Tag Archive for: Prime Minister and Cabinet

Yes, Australia does need a national security adviser

After 40 years in national security in Australia, I find myself agreeing with Danielle Cave’s view that the national security architecture is not quite right and merits fixing. I also agree that there’s a need for a national security adviser (NSA)—ideally, a statutory appointment with clear responsibilities and accountabilities—to harness the full suite of capabilities across government, to initiate desktop wargames at the strategic level, to harmonise information strategies and to test individual department and agency plans. The existence of such an office would clarify the primacy of coordination and help orchestrate a close and continuing affinity to the national interest.

What would be the distinguishing features of a small, experienced NSA staff? For starters, the NSA needs to guard against some of the more perverse features of modern government—specifically, the tendency towards cognitive dissonance and groupthink. The former tacitly urges consistency of policy at all costs, when consistency isn’t in the nature of the world in which we live. The latter describes psychological pressure towards conformity. History is littered with instances of conformity in national security that places incredible, almost existential, pressure on the nation-state.

A uniquely Australian approach could look like this. The secretary of the Department of the Prime Minister and Cabinet would play a less prominent role in dealing with national security matters. He or she would, of course, be the nation’s principal public servant dealing with all residual issues. The NSA (a statutory five-year appointment) would be the principal public servant dealing with national security matters. The NSA staff would operate within the framework of the cabinet secretariat and as an adjunct office within PM&C.

The NSA would be a civilian and, ideally, a former senior official of the defence or intelligence establishment, a senior official of the Department of Foreign Affairs and Trade, a senior academic with extensive experience in strategic studies, or an outstanding and widely respected public figure with extensive experience in government.

The Secretaries Committee on National Security contains sensible people. But I would contend that we need a senior official well versed in intelligence, military and security matters able to refine and distil a whole-of-government effort and, on occasion, play a red-teaming role to test assumptions for the prime minister and government.

The NSA’s core staff would comprise a deputy NSA and senior principals with proven expertise in intelligence, military affairs, diplomacy, Southeast Asian affairs, South Asian affairs, Pacific affairs, US affairs and Chinese affairs, along with an economist, a scientist, a technologist, a media expert and an anthropologist. Each would have a small staff, so the office of the NSA would number 40 to 50.

The roles and responsibilities of the NSA staff would include:

  • being principal adviser to the prime minister and government on matters of national security
  • being lead author of a national security strategy
  • presenting options on any given national security issue to the National Security Committee of cabinet and the cabinet
  • undertaking and overseeing short-range and long-range policy reviews
  • managing the interagency process
  • chairing the Secretaries Committee on National Security
  • participating in all relevant meetings of the cabinet and the National Security Committee of cabinet.

It’s in the higher strategic, political and policy levels that refinement and further assistance are most needed. Specific focus is necessary at the strategic level to synchronise political language, nuance, experience and perspective with those tasked to conduct activities, and to those who must apply appropriate tactics to complex situations.

Officials are needed at the national security level with the experience and expertise to wargame, red team, manage interagency processes and oversee short-range and long-range policy reviews. Their utility, currently, is inhibited by the status quo strategic-level architecture and mindset.

These are, of course, personal views—but they are informed by experience. The Australian Defence Force has the tactical nous to build and sustain security. Arrangements that link the tactical and strategic levels are largely sound, although, I contend, they are more complicated than they need to be for a country our size.

A renewed emphasis needs to be placed on grand strategy and strategic thinking. In essence, Australia needs to be better at concentrating on, and articulating, the big picture.

We must overcome our tendency to be transfixed by detail and function as armchair generals when our place at the strategic level is about understanding the popular will and helping government lead and shape that will.

My lived experience is broadly this: when a security situation looks bleak and the politics of taking action is generally uncontested (that is, bipartisan support is largely in play), and when the national policy settings are reasonably well developed (which implies that they are nuanced to the peculiarities of the environment), then as long as the strategic level provides clarity through directives and orders, the ADF and other agencies of government will deliver.

Australia’s tactical level—the coalface—is very good. It delivers time after time. It is well led and well taught. It knows how to adjust to fluid circumstances. It will exhibit a calibrated level of empathy to citizens caught up in a difficult security environment. Our navy, army and air force will be firm, brave and resolute to any signs of duplicity or cowardice. Should the tentacles of a procrustean beast over-reach, they will be clipped with professionalism, competence and decisiveness.

