Tag Archive for: Australian Government

As Australia’s strategic environment changes, foreign policy funding must change too (part 2)

In part 1 of this series, we talked about Australia’s rapidly changing strategic environment. In this follow-up, we focus on ways that Australia’s foreign policy funding models should adapt to accommodate to this new environment.

Research commissioned to inform decision-makers must be empirical, data-driven and policy-relevant.

But there’s been a widespread trend across think tanks globally to focus on opinion and analysis rather than original and comprehensive research. Academic foreign-policy-focused research brings different challenges because, globally, the sector is encouraged to publish in formats (journal articles, academic books) that aren’t timely, easily accessible or regularly read by policymakers.

Original empirical research that is policy-relevant ishard and costly to conduct but is infinitely more useful to policymakers as it is grounded in facts and new datasets that help inform policy recommendations, rather than abstract analysis.

The Australian government should provide incentives for grant recipients to conduct policy research in teams for a more rounded approach.

Many foreign policy challenges now cut across so many different areas (security, technology, economics, human rights, and so on) and are so complex that it can be impossible for any individual to grapple with them alone. Teams with wide expertise allow for a much richer range of approaches to empirical research and a more holistic view of policy problems.

We have built our research output at ASPI’s International Cyber Policy Centre by developing agile teams that constantly change and evolve to suit the topic. This enables us to weave in diverse expertise such as multiple languages or deep country or thematic knowledge, in addition to unique open-source intelligence skills such as working with geospatial information and big data and using information operation investigative techniques.

Government departments tend to fund research using very small buckets of ad hoc money—though exceptions include Defence’s annual strategic policy grants program and long-term funding arrangements that some departments, including Foreign Affairs and Trade, have with Australian universities.

This small-bucket approach encourages production of reports based on short-term, and shallower, research efforts. These reports are cheaper to produce, and prioritise analysis and opinion over original data-driven work. They are a less considered and robust contribution to policymaking.

To overcome this, departments should pool some of their multiple small grants into a smaller number of bigger grants and/or increase grant sizes.

They should offer grants with less restrictive bidding parameters. Our centre secures most of its grants by identifying empirical research gaps and then pitching projects to likely funders to address them. But government departments commonly request proposals that fit within narrow bands and meet short-term objectives. They are drafted in such restrictive ways that they limit opportunities for innovative solutions.

Governments may have genuine questions they need help answering, and there’s clearly a legitimate market for such grants, but the best think-tank contribution is often empirical research that grapples with policy questions just ahead of public servants’ immediate concerns.

For departments and agencies that fund research, the challenge is the natural tendency to focus on the current issues of concern, not those about to be encountered. With the lead times involved in bidding for grants, awarding them and then delivering the research, policymakers often commission research that addresses yesterday’s issues and fails to help them with the challenges they face.

All funders would like to have a say over any research they’re paying for, and without funders no research would take place at universities, think tanks or elsewhere. However, to deliver high-quality, independent research, it’s not tenable to give funders influence over research products.

Having worked in multiple think tanks that zealously protect their independence while taking funding from multiple sources, it’s clear to us that true research independence is certainly achievable.

There are risks, especially when creating new entities. A think tank funded by a government department without a charter that guarantees independence (like ASPI’s does) would quickly become captured by the department and would struggle to deliver anything of value. Similarly, placing think tanks inside institutions like universities can also be tricky, because the new think tank can easily be captured by the priorities and views of the host.

The government should provide a pool of grants for untied research that tackles sensitive topics.

The best research think tanks produce is often work no one will fund. If it breaks new ground it’s often difficult to convince potential funders of its merit.

If it’s on topics that government departments consider sensitive—such as foreign interference or most matters associated with China, besides economics—policymakers will actively avoid funding it, no matter how much they need it.

Awarding some large grants can enable breakthrough research initiatives.

The university and think-tank models haven’t innovated much over the past century, but advances in technology and changes to the information ecosystem have made the policy-relevant research space ripe for new approaches.

Supporting new and technology-heavy infrastructure requires substantial funding that short-term grants won’t cover. Given the likely rewards for policymakers, capital investments could help research institutes build such infrastructure.

A pool of grants should also be established for quick and timely research. From time to time, opportunities arise for timely research that current funding models don’t accommodate.

For example, social media companies periodically make available large datasets of state actor disinformation operations to research institutes. The window for timely analysis is anywhere from a few days to a week. Other empirical research opportunities arise in times of crisis, such as during the Covid-19 pandemic. To enable research that seizes on these opportunities, consideration could be given to making small and medium rapid-release grants for timely, policy-relevant projects.

It’s possible to raise new funding and grow the pool for public policy research, but it’s not easy. With a few exceptions, such as the Lowy family that funds the Lowy Institute, there’s not a tradition of non-government funding, including business, foundation and civil-society funding, for public policy research in Australia.

The government could encourage that practice through greater public recognition, public–private partnerships and tax concessions to increase the pool of non-government research funding.

The underlying message from the G8 universities’ submission to this inquiry appears to point to a concern that high-quality, highly relevant think-tank research threatens to take attention and funding from university research. It would be unfortunate to view research in this field in such zero-sum terms. We need more high-quality, policy-relevant research from both universities and think tanks.

Australia’s foreign policy community, unlike those of the United States or Europe, suffers from a lack of movement between government, think tanks and the business community. This partially reflects the small size and relative immaturity of the Australian think-tank sector, but it’s also deeply cultural.

Most public servants in this sector have never worked outside government, and sometimes never outside their department or agency. The public service makes this movement difficult and, culturally, many departments and agencies haven’t valued outside experience and expertise.

