly exist here. It’s likely we simply haven’t looked closely enough. We may not even know how to look or where to start.

So far, Australia’s policy focus has been on network security and operational resilience. The Security of Critical Infrastructure Act and its Risk Management Program reforms have strengthened awareness and governance. But hardware integrity remains a blind spot. Vendors are often evaluated based on documentation or country of origin. Few components are independently tested for physical or embedded threats. Even fewer are built with tamper evidence or verifiable firmware.

So what would a zero-trust model for hardware look like? It starts with rejecting assumptions. Devices used in critical environments should be able to prove they are genuine and unaltered, using cryptographic signatures that can be independently verified. Firmware should be auditable and digitally signed. Hardware platforms need runtime integrity checks, tamper detection and the ability to isolate or disable compromised components. These capabilities exist today but are rarely adopted at scale.

Procurement models must also evolve. Hardware cannot be selected from trusted supply chains on cost-efficiency alone. It requires a broader risk lens, one that accounts for consequence, likelihood, adversary capability and intent. Mitigation may require investment in local capacity, or co-development with partners that share our security posture. Where equipment cannot come from reliable foreign countries, governments must cultivate domestic sources.

This is not about closing off our economy. It is about building resilience. In a contested region, the ability to operate independently of hostile actors may determine national outcomes.

We must also let go of the idea that trust is permanent. Zero-trust is not a one-off assessment; it’s a posture of continuous verification. Supply chains evolve. Vendors change hands. Firmware updates introduce new code. Just as we monitor software over time, we must now monitor the behaviour and integrity of the physical devices that carry our systems.

The ghost machines uncovered in US infrastructure cannot be understood as an isolated glitch. They represent a deliberate strategy: embedding long-term access and influence into the physical core of critical systems.

Australia has made progress in recognising cyber threats as national security challenges. The next step is to extend that awareness to hardware.

We cannot secure the future while building on unexamined trust.

Australia should establish a unit dedicated to financial warfare capabilities

In an age of great-power competition, the next major conflict may be waged not in the skies over the Indo-Pacific or in the South China Sea, but through sanctions regimes, targeted financial disruptions and coercive use of trade and capital. Finance has emerged as a sixth domain of warfare.

Economic and financial warfare has become a critical instrument of statecraft, from Iran’s isolation from SWIFT to China’s creation of the Cross-border Interbank Payment System (CIPS). The ability to shape behaviour through financial tools is now a strategic reality. Australia, as a middle power with limited kinetic mass but outsized regulatory and technological clout, must take financial warfare seriously.

Australia’s deterrence measures lie in asymmetric capabilities. Just as cyber and space reshaped operational planning, Canberra can use financial tools to shape adversary behaviour, impose costs and support allies in the grey zone.

Our economic integration with the Indo-Pacific makes us both influential and vulnerable. Australia is deeply embedded in global financial networks and supply chains, with extensive dependencies in sectors like semiconductors, pharmaceuticals and critical minerals. The regulatory reputation of institutions such as AUSTRAC and the Reserve Bank gives Australia credibility, and our intelligence partnerships provide a deep well of financial data. These interconnections create leverage, but also exposure.

Australia should properly mobilise these assets to become a leader in economic and financial statecraft among middle powers offering asymmetric capability to our arsenal. The combined effort would also help to protect our financial vulnerabilities.

From an AUKUS perspective, our institutional architecture has not kept pace. Australia lacks a coherent entity capable of wielding financial power with precision and purpose, like the US Treasury’s Office of Foreign Assets Control or the wartime Ministry of Economic Warfare in Britain. This must change.

Warfare has always been about economics, since Athens and Sparta blockaded each other’s trade routes and the British disrupted Axis supply chains through economic subversion. More recently, US sanctions reduced Iranian oil exports from 2.7 million to under 500,000 barrels per day. These economic tools degraded adversary capacity without firing a shot.

But today, financial intelligence, market manipulation, sanctions enforcement, and cyberattacks on financial infrastructure converge as multidomain tools in warfare. China’s efforts to control rare earths, buy foreign ports and develop a digital yuan are coherent strategies of financial statecraft.

Financial warfare encompasses a wide spectrum of instruments, often deployed in synchronised campaigns to shape the strategic environment before the first shot is fired:

—Sanctions and export controls have constrained Iran’s oil exports and Russia’s defense industrial base.

—Asset freezes and Magnitsky-style laws target kleptocrats and human rights violators, disrupting elite networks.

—Cyber-financial attacks, such as North Korea’s 2016 Bangladesh Bank heist, illustrate the intersection of hacking and financial disruption.

—Currency manipulation and trade coercion, notably by China, undermine fair competition and weaponise market access.

—Supply chain domination, especially in critical minerals, allows adversaries to impose latent costs or influence decision-making through chokepoints.

To develop our own strategies of financial warfare, Australia should establish a Financial Warfare Office. Whether embedded within the Joint Capabilities Group or established as a standalone body reporting to the National Security Committee, its mission must be unambiguous: to use finance to deter aggression, degrade coercion and defend sovereignty.