The combination of a robust national security architecture (encompassing politics, national policy and the military-strategic level) in concert with a high-quality defence and government workforce gives one confidence that we can build or restore security, pretty much under any circumstances and conditions, whatever the future holds.

Australia’s Cyber Security Strategy—one year on

Friday marks 12 months since Prime Minister Malcolm Turnbull launched Australia’s Cyber Security Strategy—a welcome development after cyber issues spent seven years wandering in the Canberra wilderness searching for a policy.  The Strategy has prompted positive changes in Australia’s approach to complex policy issues.

The Strategy committed government to an annual review of its progress, which we hope to see this week. In anticipation of the government’s own review, we’ve engaged with stakeholders across industry, academia and government to gauge perceptions of success and shortfalls in the delivery of the Strategy in its first year. Those discussions revealed a number of areas where expectations of improvement in cybersecurity haven’t been met.

But there have also been successes. A new cyber leadership team in the APS and the appointment of Dan Tehan as the Minister Assisting the Prime Minister on Cyber Security have had a constructive impact on public awareness and engagement on cyber security. The ASX100 health checks are an encouraging development in improving cybersecurity in the private sector, and the launch of the Joint Cyber Security Centre pilot in Brisbane is a clear sign of the commitment by both government and industry to deepen their cooperation to address cyber security threats.

Activities designed to develop Australia’s digital economy have also moved ahead at a steady clip. Government has boosted support for the domestic cyber start-up community through the Australian Cyber Security Growth Centre and international Austrade ‘landing pads’. Initiatives to attract, educate and diversify the cyber workforce to ensure the sustainability of Australia’s cyber industry are underway through the National Innovation and Science Agenda.

But the Strategy’s implementation has also faced its share of challenges and setbacks in areas of communication, success measurement and leading by example. Progress towards a national cyber partnership between the government and the private sector has been undermined by the ad hoc nature of government’s communications and insufficient expectation management with industry partners. The Strategy called on industry to take a stronger leadership role, but the division of responsibility between government and industry has never been clearly articulated.

The government’s failure to enact a communications strategy for both private sector partners and the public means there’s no coherent and comprehensive messaging on the timeline for implementing measures. This poor expectation management has led to a general feeling amongst stakeholders that implementation so far has been slow, giving rise to a lack of confidence in government’s commitment to actually implement the Strategy. This perception is not unknown to government and is likely to have prompted Minister Tehan’s media statements last month promising to speed up implementation.

Some of the Strategy’s outcomes are hard to assess because of their unquantifiable nature. In other instances, the lack of benchmark information makes it impossible to measure a relative change. And disappointingly, it seems that despite government rhetoric about the priority of cybersecurity, the financial resources afforded to implementing agencies simply don’t match the size and importance of the task. The government has met its commitment to $230 million for the Strategy, but most of this is reallocated or absorbed expenditure from the Defence budget. Other departments and agencies, including PM&C and DFAT, are expected to meet implementation costs from existing resources, which may contribute to the perceived slowness of Strategy implementation. We will be looking to next month’s Budget to see if the original funding is supplemented this year in response to the annual assessment of progress on the Strategy.

When reviewing the extensive action plan included in the Strategy, it’s government’s own progress that’s of most concern. The publicly available evidence suggests that federal government agencies are still deaf to the concerns about cybersecurity from their political masters and the experts at ASD. Indeed, a couple of notable incidents and reviews in 2016 should be seen as humbling indicators of the additional work that needs to be done to improve Australia’s cyber posture. A March 2017 ANAO audit of government departments revealed a sub-par standard of cybersecurity in key agencies, including the ATO and the Department of Immigration and Border Protection, which hold highly sensitive personal information on Australians. The infamous #censusfail also revealed a significant lack of cybersecurity knowledge in government, and the inconsistent messaging during and after the event signalled worrying dysfunction in incident response arrangements, as was later highlighted in government and Senate inquiries.

Overcoming these issues will be critical to achieving Australia’s cyber security goals, but that will require a robust assessment—and, if necessary—a mea culpa from government in its review of implementation progress. Government can rightly claim success on some aspects of implementation, but the overall impression is that Australia’s cybersecurity posture is no stronger today than it was a year ago, and there’s increasing concern that the Strategy was a bumper-sticker solution to a critical national and economic security issue.