We’re aware of many examples where high-performing think-tankers and others in the business community have sought to return to the government department they started their career in only to be told they’d have to return to the APS level they left the department at. Giving no recognition to the five to 10 years of non-government experience they’ve acquired (including new skills, perspectives and networks) makes the transition back to government untenable.

This narrow and culturally entrenched outlook is slowly changing, but encouraging a flow of people between foreign-policy-focused government and non-government roles would help.

Mixed backgrounds also need to be valued more in government recruitment and promotion processes. Departments need more senior executives who have worked outside them and who bring a more three-dimensional view of Australia’s place in the world, including looking at our foreign policy challenges from different angles, rather than having experienced a view from one department. APS staff should be guaranteed unpaid leave when they seek to take up certain foreign-policy-relevant roles outside government. And the numbers of secondments from government into policy-focused think tanks (currently minimal) should be significantly increased.

National security and income management of Indigenous Australians

The wellbeing and security of Australian Aboriginal and Torres Strait Island peoples, especially those in regional and remote communities, has long been stymied by wrong-headed assumptions and policies. In recent years, the consensus view of national security is that its definition should be expanded beyond military threats to include other threats to human security such as disease, poverty, and food and energy insecurity. There are national security implications that flow from successive failures in Indigenous affairs that are more significant than generally recognised. Putting self-determination at the heart of policy is a national security issue.

The 1967 change to the constitution meant the Commonwealth could make valid laws for the Aboriginal people, but rarely has it legislated without the states’ collaboration. Prejudice and negative assumptions about worthiness actually determine outcomes for First Nations people, rather than equality or equity.

The questions for policymakers are: why are so many Indigenous Australians on social welfare schemes, and why have these schemes been allowed to become lifetime settings that have diminished options and opportunities for First Nations peoples over many generations? How do policy settings focused on institutional dependency and dysfunction, control, penalties and authority contribute to other social problems we hear about too often, like domestic violence, suicide and children in out-of-home care? Social policy has a major impact on the multifaceted encounters a person has with the public-sector system.

The government’s enthusiasm for what is known as a cashless debit card, a regime to control the behaviour of people on public-sector welfare support, is an apt demonstration. With the debit card, 80% of welfare is quarantined, accessible only via a debit card that can’t be used to buy alcohol, gambling products and some gift cards or to withdraw cash.

It is not a voluntary program. The scheme has an ideological and punitive mindset behind it to micromanage the behaviours of people deemed worthless, without effective wraparound services or an objective or fair pathway to exit. People are doomed to remain incapable of handling their own affairs; they are forever stigmatised.

The efficacy of the cashless debit card is not supported by on-the-ground evidence. In most of the trial sites where the card has been rolled out, First Nations people are disproportionately affected and are not transitioning to personal self-management. In the last sittings of parliament before the summer break, the government won an extension of this bankrupt policy for another two years.

Managing the incomes of First Nations peoples is backward-thinking policy. It will do nothing to close any gaps between Indigenous Australians and other Australians. Nor will it help a new relationship to emerge between government and First Nations. It serves only to deny First Nations peoples the right to manage their own affairs and to highlight their entrapped colonial status. This is as it was prior to federation and as it has been in the 120 years since—except for the brief period when the Aboriginal and Torres Strait Islander Commission was in existence, before it was pre-emptively axed in 2005 by the Howard government.

Policies as they affect First Nations peoples and drive self-determination need to reflect their aspirations and needs. In addition to the core demands set by the Uluru Statement from the Heart (a constitutionally recognised voice to the parliament; truth-telling; a Makarrata, or agreement-making, process; and treaty-making), First Nations have identified other policy priorities. These include the importance of child and maternal health, education at all levels from early childhood to post-school, employment and training opportunities, decent and appropriate housing, transport and communications infrastructure, and commercial opportunities. Good public policy needs to be informed by the knowledge, expertise and expressed desires of First Nations peoples, their diversity and the need for them to be partners in decision-making.

Opportunities to develop small businesses are there to be realised—there is no reason why First Nations should continue to rely on middlemen or constant governmental oversight. First Nations companies should be running the businesses and enjoying the returns; procurement policies need readjustments to facilitate communal as well as individual acquisition of wealth.

Government social policies need review and refreshment to diminish welfare dependency. A good start for remote and regional communities would be to aggregate the outlays in existing social policy programs and, with some top-up, redeploy them to a reinvigorated CDEP (Community Development Employment Project).

A new CDEP model would respect community autonomy and self-determination. Communities would define ‘work’ within social, cultural and economic parameters and develop pathways to sustainable and productive enterprises. They would have access to flexible vocational training and business development opportunities adapted to the specific needs of their populations.

Critical to the better administration of First Nations affairs is regional autonomy. A revived CDEP would make service providers accountable to regional authorities, which would have access to financial and other data for strategic planning and accountability purposes. The opposition’s 2019 policy manifesto, which revolved around regional assemblies, would be a good start to local decision-making and place-based solutions for community development.

Current policies have failed and will continue to do so if not changed. The Abbott government’s Indigenous Advancement Strategy was a high point of centralised administration. Its continuation demonstrates a lack of appetite for real, enduring reform. It runs counter to the government’s intentions to work with the peak Aboriginal organisations on closing the gap, and fails to understand or address demands for self-determination.

Opportunities for reforming the Australian government’s data centre procurement arrangements

Data has been referred to as the ‘new oil’ or ‘new gold’, but it’s more than that. Most organisations can’t function without it. That applies equally to governments.

Australian government data creation, collection, storage and analysis has grown and continues to grow, as does government reliance on it. With continued government policy directions promoting increased outsourcing of data storage, processing and cloud storage, the value and protection that disaggregation and diversification generate may be lost in the absence of appropriate oversight.