Core capabilities should include fusion of financial intelligence, in which data is aggregated from AUSTRAC, the Australian Federal Police, private banks and allied intelligence to map financial vulnerabilities and illicit flows. Targeted economic instruments should be developed in collaboration with existing government entities to combine sanctions, investment restrictions and export controls. The dedicated unit should lead in resilience planning to identify weak points in critical financial infrastructure and supply chains. It should run strategic influence operations, leveraging financial narratives and market signals to amplify deterrence.

This unit would also serve as a key interface with AUKUS partners, particularly under Pillar Two, where financial, cyber and technological tools must be integrated for strategic effect.

For example, it could pre-emptively disrupt illicit financing of a hostile proxy group by tracing shell companies across Southeast Asia and triggering coordinated asset freezes with Five Eyes partners. It could also identify and block foreign acquisition of a biotech firm holding sensitive data, using regulatory levers to frustrate strategic land and IP grabs. Such risks are already recurring features of grey-zone competition.

Financial warfare is powerful but double-edged. Ill-considered sanctions can harm civilian populations, erode legitimacy and strain alliances. Cyber-financial campaigns may escalate unpredictably. Australia’s response must therefore be grounded in rule-of-law principles and transparent governance.

For this, we must invest in legal authorities, oversight frameworks and international coordination to ensure that economic tools serve democratic security, not undermine it. Financial warfare must not become a pretext for economic nationalism or short-term political gain.

Australia must now make economic and financial statecraft a core pillar of our national defense strategy. Doctrine, investment, institutions and alliances must be calibrated for this new domain of warfare.

Australia must rethink cybercrime to tackle it effectively

Let’s face it: Australia is seen as a soft target for cybercriminals. Its fragmented cybercrime response makes both individuals and institutions more vulnerable.

Australia’s cybercrime framework must be informed by diverse perspectives, and it must focus on victims as much as on perpetrators. This means dismantling outdated binaries between ‘technical’ and ‘non-technical’, challenging the militaristic culture of cybersecurity and building a workforce that reflects the public it serves.

Between 2020 and 2022, scam syndicates across Southeast Asia and Africa targeted thousands of new Australian victims monthly, while intentionally avoiding targets in the United States. In an interview, one of the hackers behind the 2022 Medibank breach reportedly said that ‘Australians are the most stupidest humans alive… they have a lot of money and no sense at all.’ While offensive, the comment points to a broader perception among cybercriminals: Australia is lucrative and underprepared.

Part of this weakness stems from outdated frameworks. A long-standing distinction divides ‘cyber-enabled’ crimes—traditional crimes such as fraud, scams, or sextortion committed via technology—from ‘cyber-dependent’ ones, which rely entirely on digital systems such as hacking and ransomware. This distinction was helpful when internet access was limited. Now, it merely obscures the complexity of cyber threats.

Our perceptions haven’t caught up either. The stereotype persists of the cybercriminal as a male hacker in a hoodie working in a dark room. But this figure is largely mythical. Research shows that cybercriminals come from varied backgrounds, have diverse motivations—including financial gain and thrill-seeking—and have no consistent links to traditional forms of crime. What they do tend to have in common is gender: most are men.

The archetype of the hacker aligns with the model of ‘nerd masculinity’. In this model, once-ridiculed characteristics such as technical expertise and social awkwardness have become assets in the digital era. Such traits are associated with status and control, particularly in cybersecurity and hacking cultures.

This evolution has consequences. As cybersecurity increasingly mirrors military structures, technical skills become a form of power. The hacker, rebranded as a kind of digital warrior, reflects and reinforces dominant masculine norms. Cybercrime is thus framed as a battleground—a contest of skill, prestige and conquest.

Existing frameworks reduce cybercrime to a technical problem requiring technical solutions, obscuring the human and societal costs, particularly for victims of scams, abuse or online stalking. This also fuels a culture of exclusion in the cybersecurity workforce, where hypermasculine norms marginalise women and other diverse voices.

Feminist criminology—which focuses on women offenders, women victims and women in the criminal justice system—is an important, yet underused lens for understanding cybercrime. One useful theory is Raewyn Connell’s ‘hegemonic masculinity’, which argues that culturally idealised masculine traits, such as dominance, control and emotional detachment, are rewarded and reinforced. Offline, these traits underpin acts of violence and coercion. Online, they shape how cybercrime is both perpetrated and policed.

Indeed, research shows that men often view cybersecurity as the protection of systems and infrastructure, while women more commonly emphasise cyber safety or the protection of people from digital harms. Both are important. But Australias current policy response, including the establishment of a ‘hack the hackers’ taskforce after the Medibank breach, leans heavily toward the former. This retaliatory, militaristic posture positions cybercrime as a battlefield for elite operatives, not a public safety issue.

The impact is felt in the data. Australians lost over $3.1 billion to cyber fraud in 2022 alone, though the figure is likely much higher due to underreporting. Only one in four victims report these crimes, partly due to a culture of victim-blaming that casts them as careless or gullible. This mindset is another byproduct of the hegemonic, technicist model: it prioritises system protection over human wellbeing.