The new Australian Cyber Security Strategy: a positive first step but a long road ahead

There’s a great deal to be positive about with the launch of the Australian Cyber Security Review and Strategy. Yes, it took a little longer than promised, but the headlines are good news for the cyber security ecosystem and illustrate that this Government is prioritising cyber in a way that previous governments haven’t. It’s vital that the Strategy is seen as the foundation of a long term commitment by Government to build capacity, relationships, security and economic exchange. Now the hard work of implementation begins.

The announcement of a four-year $230 million investment to enhance Australian cyber security capability and launch new initiatives is welcome news. The Australian government hasn’t invested in this area since 2009, so it’s well overdue. While it isn’t the sort of cyber security investment worth billions of dollars made by the US and UK, it stakes Australia’s claim to be a serious cyber security player.

The Strategy has brought with it a number of new positions, including a Minister Assisting the Prime Minister on Cyber Security. But maintaining the interest of the highest office in the land will be important for ongoing implementation, resourcing and policy development.

Given Australia’s often capricious political environment, it’s crucial that a strong bureaucracy independently drives our cyber security agenda. Within PM&C, there will be a Special Advisor for Cyber Security to lead on the policy side. On the international side, the Minister for Foreign Affairs will appoint Australia’s first Cyber Ambassador, which will allow Australia to have an ever-active and influential role in the international cyber discussion. That role is important to ensure that the internet is shaped with a clear Australian voice and perspective in mind.

Those new positions align Australia quite closely with the US which has a ‘cyber tsar’, Michael Daniel, who leads on domestic cyber policy at the White House, and a State Department head, Chris Painter, who delivers the US’s international cyber strategy and contributes to the international debate. Australia has committed itself to developing an international cyber strategy in the Review, which will be an important task for the Department and the new Ambassador.

For the Government to deliver on that strategy, it’ll require leaders that can build a real esprit de corps and encourage the mix of technical and policy experts that make up the government cybersecurity patchwork to work towards the same goals.

There’s a great deal to be excited about, but with all of the new Strategy’s positives comes a strong warning for all involved: announcements and policy documents are all well and good, but hard work is required to successfully implement the new agenda.

The Strategy makes a big push to enhance public–private collaboration. That’s nothing new, though government have not quite taken the time to explain what ‘reaching out to the private sector’ actually entails. New engagement in this strategy will focus first around moving the location of the Australian Cyber Security Centre from the highly classified ASIO building to a more flexible and accessible environment. That will allow for a broader range of private sector entities to quickly ‘plug and play’ with the centre, creating a more fluid interaction. The second initiative is focused on new Joint Cyber Threat Centres in key capital cities, to allow for real time public–private cyber threat information sharing.

To ensure those plans are successful, they must quickly be shown to be accessible, productive and effective. Removing red tape surrounding security classifications and access to information is crucial, as is providing threat information that’s timely, relevant and actionable. Rules of engagement will need to be quickly established so that there’s a clear understanding of both expectations and realities of what can be achieved.

The conversation between the public and private sectors needs to be continual. During the review process PM&C stated that they engaged with ‘over 190 public and private sector organisations’. It’s vital that this engagement is continued. Particular care must also be taken to maintain links between the two sectors at both the working and operational level, but also with top-level engagement between corporate leaders.

The strategy and its deliverables are to be applauded—there’s enough in there to draw broad attention to this vital area of economic and national security. However, the delivery of the Australian Cyber Security Strategy will be dependent upon the work that takes place once the dust has settled following today’s launch. If implemented properly, Australia will be well positioned to succeed both at home and abroad.

Martin Parkinson’s policy dilemmas

CALF2015: Martin Parkinson and Jan Adams

Dr Martin Parkinson will soon begin his role as the new Secretary of Prime Minister and Cabinet, succeeding Michael Thawley. Both are highly capable individuals and both have suffered from the lottery of Australian Public Service (APS) changes that follow political leadership coups. One side benefit to Martin Parkinson’s shift from Treasury Secretary in 2015 was that he had the rare chance to think away from the Canberra churn by spending some time at Princeton University’s Griswold Centre for Economic Policy Studies. Through two working papers published in September 2015, we have a chance to see Parkinson’s view of the policy problems facing Australia.