Our new ASPI report, Devolved data centre decisions: opportunities for reform?, launched today, looks at the unintended consequences of the government’s procurement arrangements for data centre services. It is aimed at shaping a better conversation on issues, challenges and factors to consider in the management of outsourced data centre arrangements.

Despite the intent of the Digital Transformation Agency’s Data Centre Facilities Supplies Panel, current arrangements place a high level of onus on individual agencies to identify and mitigate risks in the absence of whole-of-government oversight. This limits the opportunity to respond in a coordinated manner to wider interests of government, including those relating to concerns about supply chains and concentrated data holdings.

Established in 2010 as part of the Australian Government Data Centre Strategy 2010–2025 and following Peter Gershon’s 2008 review of the government’s use of information and communication technology, the panel aimed to address the high cost of ICT procurement through a coordinated approach.

The business case was based on analysis suggesting that an estimated $1 billion could be saved over 15 years through a data centre strategy that included a supplier panel.

But the panel has resulted in aggregation of government data holdings, raising the risk of single points of failure, where one breakdown could prevent the government from delivering its services. Aggregation also fosters a lack of diversification in providers, which could reduce innovation.

The high cost associated with moving to alternate data centre providers has created barriers to exit, which in turn stifles opportunity and reduces market flexibility. This in essence establishes a conflict with competition policy outcomes. The cost of transitioning to a different provider may also be higher due to increased contract lengths and extensions. That’s both a symptom and a driver of a level of market capture.

Concerns about the government’s ICT procurement arrangements are well documented. The 2017 DTA Report of the ICT Procurement Taskforce identified impediments to improving ICT procurement across government, including a lack of centralised policies, coordination, reporting, oversight and accountability. The report attributed this to more than 20 years of devolved agency decision-making; the limited capability and risk-adverse nature of the Australian public service with a focus on compliance; a fear of failure; poor collaboration; and industry engagement.

However, the taskforce’s recommendations and the government’s response failed to address data centre procurement, which also includes issues related to the ability and maturity of small to medium-sized agencies to adequately respond to tenders. Such difficulties may be amplified in agencies that are inconsistent in their preparation and assessment of tenders, lack transparency and consistency in decision-making, and have a poor understanding of the costing models used in the data centre market.

What is needed over a five-year horizon, given this changing environment, is a clearer conversation and greater confidence in controlled ownership.

While the unintended consequences of current arrangements have been discussed in some detail, aspects relating to sovereignty, critical infrastructure and 5G network ownership are flagged as areas needing further consideration in the context of outsourced data centre services.

Our report highlights critical issues for consideration and resolution, including the lack of a whole-of-government overview and the fragmentation of management of data security. The absence of a single entity accountable for whole-of-government data centre outcomes results in increased data risk, the perpetuation of market distortions and reduced market flexibility. Accountability has been pushed down to the departmental level. Given the limited resources of small and medium-sized agencies, this drives the selection of convenient options, which in turn establishes barriers to taking advantage of market flexibility and efficiency. While the mandate of the DTA is to provide policies, standards and guidance, it lacks resources and the authority to drive whole-of-government ICT outcomes.

In addressing these challenges, it will be important to respond at two levels. The risk that’s caused and amplified by the aggregation of data centres must be mitigated.

There’s also the need to establish oversight and accountability, including a strategy for managing of government information and data assets, going beyond the current agency-by-agency approach. An authority set up to manage this would have objectives relating to data security and management of overall data risks as well as promotion of market flexibility and efficiency.

Can the Australian public service rise to the cloud?

Modern businesses are so reliant on computer technology that it has been suggested ‘software is eating the world’.

Companies depend on IT not only to run their operations, but also to get a competitive advantage. Tesla, for example, is a software business wrapped around an electric motor and a chassis, and logistics giant UPS uses advanced analytics to save hundreds of millions of dollars by optimising delivery routes and identifying the most efficient ways to distribute packages.

These software and computing systems are just as critical in government as they are in business—or at least they should be. It’s been recognised that one of the key enablers of robust, resilient and responsive government services is cloud computing. The United States, United Kingdom and Australia all have cloud adoption or ‘cloud first’ strategies, and the US Department of Defense is spending up to US$10 billion on secure cloud infrastructure.

But in Australia there’s a problem. The recent review of the Australian public service found that it was lagging behind comparable governments in making the transformation to delivering government services digitally. We haven’t fully taken advantage of cloud computing and the changes in culture and mindset that can flow from its adoption.

One self-imposed constraint has been the financial distinction between operating expenditure and capital expenditure. Government departments have considered it difficult to move spending from the capital-intensive model of dedicated hardware to the more operating-expenditure-intensive model of cloud computing.

ASPI sought comment on this issue from the government and Matt Yannopoulos, deputy secretary for budget and financial reporting at the Department of Finance, wrote:

The Australian Government assesses the need to fund ICT projects alongside all other objectives and policy priorities on its agenda. As with household budgets, the extent of funding is not unlimited, and therefore the government has to consider the individual merits of ICT projects that are proposed to be funded. Successful ICT proposals demonstrate that the investment is productivity-enhancing, necessary, well planned and implementable, and serves the needs of the Australian community.

ICT proposals that are brought forward for consideration should adhere to government rules and processes that ensure the proper use and management of public resources. This includes the Budget Process Operational Rules (BPORs), which facilitate the prioritisation of proposals and decision-making process in a formal and deliberate manner. Entities bringing forward proposals may find elements of the BPORs challenging, especially those entities that do not routinely engage in the budget process. However, the BPORs are designed to be flexible to support entities to achieve their business outcomes, while ensuring that there is an appropriate use of public funds.