In October 2023, the Joint Committee on Law Enforcement launched an inquiry into how well law enforcement is equipped to respond to cybercrime. The hearings included testimony from government, industry and community stakeholders. The inquiry exposed a systemic lack of support for victims of cyber-enabled crimes and identified widespread gaps in cybersecurity awareness among frontline responders. Yet despite its potential to spark meaningful reform, the inquiry lapsed in early 2024. It was an opportunity lost. Meanwhile, Australia’s cybersecurity strategy and funding priorities continue to centre on data breaches and ransomware, leaving broader systemic issues unaddressed.

A critical first step for the new government should be to revive the inquiry, confront persistent stereotypes and publicly release the findings. As for us, we’ll keep pushing for change and shedding light on the issue.

To respond effectively, we need to move beyond yesterday’s logic. Cybersecurity must be inclusive, not exclusive, to be effective. If nothing changes, Australia will remain vulnerable, not only to overseas hackers, but to the blind spots in our own thinking.

China’s geopolitical dominance game in the South China Sea

For all the talk about the South China Sea’s complexity as a security issue, its geopolitical significance to China is simple: China wants to condition Southeast Asian states to subordinate status. Southeast Asian countries would do well to consider this when assessing Beijing’s motivations and behaviour.

I was in Singapore earlier this month to participate in the International Maritime Security Conference, organised by the S Rajaratnam School of International Studies. The conference was part of IMDEX Asia 2025, a biennial congregation of sailors and warships from around the region, hosted by Singapore’s navy. This edition included senior representatives from Australia, Britain, Canada, China, India, France, Japan, New Zealand, Sri Lanka, the United States, and member states of the Association of Southeast Asian Nations.

It’s common for speakers at regional conferences to present the maritime environment in terms of complex, cross-cutting transnational security challenges, such as illegal fishing, critical seabed infrastructure, marine pollution, cyber, climate, autonomy, energy exploration and others. (The list expands continually.)

The importance of cooperation and adherence to international law remains a staple theme of such gatherings. Yet advocates of regional maritime cooperation struggle to name new initiatives. The widely referenced Malacca Strait Patrol, for example, is two decades old. It is also telling that the lexicon of power and competition has gradually crept back into session titles. Phrases such as ‘geopolitical implications’ and ‘armed conflict’ were an uncommon sight at maritime conference agendas 15 years ago. This is no longer the case.

Southeast Asian analysts and security practitioners know that the regional security environment is deteriorating, but they remain reluctant to acknowledge the source of the problem head-on. Some have convinced themselves that great-power competition between the US and China is their primary security challenge, rather than domination by the latter. This manifests in a collective view that conflict avoidance is ASEAN’s primary security objective, more than order preservation—though these are not necessarily mutually exclusive aims. Nowhere is this more evident than in the South China Sea.

In geopolitical terms, the South China Sea is best thought of as an arena. The core game within this arena is between China and Southeast Asia. Beyond access to seabed resources and any intrinsic significance of the sea itself, China’s strategic purpose is to establish dominance over Southeast Asia through repeated conditioning.

Australia, Japan, the US and some European countries are also players in this game. They recognise that their own security will suffer if China successfully resets its relations with Southeast Asia in hierarchical terms, at the expense of respect for sovereign equality and international law. They rightly fear that China aims to eject the armed forces of non-littoral states from the South China Sea, hence their preoccupation with freedom of navigation. But these nations also rely on political support from Southeast Asian countries to legitimise their presence to a significant degree.

In relation to the South China Sea, Southeast Asia’s core group of states is composed of Brunei, Indonesia, Malaysia, the Philippines and Vietnam. The latter two are Southeast Asia’s frontline territorial claimants and are most directly exposed to Chinese pressure tactics. Vietnam’s geography makes it uniquely vulnerable to any impediment on navigation or commercial activity in the sea. China’s current focus is to isolate the Philippines as far as possible within ASEAN, since Manila has publicly defied Beijing’s attempts to establish dominance and has revived its military alliance with the US. Chinese participants at the conference made this focus clear.

Brunei and Indonesia do not have territorial disputes with China, but Beijing claims overlapping jurisdiction within both countries’ exclusive economic zones, based on its dashed-line claims. Jakarta has long maintained that it has no maritime boundary dispute with Beijing, as it has treated China’s claims as without legal foundation. So the admission to ‘overlapping claims’ in last November’s joint statement during Indonesian President Prabowo Subianto’s inaugural visit to Beijing was a surprising concession to China’s dominance game. Indonesia’s Foreign Ministry maintains that its position on the South China Sea is unchanged. But if Chinese firms can pursue ‘joint development’ based on the November statement, Beijing can claim to have eroded Jakarta’s resolve.

Brunei has proceeded more cautiously on the question of overlapping maritime boundaries. But, in February, Brunei and China jointly agreed ‘to cooperate in the development of resources in mutually agreed areas, on a without prejudice basis to legal positions of the respective countries under international law’. Such development could include joint fisheries activities or hydrocarbons extraction. Whatever form it takes, China is likely to treat such overtures from Southeast Asian claimants as tacit concessions.