Malcolm Turnbull will set the agenda and tone of Government policy, but it falls to the Secretary of PM&C to mobilise the APS behind that agenda and to provide some discreet steerage to government. There are two key tasks: making the APS machinery work and developing the right policy content. Overall, Parkinson’s assessment is that Australia isn’t well placed to respond to the pace of strategic, demographic, economic and technological change taking place around the world. Australia, he says, suffers from a ‘current bout of complacency’ where ‘our political discourse is failing to provide the public with an explanation of global or national developments, or a roadmap for the future.’

Parkinson offers an important insight when he diagnoses why Australia is in this lacklustre malaise:

‘…very few countries could be said to do “joined–up” government at all well as there is a recurring lack of coordination between the strategic, military and economic institutions across nations. While it may be hard for any country to achieve this outcome, and perhaps harder still for democracies, history suggests that those which do can have a disproportionate influence at key times in history.’

Spot on, Martin! The risks of economists and strategists talking past each other and failing to find a way to engage with each other’s priorities has been at the heart of some serious Australian policy failings in recent years. Let two examples suffice: first, the Asian Century White Paper presented by the Gillard Government in 2012 as the solution to Australia’s long term economic prosperity. All that was needed was to hitch ourselves to the economies of China, Japan, South Korea, Indonesia and India — that and some Little Engine That Could ‘I think I can’ effort  would keep the wheels of growth turning for a generation.

The problem was the Asian Century White Paper‘s economically-centred conception of the region’s future. The study could have used a healthy dose of strategic ‘worst-case’ analysis, casting some realist doubt over growth assumptions which, at the start of 2016, look positively naive. Here the challenge is to find a pragmatic path between what many economists continue to see as a ‘glass half full’ future for the Asia–Pacific, where the benefits of growth promoting engagement overcome the problems that strategists worry about: aggressive strategic behaviour in the South China Sea and elsewhere, arms racing, nationalism and deep-seated internal fragility impacting on the behaviour of key regional players.

Another instance of the failure to coordinate Australia’s economic, military and strategic institutions can be seen in the continuing policy snafu that is the 99 year lease of key parts of the Port of Darwin to the Chinese company, Landbridge. It’s evident from recent hearings of the Senate Economics References Committee that Government departments and agencies don’t know even where to begin in assessing the strategic implications of foreign direct investment into critical infrastructure. For all of the furious bureaucratic rear-guard defence of the deal, it left Government scrambling to review legislation on foreign investment to cover loop holes and to explain the lack of consultation with our critical ally and heavy user of the Port, the US.

Why is there such a gap between the world views of Canberra’s economists and strategists? I don’t have a complete answer, but it’s partly because the two groups don’t regularly engage. They largely march to their separate professional beats without the discomfort of struggling to encompass different knowledge domains and understanding different assumptions about how the world works. Moreover there’s a degree of suspicion between the two camps. At worst, economists see strategists as un-quantitative threat-mongers. Strategists return the compliment by concluding that economists are insufficiently ‘real-world’ in their assessment of risk.

The failure to blend a realist economic and strategic world view has resulted in some astonishing gyrations of Australian policy over the last decade. Kevin Rudd’s 2009 Defence White Paper painted a picture of rapidly deteriorating regional security, a burgeoning arms race in East Asia as well as growing political instability. The policy response was to double the size of the submarine fleet and promise to significantly grow other defence capabilities. Quite deliberately to contrast her leadership with Rudd’s, Julia Gillard talked up Asian Century opportunities, declaring an end to the terrorist fears of the ‘9/11’ decade. Tony Abbott, partly from conviction and partly for domestic political effect, emphasised a strong response to the terror threat and re-investing in Defence after Gillard’s spending cuts. Malcolm Turnbull’s positive emphasis on innovation and opportunity changes the language although he faces the same evolving strategic landscape as his three predecessors.

Martin Parkinson has no more important task ahead of him than to stop this see-sawing of strategic language and to create a shared and durable understanding of the risks and opportunities Australia faces in a dramatically changing world. In a later post I’ll set out some suggestions about how to do this by asking what Australia’s regional and global foreign policy settings should be in a post-Asian Century world.