Alongside the BPORs, the Australian Government operates a devolved procurement framework where discrete Commonwealth entities are responsible for undertaking their own procurement processes. The Department of Finance maintains the Commonwealth Procurement Framework, which includes the Commonwealth Procurement Rules (CPRs). The CPRs set out the basic rule set that applies to entity procurement activities, and are refreshed regularly to ensure that they remain relevant and able to assist entities to meet their business needs.

A core rule in the CPRs is achieving value for money. When considering value for money, the CPRs are clear that this is not solely based on price, and requires the consideration of a broad range of relevant financial and non-financial costs and benefits.

These rules and processes recognise that we live in a world where changing technologies shape the nature of the proposals that are developed. This is especially so within the ICT arena with the emergence of cloud technology. Proposals now that rely more on cloud technology can be heavier on operating expenditure than older ICT proposals, which were more capital intensive. For significant new proposals brought forward for government consideration, decision-makers (and the funding provision) are largely agnostic of the mix of capital and operating expenditure.

The BPORs facilitate entities to work with Finance so that it is not an onerous undertaking for them to seek a movement from capital to operating expenditure, where required, to support cloud service provision. Finance seeks to assist entities to work within the broader appropriations framework, instead of enforcing rules for their own sake, and in most circumstances there has not been an impediment to the movement of funds in this manner to meet an entity’s business requirements.

To further support entities’ ICT proposals that include cloud technology, the Digital Transformation Agency administers the Cloud Marketplace, which is a whole of Australian Government panel that is optional for use by all Commonwealth entities, and state and territory agencies. The Cloud Marketplace provides software as a service, platform as a service, infrastructure as a service, and specialist cloud-related professional services, such as consulting. Entities that use the Cloud Marketplace must conduct their procurements in a way that is not inconsistent with the Commonwealth Procurement Framework, including the CPRs.

Through these mechanisms of government, Finance supports the efficiency, scalability and appropriate pricing that the cloud can provide for efficient and effective government service delivery.

Yannopoulos makes it clear that government procurement rules are not the blockers of cloud computing that they are sometimes perceived to be. Government agencies must adopt new ways of doing business that don’t rely on outdated models of IT procurement, so they can provide faster, more nimble government services driven by continuous evolutionary improvement, rather than slow, irregular step changes driven by large, capital-intensive projects that take years to conceive and deliver.

Australia’s intelligence agencies send mixed signals on openness and transparency

On 1 September the director-general of the Australian Signals Directorate, Rachel Noble, gave a well-publicised speech titled ‘Long histories—short memories: the transparently secret ASD in 2020’. The themes were that the agency would be as transparent as an inherently secret agency could be about its role and the legal constraints upon it, and a pride at how it had evolved from the primitive Defence Signals Bureau in 1947 to the highly capable and technologically advanced organisation of today.

Many listeners probably expected a proud reference to ASD’s official history, commissioned by Noble’s predecessor Mike Burgess in 2019 and scheduled for publication in 2022. Instead, there was silence on this project, followed a few days later by the revelation that the history, on which work was already well advanced, had been decommissioned.

The decision was both regrettable and surprising. The reasons for the disappointment were underlined shortly afterwards when the UK’s GCHQ, ASD’s senior partner in the Five Eyes network, published its own authorised history. In a foreword the head of GCHQ said that explaining the agency’s past, and being open about its successes and failures, was an essential basis for ‘maintaining our licence to operate’. Just as GCHQ was following MI5 and MI6 in publishing official histories, so ASD had appeared to be following the tradition established by ASIO, which had recently published a three-volume official history. ASD’s choice of John Blaxland as its official historian was based on his substantial contribution to the ASIO history.

Both the British and Australian agencies have evidently decided that such histories contribute to developing the public trust that is essential for secret agencies to operate effectively. Moreover, the GCHQ history includes substantial coverage of the origins of signals intelligence and cryptanalysis in Britain. Noble told a Senate estimates committee that her decision was based on Blaxland’s extensive coverage of the early history of sigint in Australia.

The ASD decision was surprising in the context of recent developments affecting Australia’s intelligence and security agencies, since Malcolm Turnbull’s government announced two decisions in 2017. By accepting the recommendations of the independent intelligence review by Michael L’Estrange and Stephen Merchant, the government endorsed the upgrading of the Office of National Assessments to the Office of National Intelligence, with the broad remit of coordinating the work of the entire intelligence community.

This was consistent with the vision of the principal architect of that community, Justice Robert Marsden Hope, in his two royal commissions in the 1970s and 1980s. Intelligence agencies, he said, should serve the whole of government, and not be dominated by one or two powerful policymaking departments. They should be coordinated by an agency responsible to the prime minister. Policymaking should similarly be a whole-of-government matter, coordinated by ministerial and official committees, with no single department given a predominant role.

On the same day that Turnbull announced the upgrading of ONA to become ONI, he also announced the creation of the Department of Home Affairs. A number of intelligence and law enforcement agencies were placed into a mega-portfolio, with a strong policy mindset of ‘keeping Australians safe’. This ran counter to several of Hope’s fundamental principles, including the separation of intelligence from policymaking, the separation of collection from assessment, and the separation of intelligence from law enforcement.

Since then, a number of events and announcements gave rise to the charge that Peter Dutton as minister and Michael Pezzullo as department head were seeking to turn Home Affairs into an even more wide-ranging ‘Department of National Security’, encroaching on the terrain of other departments.

In recent months, there appears to have been a change of tack, designed to achieve the same strategic goal. The apparent aims have been twofold: to establish the central role of Home Affairs in all matters of national security, and to enable ASD to monitor Australian ‘bad actors’. The tactics have included much greater emphasis on public presentations by the heads of intelligence and security agencies, all emphasising the importance of transparency.