Malaysia occupies a middle position among ASEAN claimant states. China claims Malaysian-occupied territory in the Spratly Islands and disputes Malaysia’s jurisdiction within significant portions of its exclusive economic zone and continental shelf. China behaves less aggressively towards Malaysia than it does towards the Philippines and Vietnam. But China’s coast guard maintains a continuous watch inside Malaysia’s exclusive economic zone and exerts physical pressure to deter Putrajaya from developing untapped seabed energy resources within Chinese-claimed areas. One Malaysian participant at the conference floated a proposal for Malaysia to pursue joint energy development with China, without formally acknowledging disputed jurisdiction—similar to Brunei. This is a personal view, not reflective of Malaysian government policy, but Chinese participants will perceive it as further evidence that Southeast Asia’s collective resolve is weakening.

The rest of ASEAN has lower, less direct stakes in the South China Sea. Cambodia and landlocked Laos are already dominated by China to a considerable degree. Singapore, though not a claimant state, relies heavily on freedom of navigation and actively facilitates access for the US Navy and its allies, including Australia through the Five Power Defence Arrangements. Thailand and Myanmar, especially, are less invested. Their main interest is the ASEAN-China Code of Conduct. Frequently dismissed as irrelevant, the code nonetheless serves Beijing’s interests as a useful conditioning tool, since it binds the whole of Southeast Asia (except East Timor) into a seemingly endless diplomatic process. The code’s torturous lack of progress repeatedly demonstrates to ASEAN’s members that negotiations on a draft code have no practical constraint on China’s strategic activities.

China’s quest for dominance in the South China Sea is not about resources nor any single maritime issue; in essence, it isn’t about the sea at all. Beijing’s geopolitical aim is to condition Southeast Asian states, individually and collectively, into accepting subordinate status. If it can achieve this without fighting, the likelihood is that the South China Sea will remain tense but stay below the threshold of armed conflict.

With the standout exception of the Philippines, things are currently trending in Beijing’s direction. Indeed, from Beijing’s perspective, ASEAN’s collective trajectory might be summarised as ‘losing without fighting’.

Indonesia has good reasons to reject Russian aircraft basing

Indonesia has plenty of reason to reject basing of Russian aircraft at its air force base on Biak, an island north of New Guinea at 1,400 km from Darwin.

From Russia’s point of view, keeping aircraft at the Manuhua Air Force Base would add to its prestige and might also be helpful to its ‘no-limits’ partner, China.

Whether it has asked for such access is disputed. Defence publisher Janes, citing Indonesian government sources and documents that it had reviewed, reported on 14 April that Russia had asked to base several aircraft on Manuhua; this would be a step up from aircraft merely transiting through the airfield. A day later the Indonesia Defence Ministry said the report was ‘incorrect’. But the Australian, a newspaper, said in an unsourced 28 April report that the Australian government had known in February of Russian requests to use Indonesian airfields for long-range military aircraft.

No one has suggested Indonesia has accepted such a proposal. Acceptance would indeed amount to a huge change in foreign policy and would roil the strategic situation in the region. It is not clear that Indonesian leaders would want to engage in such drastic initiatives.

Moreover, Indonesia has always presented itself as non-aligned, and it is proud of this self-image. As the Foreign Ministry said on 17 April, ‘Indonesia has never granted permission to any country to build or possess a military base in Indonesia.’

Though one can quibble over the true extent of Indonesia’s non-alignment, at the very least, the superficial trademarks of non-alignment are important to the country. Accepting the Russian proposal to use an Indonesian air base would severely dent the country’s non-aligned stature.

Acceptance would upset Indonesia’s international relationships, including the one with Australia, with which it has have become increasingly close. Indonesia knows that Russian aircraft basing on its territory would not please Canberra. Indeed, Australia would consider basing Russian combat aircraft so close to Australian territory a seriously unfriendly act.

Other powers, including India, the United States and Japan, would also be displeased. These are all powers with which Indonesia enjoys good relations and hopes to deepen ties. Even India, which has good relations with Russia, would be concerned about the potential for such a move to enhance China’s power in a vital region, especially so close to the sensitive Malacca straits.

Russian aircraft flying from Biak could conceivably provide valuable wartime reconnaissance and targeting data for China. If Russia were not a declared participant in the war, China’s opponents, such as the US and Australia, could do little to stop this activity. Even in peacetime, the potential to offer such wartime benefits would increase Russia’s clout in Beijing.

A request to base aircraft on Biak, which Moscow’s ambassador to Jakarta has not denied, would be part of a pattern of Russian expansion. Russia has sought to extend its global reach. President Vladimir Putin wants to reassert the country’s traditional great power role, despite its much-weakened condition and its being bogged down in its war against Ukraine.

Russia has been increasing its activities in Africa and the Middle East, areas of traditional Russian influence during the Cold War. Though Russia suffered a setback in Syria last year, its ties with Iran have deepened, with Tehran becoming an important source for drones and ballistic missiles.

Regardless of the practical benefit that Russia gets from this, it clearly enjoys the prestige of global influence.

