Australian Security Intelligence Organisation
Australian Security Intelligence OrganisationAustralian Security Intelligence OrganisationAustralian Security Intelligence OrganisationASIO's workYear in reviewPublicationsASIO Public StatementsCareers with ASIOContact Details

Skip Navigation Links

Defence + Industry Conference
Director-General's Address
'Countering espionage in the 21st Century'
22 August 2007

1. Introduction
  • Thank you for that introduction. It is a pleasure to be here today in Adelaide to address the Defence + Industry Conference.
  • As you are aware, the Government announced significant budgetary injections for defence in this year's budget, and has foreshadowed increased defence spending out to 2016.
    • And Adelaide is home to many of the projects critical to the modernisation of Australia's defence force, and its capacity to perform in the strategic environment outlined in the Defence Update 2007.
  • Whereas much of our national security effort has focused on terrorism since September 11, 2001, those working in the defence industry need to remain mindful of other threats to national security, including espionage.
  • Today I shall discuss the threat posed by espionage, and some of the measures we can adopt to protect Australia and Australian interests from it.
2. ASIO's counter-espionage functions - an historical overview
  • By way of context, I would first like to make some historical points about this threat, and ASIO's role as Australia's central counter-espionage authority.
  • Under our legislation, ASIO has responsibility to 'obtain, correlate and evaluate intelligence relevant to security'.
  • The definition of security includes the protection of the Commonwealth, and its people, from 'espionage' and 'foreign interference'.
  • In fact, the need for a permanent, peacetime authority responsible for investigating suspected attempts by foreign governments or entities to collect sensitive information lay at the heart of the decision to establish a security service in 1949.
  • Prime Minister Chifley told Parliament in 1948 that:
    • 'there has arisen a degree of tension in the world which has caused a fear of another war, and as a result security services and counter-espionage services in all the allied countries have been built up again.'
  • The 'degree of tension' to which he referred was the early stages of the 'Cold War' - the strategic contest for global predominance between the United States, the Soviet Union, and their respective allies.
  • Shaping post-war Europe was the immediate focus of this contest, although it quickly extended to other parts of the globe.
  • As early as 1946, the Canadian Royal Commission on Espionage found significant evidence of Soviet espionage in Western countries.
  • This heightened existing concerns about Moscow's global aspirations and potential intelligence reach, especially in light of the loyalties it was known or assumed to command via the various communist parties operating in the Western and developing world.
  • Here in Australia, the Government decided to create a permanent security service following representations from the United Kingdom that such a service was necessary in order to safeguard the sensitive information shared between allies.
  • In his Memorandum to Mr Justice Reed, Australia's first Director-General of Security, Prime Minister Chifley indicated that the task of the Security Service, as ASIO was then called, is the:
    • 'defence of the Commonwealth from external and internal dangers arising from attempts at espionage and sabotage ... whether directed from within or without the country, which may be judged to be subversive of the security of the Commonwealth.'
  • The prevention of espionage in Australia or against Australian interests remained one of ASIO's key priorities throughout the Cold War.
  • This was a significant period in our history, and not without events of great moment, including:
    • the defection of the Petrovs in 1954; and
    • the expulsion in 1963 of the second secretary at the Soviet embassy, Ivan Skripov, after the Australian Government concluded he had been engaged 'in elaborate preparations for espionage.'
  • The defection of the Petrovs was a coup for Australia and our allies in the early years of the Cold War.
  • Their defection and debriefing did much for ASIO's standing as an effective and professional intelligence agency, not least because of the invaluable information they provided about Soviet activities, both here and abroad.
    • Vladimir Petrov was able, for instance, to confirm British suspicions that two former British Foreign Office officials, Guy Burgess and Donald Maclean, had defected to Soviet Russia.
  • As this brief historical overview suggests, espionage was, during this period, largely, although not exclusively, a state-driven, embassy-based phenomenon.
  • The end of the Cold War following the sudden and unpredicted collapse of Soviet communism, and the dissolution of the Warsaw Pact group of communist states, saw a refocusing of counter-espionage activities here and abroad.
  • Governments around the world sought to capitalise on the new security environment by collecting a so-called 'peace dividend' - the freeing up for other purposes of resources previously allocated to security as part of their Cold War strategy.
  • Like many services around the world, ASIO scaled back its counter-espionage efforts, and staff numbers were reduced in the 1990s.