Noble’s speech, for example, was part of a series of presentations at the Australian National University’s National Security College. Mike Burgess has made a number of public presentations, first as ASD head and then as head of ASIO, all emphasising the importance of making secret agencies as transparent as possible about their past, current and likely future activities. Readers of The Strategist will be aware of the series of four interviews with Paul Symon, the head of the Australian Secret Intelligence Service, currently being published.

The Australian malefactors who are in the agencies’ sights are, it is stressed, not only terrorists but also paedophiles, and the work of AUSTRAC on associated money-laundering has had a considerable impact.

These presentations refer frequently to the existence and powers of oversight agencies, including the Inspector-General of Intelligence and Security, the Australian Commission for Law Enforcement Integrity, and the Parliamentary Joint Committee on Intelligence and Security. Noble’s presentation to the National Security College was consistent with this approach, but the decision to decommission the history was in sharp contrast.

While Dutton has kept a lower profile, Pezzullo has continued to argue publicly, in several interviews, that Australia faces an unprecedented number of threats to its security, that his role as secretary of Home Affairs is central to the coordination of Australia’s response, and that the expanded role of ASD is an important element in Australia’s capabilities. It was noteworthy that Pezzullo attended Noble’s presentation at the National Security College, but the outgoing director-general of national intelligence, Nick Warner, did not.

Following these mixed signals comes the government’s appointment of Andrew Shearer as the new head of ONI. As a former deputy director-general of ONA, Shearer is likely to share that organisation’s pride that its assessments are guaranteed by legislation to be independent of ministerial or departmental influence. Having been a senior adviser to Coalition prime ministers and most recently Cabinet secretary, he would be exceptionally well qualified to ensure that ONI fulfils the role envisaged by Hope and reinforced by L’Estrange and Merchant—an agency that will coordinate the entire intelligence network, responsible to the prime minister and providing independent intelligence assessments to policymakers at the highest level, but not dominated by any one department.

The signals from the intelligence community in the coming months and years should be carefully monitored.

Morrison is closing the seams in our federation that China seeks to exploit

Prime Minister Scott Morrison’s proposed foreign relations bill is all about closing the seams in our federation and giving practical effect to the Commonwealth’s constitutional power on foreign relations. It’s necessary primarily because other countries are exploiting the gaps between our federal, state, territory and local governments to Australia’s disadvantage.

The new law is also necessary because the current informal consultation on foreign policy matters between states and the Commonwealth just isn’t working. We can see the problem graphically with Victoria. Victoria has signed up to Xi Jinping’s controversial Belt and Road Initiative, a move Premier Daniel Andrews defended by saying, ‘I’m not going to apologise for a trade policy that is all about growing Victorian jobs.’

In contrast, the federal government recognises the national security and foreign policy danger in Australian states joining an initiative designed to build China’s strategic, technological and economic power over others. Right now, with Beijing using trade as a weapon against Australia, this concern looks well placed.

If Francis Fukuyama had been right back in 1992 with his ‘end of history’ thesis, nation-states would have receded into the background as we all entered a post–Cold War liberal international nirvana. But this globalist vision got mugged by the return of national power, particularly as practised by the authoritarian People’s Republic of China. And Covid-19 has further reinforced the value of cohesive national action, led by countries’ central governments.

Inverting Fukuyama, powerful countries can use global connections, technology and relationships to reach into others’ domestic economies and politics to interfere with and influence national policy and to gain advantage. The People’s Republic of China does this both openly and through coercive and corrupting means, and has arms of government devoted to it, led by its United Front Work Department.

From Beijing’s perspective, the seam between governments in Australia is a perfect place to put a wedge—and work at the level of the states and territories to achieve what Beijing cannot at the federal level. Collecting a few state governments to participate in the BRI, for example, would put pressure on Canberra to change its policy. And if it doesn’t, it becomes irrelevant because of the economic heft of big states such as Victoria and New South Wales. The fact that only the federal government has the agencies and horsepower to properly assess the national security implications of such decisions makes this easier.

It’s a similar story with local governments and public universities. The partnerships they enter into with foreign governments can have deep consequences for our national security, as we see with the leaching of our universities’ intellectual property to China’s People’s Liberation Army and internal security apparatus through research partnerships and the Thousand Talents Plan.

China is the textbook case of a national regime that sets foreign policy which is then implemented by its provincial governments and through its large state-owned corporations, military, security agencies and state universities. There are no seams that can be exploited there. Other states, such as Israel and Singapore, are also well organised and cohesive—to their advantage, and often to ours because of alignment with our interests and values.

The Chinese Ministry of Foreign Affairs may well express outrage at the proposed law, while being quietly disappointed that Australia will simply be preventing China from doing here what Beijing would never allow others to do within its jurisdiction. Provincial governments in China could not strike deals with Australia, for instance, without Beijing’s approval.

So, the protective side of the government’s foreign relations legislation would end arrangements that are against Australia’s interests. The public register proposed under it will provide the transparency to allow this. Many arrangements with many governments will simply proceed unchanged because they make sense.

There’s a less obvious but very positive side of the proposed law, which is also a consequence of this improved transparency. The register will allow us to see connections and possibilities across different levels of government and our universities that we can actively exploit to our and our foreign partners’ advantage. It will let us make policy and operational connections that we may otherwise have missed, whether that’s about reinforcing a priority research partnership or seeing new economic and trade opportunities.

The new law needs to be debated in the federal parliament, but there’s no doubt that closing the seams in our federation and seeing new opportunities across our myriad international partnerships are both in Australia’s national interest.

National cyber resilience strategy needed to protect Australia’s small businesses

Australians have learned severe lessons with the disruption of public health management during the Covid-19 pandemic and its social and economic consequences. Now, the nation has been alerted to serious cyberattacks, which Prime Minister Scott Morrison said were carried out by ‘a sophisticated state-based cyber actor’.

There’s also been an increase in such attacks on individuals and businesses by criminals using the pandemic as cover.