Though Russia does not have any direct interests at stake in Southeast Asia, Putin likely views a Russian presence in the region as necessary. Russia’s traditional friend in the region has been Vietnam. The Soviets had an important military base in Cam Ranh Bay, reportedly the largest outside their own territory. But the lean years after the Cold War saw Russia withdraw its Indo-Pacific presence.

Nevertheless, Vietnam continues to be an important partner, but it is also concerned about China and is increasingly friendly to the US and its partners. A US aircraft carrier visited Vietnam in 2023 and the country has reportedly agreed to buy F-16 fighters from the US. Vietnam and the region are worried about China’s aggressiveness.

Federalism could torpedo AUKUS

AUKUS is under pressure, not from adversaries abroad but from state governments at home. While Canberra drives the security pact forward, Australian states are the ones that that hold the constitutional levers over the land it will need, through their powers of zoning, environmental approvals and handling Indigenous rights.

States are already dealing with legal and political friction relating to this, and concerns over reliability of the United States as an ally may lead states to question the long-term value of their sacrifices.

The real opposition to AUKUS may ultimately come from Adelaide or Perth.

South Australia isn’t just building submarines—it’s building legal tension. The state recently fast-tracked legislation to smooth the path for AUKUS infrastructure at Osborne, but critics aren’t buying it. The Greens and local community groups say the new laws sidestep environmental oversight and shut the public out of decisions that reshape their suburbs. What looks like streamlined defence policy to Canberra looks more like executive overreach to inner-city Adelaide.

Western Australia may be next. With HMAS Stirling flagged for upgrades and nuclear training added to the mix, the state government will soon face its own AUKUS-related planning headaches. WA’s environmental protections are some of the strongest in the country. We may soon find out just how far they’ll bend under the weight of trilateral ambition.

In both states, the issues are the same: land, laws and legitimacy. AUKUS might be stamped with the Commonwealth seal, but the real action is unfolding on state soil. Zoning battles, nuclear questions, and Indigenous land rights aren’t just planning issues; they’re pressure points in our constitution. While no one wants to wade too deep into black-letter law, AUKUS is fast becoming a case study in how fragile Australia’s federal balance really is. While defence might be a national responsibility, it’s built—quite literally—on state foundations.

State concerns go well beyond turf wars. States are being asked to make permanent, often politically difficult changes, such as rezoning coastal areas, approving nuclear-related facilities and navigating complex heritage protections. But in return, they face uncertainty.

When asked about AUKUS, US President Donald Trump responded with his own question— ‘What does that mean?’—sending diplomatic shockwaves through Canberra.

Alliances, once assumed to be stable, can become suddenly transactional. If a future US administration walks back or redefines its AUKUS commitments, states will be the ones left with the consequences. They will have bent their planning rules and stirred local opposition for a security benefit that might vanish based on election results in Washington.

These pressures are converging. As a result, it is Australian states—not just the courts or Canberra insiders—that could prove the most formidable challengers to the next phase of AUKUS.

That opposition won’t necessarily be loud, dramatic or even headline-grabbing. It may look like legal challenges, bureaucratic roadblocks, and slow-walked approvals. It may come as litigation over environmental law and cultural heritage, or as quiet political resistance: premiers may begin to ask whether the federal government has done enough to justify the upheaval.

None of this means AUKUS is collapsing, but it does mean closer attention needs to be paid to states, especially Adelaide and Perth. Canberra cannot afford to treat AUKUS as a closed federal project. The government can’t assume consent, but rather earn it, and not just with federal funding announcements or defence white papers. AUKUS will increasingly require political legitimacy beyond Defence briefings and federal budgets.

To achieve that, the Commonwealth must engage more transparently with state governments, clarify the legal boundaries of implementation, and address public concerns about environmental, cultural, and economic impacts. Otherwise, the most significant resistance to Australia’s biggest strategic undertaking in a generation may come not from foreign adversaries, but from within—one zoning dispute at a time.

Reuniting ASIO and the AFP under Home Affairs is the right move to address intensifying threats

Prime Minister Anthony Albanese’s decision to return policy responsibility for the Australian Security Intelligence Organisation and the Australian Federal Police to the Department of Home Affairs is more than a machinery-of-government change; it’s a long-term strategic recalibration in response to a rapidly intensifying threat landscape.

The move, previously advocated by ASPI executive director Justin Bassi, lays the foundation for a more integrated and future-ready national security system that can address the complex interplay between societal resilience and statecraft. In doing so, it matches the threats that confront Australia and effectively puts an end to the perception that Home Affairs is owned by one side of politics. In national security, a bipartisan approach to governing architecture is vital for public confidence, even where policies may divide.

The reform responds to a clear signal sent by the director-general of security’s 2025 Annual Threat Assessment: that several of the organisation’s ‘heads of security’ are flashing red, and more could soon follow. The convergence of foreign interference, cyber intrusions, espionage, terrorism and transnational crime demands a whole-of-nation response. These are no longer discrete risks to be managed by siloed agencies; they are networked threats that exploit cracks between institutions and jurisdictions.

The so-called caravan incident—a bomb hoax in Sydney in January that triggered a large-scale counterterrorism response—made those cracks visible to the public. Although it was a false alarm, the event revealed systemic weaknesses in cross-jurisdictional coordination. Communication and command-and-control arrangements faltered at critical moments.

The decision to move ASIO and the AFP back to Home Affairs was a response to these past shortcomings, as acknowledged by the prime minister. But the decision also reflects a forward-leaning posture that better positions us for future crises by recalibrating how we define and deliver national security.

The rationale for creating the Home Affairs portfolio in 2017 remains valid: Australia had a coherent foreign and defence policy architecture but lacked the same level of domestic integration. However, in 2025, challenges no longer relate only to domestic security. Whether it’s youth radicalisation, cyber-enabled foreign interference or coordinated attacks on democratic institutions, these problems cannot be solved by intelligence collection or law-enforcement action alone. They are societal challenges.

ASPI analysts have consistently argued that we cannot arrest our way to social cohesion, nor spy our way to reduced radicalisation. The spread of extremist ideology online, the erosion of public trust in democratic institutions and the exploitation of social and economic vulnerabilities all point to a need for a security architecture that is integrated not only across operational agencies but across policy departments and sectors. Education, online regulation, community services, migration policy, economic development and democratic integrity are now inextricably linked to national security outcomes.

Over the past two decades, ASIO, the AFP and state and territory police forces have built deep mutual respect and cooperation at tactical and operational levels. These relationships are now embedded in culture, not just protocol. But while operational trust is strong, strategic alignment remains uneven. Successful national-level integration requires a federal policy owner that fosters the same level of cohesion across policy and coordination functions. It must be backed by clear governance, empowered leadership and a mandate that reinforces collaboration rather than assumes it.

In this context, the institutional boundaries of Home Affairs matter deeply. Machinery-of-government changes will certainly take time to operationalise. The disbanding of Home Affairs’ intelligence division under the previous administrative settings hindered the department’s ability to convert intelligence feeds into coherent policy advice. The announced reform rebuilds that bridge between national security operations and strategic policymaking.

In doing so, it gives effect to Home Affairs’ 2024 Independent Capability Review, which warns against the dangers of reactive, crisis-driven leadership. The review calls for the development of foresight capabilities, stronger internal coherence and improved integration with the broader machinery of government. In response, Secretary of Home Affairs Stephanie Foster committed the department to a more forward-leaning, strategically aligned model of leadership. Since then, the department has initiated reforms to embed a clear strategic purpose across its functions, build advanced foresight capabilities and enhance whole-of-government integration. These include:

—Establishing structures to anticipate and prepare for emerging threats, rather than merely responding to existing ones;

—Advancing partnerships with industry, community organisations and other levels of government to build a unified security ecosystem; and

—Aligning disparate operational and policy units under a single strategic direction to better coordinate law enforcement, protective security, cyber, immigration and cohesion functions.

Rebuilding strategic capability is one half of the equation. The other half is political leadership. Australia’s national security not only demands capable intelligence professionals; it requires ministers who can lead from the front. The appointment of Minister for Home Affairs Tony Burke to oversee ASIO and the AFP, on top of his portfolios in Cyber Security, Immigration, Citizenship, and the Arts, signals a recognition that contemporary security challenges defy old silos. Burke has a good track record in high-pressure portfolios and strong political authority within cabinet, positioning him as a minister with the bandwidth and weight to drive reform across competing agendas. His portfolio mix reflects that social cohesion, migration policy, cultural identity and cyber resilience are now core aspects of national security, not peripheral concerns.

In a world of converging, escalating threats, the fragmentation of domestic security activities is an untenable liability. Returning ASIO and the AFP to the Home Affairs portfolio is necessary, timely and grounded in operational experience and strategic foresight. But to be meaningful, it must go beyond the symbolic. It must address deep structural vulnerabilities, restore lost capability and operationalise a whole-of-nation vision for security.

That means positioning Home Affairs as the federal government’s strategic coordinator for national security policy, supported by a restored intelligence division, strengthened internal capability and a clear mandate to tackle both immediate threats and the underlying societal drivers of insecurity. Crucially, this must be exercised in genuine partnership with the states and territories and must be enabled by a minister who can lead from the front and work effectively across disparate portfolios. National security cannot be imposed from Canberra; it must be built collaboratively with those on the front lines of implementation. With bipartisan backing, the momentum of an independent review, and the leadership of a minister with the political weight to drive reform, the opportunity is real.

The Pacific needs to upgrade regional intelligence cooperation

Strengthening regional partnerships can help Pacific intelligence capabilities overcome rising challenges. The Pacific should establish a centralised intelligence hub alongside or through the expansion of the existing Pacific Fusion Centre to deliver greater intelligence capabilities to the region.

Resource constraints present some of the most significant difficulties for intelligence efforts in the Pacific as they face growing maritime domains threats and transnational crime such as drug and arms trafficking. Many Pacific island security forces and governments face financial constraints that hinder their ability to invest in modern intelligence systems. As a result, their capacity to collect, interpret and respond to vital information is significantly limited. But a regional hub would help alleviate the financial load and make it easier for international partners to support the region’s needs.