Given these increasing national security threats, we must take very seriously the state of cyber security in Australia. What happens if a key part of our economy is badly unprepared for malicious cyber activity? What impact might a successful attack have on the nation?

Small businesses make up a third of Australia’s economy. They are defined as having an annual turnover of less than $2 million or employing fewer than 20 people. They are inherently diverse, ranging from childcare and healthcare centres, to government and industry suppliers.

The pandemic has illustrated the importance of childcare to working parents. Consider the national impact if all of Australia’s childcare centres were suddenly unavailable. A concerted cyber campaign that closed down thousands of centres would have serious consequences for entire communities, with major implications for governments.

Other potential targets for malicious actors could be the health practitioners who have access to the sensitive data of nearly all Australians. The impact if this data were stolen and if the practices were unable to operate could be devastating.

And might poor cyber hygiene in a small business with authorised access to Defence Department networks provide an enticing ‘back door’ to our military secrets?

While large enterprises in Australia have generally enhanced their cybersecurity measures in recent years, small businesses operate in a very different environment. Big firms typically have dedicated IT staff and detailed information-security policies and practices.

In contrast, small businesses often have just enough staff to deliver a particular service, tight budgets and time-poor owners who might also manage the IT despite having a limited understanding of cybersecurity principles.

The reality is that most small businesses are highly vulnerable to malicious cyber activity. The Australian Cyber Security Centre has been warning of this, particularly during the Covid-19 crisis. It has issued advisory alerts outlining the increasing threat posed by criminals using Covid-19 themes and taking advantage of society’s distraction and uncertainty during the pandemic to carry out attacks online against individuals and small businesses.

The inaugural Australian cybersecurity strategy was released in 2016 to help Australian businesses boost their cyber resilience. The strategy noted the importance of the sector to the nation, and its vulnerabilities.

Attempts to turn that intent into tangible outcomes have been disappointing to date, as shown in the findings of the Cyber Security Centre’s recently released small business survey.

The government needs to provide more sophisticated leadership in this domain—to encourage small businesses to enhance their cybersecurity for their own sakes and so that they can strengthen national cyber resilience.

The government has mechanisms it could use to stimulate this outcome. The right policies might encourage the designers of new products and services to place greater emphasis on security and privacy from the start. Technical standards are another area in which the government could insist on improved online security—for example, the domain name system, encrypted certificate standards, and secure email protocols.

The government also has a key lever at its disposal in the myriad supply chains of small business providers. Making enhanced security part of the accreditation process for those suppliers could encourage them to start to increase their own cyber resilience. That would spill over into their private online security, with all the flow-on benefits.

The government could also directly enhance cybersecurity for the nation generally, including small businesses, by developing and testing common cybersecurity ‘toolsets’ across government departments, and then making them available publicly. The UK offers an example of such a strategy, through its ‘active cyber defence’ initiative.

Finally, the government could do more to help small businesses accurately assess their own levels of cyber resilience and understand practical measures they can take. An easy-to-understand cyber maturity model and certification framework that resonates with time-poor, cash-strapped business owners might encourage them to do their part in growing the sector’s cyber resilience.

Improving the cyber resilience of thousands of small businesses is not just about their wellbeing. It’s an important element of strengthening the nation against serious cyber threats.

Cybersecurity is a national priority for Australia

Australia’s cybersecurity has never been more important to our economic prosperity and national security.

At the same time, there are more cyber criminals and they are better resourced, and state actors have become more sophisticated and emboldened. Australia has been fortunate to avoid a catastrophic national cybersecurity incident so far, but the threat to essential services, the economy and potentially even human life remains very real.

Real threats need real action. Some 65% of Australian businesses have been interrupted by a security breach in the past year, with half of these costing between $1 million and $4.9 million. It’s particularly difficult for small and medium businesses to know how to defend against insidious threats like ransomware. Indeed, we know that around half of Australian victims pay the ransom, desperate to get their livelihoods back.

The 2017 ‘WannaCry’ ransomware attack severely impacted the UK National Health Service and many other global organisations. In 2018, the ‘NotPetya’ malware spread from Ukraine to the Cadbury factory in Tasmania.

Online data breaches are now so common that many in our community treat them as a non-event. But one of the consequences of those data breaches is identity crime, which has impacted one in four of us. The clean-up is usually messy and traumatic, with most identity crime victims reporting a psychological impact.

We cannot be blind to the hostile forces intent on using technological change to exploit our businesses, vulnerable community members and our children, and ultimately undermine our way of life.

It’s time to stop, step back and look at this problem with fresh eyes.

Our landmark cybersecurity strategy in 2016 invested $230 million to foster a safer internet for all Australians. But as the cyber threat evolves, so must we. As a nation and a community, we’re less prepared than we need to be. That is why the government has committed to delivering a new cybersecurity strategy in 2020.

Government doesn’t have all the answers. The complex, intertwined digital world means we need the whole community to provide their views. So we put out a nationwide call for views through a discussion paper, and the responses have overwhelmingly been clear, consistent and compelling.

Your calls for action have been heard. You’ve asked for more leadership from government.

We need to start by looking at roles and responsibilities, such as the role that balanced regulation and standards can play in improving the baseline cybersecurity of systems that are most critical to the economy and community. Equally, the many views on improving information sharing, supporting small and medium businesses at scale, changing behaviour through awareness, and recognising the importance of cybersecurity skills will shape the new strategy.

The formal call for submissions might have closed, but the conversation is really just beginning.

Cybersecurity has been, and will always be, a collective responsibility between governments, industry and the community. And we need to make sure there aren’t gaps or barriers stopping us from working together—legal, technical or otherwise.