The Pacific Fusion Centre is one example of a regional information-sharing initiative that could be expanded to address these challenges. Analysts from across the region are seconded to the centre and collaborate in producing strategic assessments for the region against priorities outlined by regional leaders at the Pacific Island Forum in 2018. However, the centre relies heavily on open-source data, which may not be sufficient for analysis of complex threats such as transnational crime networks, cyberattacks and maritime domain threats. These threats often require access to classified or more sensitive intelligence sources to develop effective responses. Strengthening the integration of diverse data types available at the centre could enhance its ability to tackle such complex issues.

Training initiatives for Pacific intelligence groups involving advanced technologies or international partnerships also often come with substantial costs. Pacific countries struggle to allocate sufficient funds for comprehensive training programs. Moreover, training models developed for other regions may not always be suitable for the Pacific’s specific cultural and operational settings, which can limit their relevance and effect. Partners such as Australia should focus on developing and delivering region-specific intelligence training that uses regional knowledge and expertise in its examples.

The Pacific also has an issue with staff retention in intelligence roles. Enhancing staff retention demands strategies that address the region’s specific needs. Competitive compensation packages that acknowledge the importance of intelligence work can help retain talent. The Pacific intelligence community can sustain employee engagement and motivation by establishing clear opportunities for career progression, as well as offering training and professional development programs. Designing programs and practices that align with the cultural and operational context of the Pacific would also enhance employee connection and commitment. Offering long-term incentives, such as bonuses or educational support, can also encourage employees to stay. Another option is more exchange or secondment opportunities within member nations of the Pacific Islands Forum.  The fusion centre allows for secondments from the region to the centre. But, for many, such one-and-done initiatives aren’t enough to sustain long-term interest and development.

Intelligence sharing is also an obstacle in the Pacific as nations are often wary of disclosing sensitive data and prioritise the protection of their national sovereignty. This reluctance to share information restricts cooperation and hampers the creation of thorough analyses of potential threats. Also, the decentralised structure of governance in many Pacific countries hampers the dissemination and influence of intelligence evaluations, which diminishes their utility in shaping effective policies. Many Pacific island countries also lack access to secure communication systems, making it difficult to share sensitive intelligence without risking breaches. Limited funding and a lack of infrastructure prevent the establishment of robust information sharing networks, leaving gaps in regional security.

This is why the region needs to push for the expansion of the Pacific Fusion Centre to serve as a hub for greater sharing and coordination of intelligence across Pacific nations or establish, in partnership with the existing centre, a new hub dedicated to some of the more sensitive intelligence work. Intelligence hubs are needed to provide secure communication systems and advanced tools for data collection, to conduct data analysis and to use surveillance systems to improve intelligence capabilities. As a hub, it needs to foster greater collaboration with international allies, such as Australia, New Zealand and the United States, to leverage expertise and resources to offer training programs tailored to the unique cultural and operational contexts of the Pacific. Without greater support for regional intelligence collaboration, the Pacific will remain behind in countering some of the region’s largest security issues.

This article is part of ASPI’s Pacific Perspectives series, dedicated to championing the assessments and opinions of Pacific island security experts. All opinions presented, including any errors or omissions, are the sole responsibility of the author.

From customer to catalyst: anchoring Australia’s northern marine industry through government procurement

To turn northern Australia’s marine potential into performance, the Australian government must stop acting as a passive regulator and start acting as an active customer. Procurement is power, and in thin, undercapitalised markets such as northern Australia, government spending decisions don’t just buy services—they shape ecosystems.

Darwin is no longer just a forward-operating base on the map—it’s a strategic hinge point in Australia’s defence posture. The challenge is not whether we should develop defence sustainment capability in the north; it’s how to do it rapidly, credibly and in a way that anchors long-term national resilience and commercial viability.

Despite significant investments, including the Darwin Ship Lift and Defence’s Regional Maintenance Centre North, the northern marine industry remains more promise than powerhouse. The core problem is simple: while the infrastructure is coming online, the demand signal is weak. The market doesn’t respond to vision statements; it responds to contracts.

Defence and Australian Border Force vessels deployed in the north are routinely sent thousands of kilometres south for scheduled maintenance. This approach is inefficient and sends a damaging signal to the private sector: Darwin isn’t trusted, isn’t ready, or isn’t worth the investment. The result? Hesitancy, delayed decisions, capital withheld and a fragile ecosystem.

Fixing this doesn’t require new legislation or budget allocations. It requires a shift in intent: a strategic, procurement-first approach that uses existing capability in the north as the default, not the exception. If the government wants to catalyse sovereign marine sustainment in Darwin, it needs to start writing that future into its contracts.

This means embedding Darwin-based maintenance, repair and overhaul as the preferred pathway for vessels operating in northern waters. It means using the Darwin Ship Lift and Regional Maintenance Centre as first-choice infrastructure—not fallback options. It means tying procurement to outcomes such as Indigenous participation, local workforce development, and Northern Territory content, including production and materials.

None of this requires lowered standards or acceptance of higher costs. It’s about recognising that sustainment spending is not just transactional, it’s strategic. A dollar spent on a marine contract in Darwin does more than keep a vessel afloat; it supports apprenticeships, keeps local engineering firms viable, deepens industrial know-how and builds a defence-relevant skills pipeline. It is capability creation, not just capability maintenance.