Unlike the transport, water and power sectors, the internet is fundamentally shaped by the private sector—not governments. The private sector provides most digital services and holds most of the data.

Government’s limited role online means more responsibility for cybersecurity is borne by the private sector. Many digital providers are doing the right thing, and I’ve seen countless examples of Australian businesses addressing the threat in innovative and creative ways. The next generation of technological solutions are being developed by Australia’s world-class cyber industry.

However, when the risk isn’t managed appropriately, everyone pays—businesses, governments and the community. Right now we’re paying too much, and we’re too vulnerable.

Too often ordinary Australians are expected to be their own cyber experts. In addition, the private sector is left to defend our most vital systems from the highest-end threats by themselves. In many cases, government wouldn’t know if industry was under attack until after the fact. How many of us are comfortable with this status quo?

While cyberattacks are automated, most of our defences are human. We’re fighting a 21st-century problem with a 20th-century mindset.

The way the internet has evolved makes it difficult to tackle cybercrime: anonymity is easy and effective, Australian Federal Police investigations often hit dead ends in international safe havens, and hacking tools are cheap and widely available on the dark web.

The internet has made our lives richer and easier, and businesses more efficient. Australians don’t want to turn back the clock. However, they have a right to expect a level of cybersecurity that gives them confidence online.

We’ve solved problems like this many times before. Australians trust the cars they drive, the water they drink and the medicines they consume. This is because everyone involved in providing these goods and services is accountable for managing risk and consumers understand what they need to do. It’s a national priority that we get to the same mature state in the digital world and make necessary changes to protect all Australians—particularly the most vulnerable.

Australia in ASEAN: Indonesian centrality

The roller-coaster nature of Australia’s history with Indonesia—high moments of great optimism, low periods of clash and argument—means that Indonesia’s foreign policy elite is cautious when contemplating the idea of Australia joining ASEAN. But it’s something that Australia’s policy elite might well contemplate.

As one example of Australia’s thinking about Indonesia, note Tony Abbott’s view that it’s ‘in many respects our most important overall relationship’. Heading off to Jakarta on his first overseas trip as PM in 2013, Abbott saw the approach to Indonesia as vital: ‘It’s probably not realistic to think of Australia having the same relationship as it has with New Zealand but that’s the direction you would like it to move in.’

The Oz–Kiwi relationship has a depth of history and culture that we’ll never have with Indonesia. But Abbott is surely right that Indonesia is a central factor in Australia’s regional future. I could offer quotes of a similar tenor from every Australian PM going back to Menzies (although the Menzies embrace of the idea of living with Indonesia forever was deeply coloured by dread).

As another example, see Paul Keating’s 2012 Murdoch lecture, in which he argued that Indonesia will become Australia’s most important strategic partner:

How things go in the Indonesian archipelago, in many respects, so go we. Indonesia remains the place where Australia’s strategic bread is buttered. No country is more important to us—and it is a country which has shown enormous tolerance and goodwill towards us. Focus on this country should be a major imperative driving our foreign policy.

An Australian move to join ASEAN would be about the centrality of Southeast Asia to our strategic and economic future. And at the heart of that equation is Indonesia.

A discussion of Australia joining ASEAN is also a way to conceptualise a deeper association with Indonesia. The importance of Indonesia should feed into the understanding of what Australia could do with ASEAN. The bilateral builds towards the regional, just as the regional fosters the bilateral.

The previous Indonesian foreign minister, Marty Natalegawa (2009–2014), rejects Keating’s call for Australia to join ASEAN, arguing that it’d be a distraction for ASEAN and could even inflame tensions inside Australia about our alignment with Asia. Natalegawa’s two big worries are China tearing apart ASEAN and the Jokowi administration musing about a ‘post-ASEAN’ diplomacy.

In both areas, Canberra should argue that a bigger Australian role in ASEAN would be more of an asset than a hindrance. Australia joining ASEAN would help, not hurt, the middle-power game with China.

Natalegawa’s predecessor as foreign minister, Hasan Wirajuda (2001–2009), took a more technocratic approach when I spoke to him about Australia joining ASEAN. Wirajuda pointed to the formal veto—not being part of Southeast Asia —plus an informal rule that a member of ASEAN can’t be part of another regional grouping, as Australia is in the Pacific Islands Forum.

The response to those points is that Australia, as a nation on its own continent, has a series of regions. And formal rules can be changed as circumstances change.

In discussing the Australia-into-ASEAN idea, Wirajuda says he sees it as a replay of the debate within ASEAN about admitting Australia (and New Zealand) to the East Asia Summit: ‘I communicated with my counterparts, early on, especially when Australia was invited to joined the EAS, and said, accelerate the process of integration of Australia into this region, first into ASEAN but then into a larger community-building process.’

Wirajuda says the integration argument succeeded in the EAS, but failed when he was pushing for Australia to be admitted to the Chiang Mai Initiative, the currency swap arrangement between ASEAN, China, Japan and South Korea. He’d strongly supported Australia joining Chiang Mai, but China was even more emphatic in rejecting Australian membership.

Wirajuda’s advice on Australia’s way ahead with ASEAN: ‘I think Australia should make itself more accepted by the region. Speed up your integration—less in a formal process—more in substance.’ He thinks that integration could lead to the moment when ASEAN admits Australia, initially as a half-member with observer status—shifting Australia from the status it has had since 1974 as an ASEAN dialogue partner.

‘I think in the future we should be open, ASEAN should be open to create this special status of observer’, Wirajuda says. ‘So far we work under the ASEAN-plus-one dialogue process, we have a regular dialogue process with Australia. In effect, it would not be much different with observer status, as the ASEAN-plus-one dialogue is done back-to-back with the summit. To me, the margin of difference between dialogue partner and observer is not so much.’