To unlock this, the Australian government should take three practical steps.

Firstly, it should adopt a Darwin-first sustainment principle for all northern operations, with local capacity used by default for all maintenance work on vessels based or operating in the north.

Secondly, it should break down large prime-led contracts into modular work packages, enabling NT-based small and medium enterprises to compete, build capability, and scale over time.

Thirdly, it should set clear and enforceable NT content targets, including Indigenous employment benchmarks and training pathways, as core contract requirements for marine work delivered in the north.

Each of these actions sends a strong market signal. They say to the private sector: Darwin is not a fringe location. It is central to Australia’s forward defence strategy. It is where opportunity lives.

This matters because sovereign capability cannot be legislated into existence. It is built day-by-day through skilled labour, companies willing to invest, planners willing to take risks, and the quiet machinery of industrial development. The government’s role is to create conditions in which those actors believe there is a future worth showing up for.

Policy doesn’t do that. Procurement does.

Border Force and Defence already have the demand. They need to resolve the issue of aligning procurement with national strategic objectives. If they do, the results will be transformative—a more resilient supply chain and a northern marine industry that underpins Australia’s Indo-Pacific engagement, regional presence and sovereign sustainment.

The opportunity is there. The infrastructure is coming online. The talent is waiting. What’s needed now is a clear and confident demand signal from the government: Darwin is not a sideline. It is the front line.

Ensuring Australia’s defence through complex interdependence

Australia’s defence thinking is based on outdated grand strategies. Adopting a complex interdependence grand strategy could create robust connections with many countries, enhancing national resilience to strategic, economic, technological and societal shocks.

Specifically, Defence would need to consider how to build resilience into its relationships to support Australian defence capabilities and industry.

Australia’s defence debates today generally assume that any proposals will readily fit within Australia’s current two grand strategies.

The balance-of-power grand strategy involves collective defence with the United States and implicitly targets China. The engagement grand strategy targets Southeast Asia and the Pacific through diplomatic, informational, military and economic links.

However, the world has changed. The US’s support in times of trouble is now doubtful. And while engagement is pragmatic, it misses the fact that Australia’s fastest growing two-way trading relations are generally elsewhere.

In an uncertain world, resilience is increasingly important as it allows a country to recover from major shocks, be they strategic, economic, technological, environmental or societal. To be sufficiently resilient, Australia must connect with other countries; no nation can thrive alone.

In a complex interdependence grand strategy, the objective would be sustaining international links that support national resilience. Achieving this will require formal and informal links with others that are problematic for them to break, whether intentionally as China is prone to, or carelessly as the US is now doing.

Developing such links involves creating asymmetrical interdependences that can be purposefully exploited to ensure robustness. Links with Australia must be in the hard-nosed self-interest of the other states to continue. Fuzzy talk of shared values or reminders that ‘we’ve always helped you’ fall apart in difficult times when international relationships are most threatened.

No single nation can provide the breadth or robustness of links that Australia’s resilience requires. This strategy would aim to weave a durable connective web of diverse relationships balanced to meet a range of possible shocks.

In devising this web, a starting point might be considering Australia’s significant two-way trading partners: China, Japan, the US, South Korea, India, Singapore, New Zealand, Malaysia, Taiwan, Thailand, Britain, Germany, Indonesia and Vietnam.

It is immediately apparent that this framework would consider security and prosperity in combination, rather than keeping them separate.

This has important implications for Australia’s defence.

Firstly, the focus of Defence would shift to building durable two-way links across multiple nations, rather than maintaining its heavy one-way reliance on the US. For example, this would mean favouring Japanese-designed frigates under Sea 3000. This would involve engaging Australian industry to build elements for use in both nations’ ships, such as Naval Strike Missiles, uncrewed submarines, towed sonar arrays and Nulka active decoys. Similarly, Australia might avoid buying more F-35 fighters in favour of joining the Global Combat Air Programme, a sixth-generation fighter project involving Britain, Italy and Japan.

Secondly, defending Australia’s international links would become a shared problem. This was not so in World War I and early in World War II, when others were unconcerned. For example, Australia should discuss with South Korea and Japan how to protect the large-scale seaborne trade in energy resources between them and Australia. Pragmatic, cooperative efforts to address this problem may help deepen other beneficial links.

Thirdly, Australia’s defence industry could deepen engagement with key countries. The industry is on the cusp of being a regional uncrewed system manufacturer, including high-end Ghost Bats and Ghost Sharks, and more affordable Speartooths and Bluebottles. Australian-made uncrewed systems have also been combat-proven in Ukraine. An ongoing effort to export uncrewed systems, or build them offshore bilaterally, could yield valuable links. Such export sales would also help maintain the viability of Australian defence industry as AUKUS dominates defence spending.

Such a grand strategy means that one or two nations would no longer dominate defence debates or decisions. Australia’s relationships should be shaped not by commercial pragmatism or defence alliance considerations, but by their robustness in times of strategic, economic, technological or societal shocks.