I asked Wirajuda whether reaching for Australian ASEAN membership would be seen as too ambitious, raising too many questions for ASEAN. Ever the diplomat, Wirajuda replied with a meditation on whether Australia would be able to play by the club rules: ‘In the dialogue process, ASEAN-plus-one, our partners can raise anything. But, of course, our partners know how the consensus decision-making process works in ASEAN, which also is perhaps a handicap for our partners.’

Australia’s shift towards ASEAN could happen in step with the broadening and deepening of what Australia seeks to do with Indonesia. That is the perspective of a former head of Singapore’s Ministry of Foreign Affairs, Kishore Mahbubani. Here he is making the yes case for Australia’s ASEAN membership. And here are Mahbubani’s further thoughts on how Australia’s embrace of its strategic and economic future in Southeast Asia would move in step with its central relationship, with Indonesia:

Your relations with Indonesia have got to change. You have to show much greater sensitivity to them, closeness to them. Right now you have a good formal relationship, but it’s all about government-to-government, not a heart-to-heart relationship with Indonesia. Mind you, I don’t expect a big-bang change. I think it will be gradual for Australia.

Australia’s gradual movement towards Indonesia must be closer and deeper, just as it must be with ASEAN.

Law enforcement and the Home Affairs portfolio

The media commentary that followed Prime Minister Malcolm Turnbull’s 18 July Home Affairs portfolio announcement (see here, here and here) almost exclusively concentrated on Australia’s counterterrorism (CT) arrangements. Despite the announcement, Australia’s continued success in disrupting terror plots makes it unlikely that the new Home Affairs minister will be crafting drastic changes to CT arrangements. But there’s so much more to home affairs and domestic security than CT.

Australia’s strategies and policies for dealing with transnational serious and organised crime and illicit drugs have nothing like the same level of coordination or success as those in the CT domain. That becomes clear when you consider the following:

  • In June 2016 the Australian Criminal Intelligence Commission (ACIC) estimated that serious and organised crime cost Australia $36 billion in 2013–14.
  • Australia’s current national drug strategy is now two years out of date—and the replacement National Drug Strategy 2016–2025 is still only in draft.
  • The ACIC’s latest Illicit Drug Data Report found that, for the most part, illicit drug purity is unchanged and that drugs remain easy to obtain and, in some cases, their street price is dropping not increasing.
  • Australia’s National Organised Crime Response Plan lacks relevance to law enforcement decision-making at operational and tactical levels.

While our law enforcement agencies, including the Australian Federal Police (AFP) and the Australian Border Force (ABF), have achieved outstanding operational results, the fact remains that the government’s policy intentions of reducing the availability of illicit drugs and the impact of organised crime aren’t being achieved. That can almost certainly be attributed to shortcomings in policy and strategy settings rather than operational efforts.

It’s way too early to definitively predict what changes will be brought about by the new Home Affairs portfolio arrangements. Importantly, for the first time, a senior minister will represent law enforcement issues in Cabinet and on the National Security Committee. That’s a great outcome. When it comes to Commonwealth law enforcement, the AFP, ABF and ACIC can expect some big strategy and policy changes to occur.

It would make good policy sense for the Home Affairs minister to undertake a substantial review of the Commonwealth law enforcement agencies’ organisational frameworks, including their roles and responsibilities. If the implementation of the Home Affairs portfolio is to result in any efficiencies, especially cost savings, they’re likely to be found there.

For example, the ACIC has three separate task forces for fusing and sharing intelligence on organised crime: the Australian Gangs Intelligence Coordination Centre, the National Criminal Intelligence Fusion Centre and National Taskforce Morpheus. The Department of Immigration and Border Protection has the Border Intelligence Fusion Centre. And the AFP has remodeled its intelligence function to enhance the ‘identification of convergences and vulnerabilities in criminal activity across investigations to streamline targeting of organised criminals’. The new Home Affairs approach could reshape those various efforts into a single centre, or perhaps even merge the functionality into the highly successful CT-focused National Threat Assessment Centre.

As there’s never been a Commonwealth law enforcement white paper, Minister Dutton may also choose to conduct a more substantive review of each agency’s long-held strategy and policy assumptions. Such a process could consider whether the Home Affairs portfolio arrangements might allow for more substantial structural changes; for example, could the roles of the ACIC be split between the minister’s office, ASIO, the AFP and the ABF?

It’s also likely that the minister’s office will take a greater role in coordinating Australia’s national illicit drug supply reduction strategy. For the AFP, ACIC and ABF, that’s likely to result in more granular guidance in terms of national priorities. I’ve argued for some time (see here and here) that Australia’s efforts in this area could be well served by a focus on disrupting illicit drug supply chains rather than on seizures and arrests. That said, illicit drug seizures and arrests will still have significant political value for the Home Affairs portfolio, especially during senate estimates.

The National Organised Crime Response Plan 2015–2018 articulates Australia’s national response to serious and organised crime. When it comes to producing the next plan, the Home Affairs minister may need to consider whether the portfolio’s operational agencies need more detailed guidance on higher level strategy and its implementation. For the ABF, AFP and ACIC, that could mean further restrictions on the capacity to go it alone in terms of strategy and policy decisions.

International engagement, including cooperation and capacity development, has become a central pillar in AFP, ACIC and ABF strategies. To date, each agency has operated its own international network and engagement strategy. While these have often been mutually supportive, it hasn’t always been clear how they combine together to support the national interest. The Home Affairs portfolio could take responsibility for developing a more collaborative and integrated national law enforcement international engagement strategy.

Arguably, a lot of the most dramatic changes that the Home Affairs portfolio brings about will relate to Commonwealth law enforcement structures, policies and strategies. In making such changes, Minister Dutton ought to be mindful of the importance of independence and accountability in law enforcement.