  • And while, subsequently, it was necessary to increase the resources dedicated to counter-terrorism - to manage the significant security demands involved in hosting the Olympics in Sydney 2000; and to respond to the growing threat posed by trans-national terrorism - it was never our judgement that espionage had ceased as a threat to national security; or, for that matter, that it would not continue to evolve and place demands on our efforts.
3. Espionage in the 21st century
  • Indeed, in the early twenty-first century, ASIO's counter-espionage role continues to represent a serious and challenging responsibility.
  • We have boosted the level of resources devoted to this function, and plan to further build capability through to 2010-11.
  • There has been some public commentary about the reasons for this, and for the creation, last year, of a separate Counter-Espionage and Interference Division within ASIO.
    • The first point to make in this regard is that ASIO has created several new divisions since 1 July 2006, and has received significant funding from the Government to build capability across all of its legislated responsibilities and functions.
  • Nevertheless, given that these decisions reflect a considered approach to national security in a dynamic environment, characterised by complex and diverging geopolitical and other trends, I shall discuss in broad terms the nature of the threat posed by espionage.
  • The Cold War brought an end to one particular phase of the international system of states, not the system itself.
  • States are still the principal international actors, and will continue to act according to their respective national traditions and interests.
  • Numerous regional and global fora exist through which states can forge relations, manage differences and grapple with, and seek solutions to, immediate or emerging issues.
  • But such fora will never be perfect, and we should not expect they will contain and harmonise every competing interest, area of mistrust, misunderstanding, or deteriorating relationship.
  • A realistic appraisal of the international system doesn't permit the conclusion that some new level of cooperation has, or will, displace competition and rivalry.
  • Serious geopolitical uncertainties and instabilities - shifting power balances; existing and emerging strategic rivalries; and volatilities driven by military, political and economic competition - will continue to shape our national security outlook.
  • While it is logical to infer from this situation that states have an interest in knowing one another's intentions and capability; it is a different proposition to say that:
    • such an interest necessarily will take the form of espionage; or
    • state-driven espionage is the only form this threat to national security can take.
  • Regarding the first point, open societies, like Australia, with a democratic system of government, a free press, and now, the internet, publicly make available large quantities of information.
    • It is a key feature, and strength, of our political culture.
  • But this can also present challenges for discerning the line between legitimate and illegitimate foreign collection activities.
  • Don't let's forget that information drawn legitimately from the media, the internet, government publications, and normal diplomatic channels, can yield significant insight into a country's:
    • strategic direction and goals;
    • military spending and capability;
    • investment in science and technology; or
    • comparative advantage in particular commercial sectors or industries.
  • Or that such an approach tends to be considerably less expensive than others:
    • a point noted by Philip Flood in his Report of the Inquiry into Australian Intelligence Agencies of 2004.
  • But nor, as history informs us, is it necessarily a case of one or the other.
  • Take, for instance, the systematic collection and weighing of publicly available information undertaken by the war-time journalist-cum-spy, Rudolf Rossler.
  • After he was discovered, in the years following the defeat of the Nazis, providing information to Czechoslovakia, and thence Soviet Russia, Rossler gave the following account of his method:
    • 'I collected every sort of material available, that is, information about military, economic, political or organisational facts or events. The raw material was then processed. Each piece was systematically compared and cross-referenced. Contradictions and correspondences were investigated and evaluated in larger terms. Quite often it was possible to arrive at conclusions which threw the correct light on some matter, little known, misunderstood or kept secret.'
  • Of course, there was a touch of special pleading in Rossler's description of his technique -
    • ... for he was found also to have had good inside sources; and the Swiss authorities had intercepted a tin of honey containing microfilm with highly sensitive information before it reached his foreign contacts.
  • But the example is instructive.
  • 'Even the most democratic and open countries', as the Flood inquiry report states, 'hold some information very close'.
  • And while there are shifting thresholds for determining what is sensitive, and needs to be protected; and what is not, and can be circulated; it is critical to exercise due care and discretion to protect what needs to be 'held close'.
    • For that loose word or 'isolated reference in a general report' with no particular 'meaning to the general reader' may be especially illuminating to someone who 'has patiently built up an archive on the topic.'
  • Turning now to the second point, while state-orchestrated espionage continues to threaten national security, various changes since the end of the Cold War have made the security environment more complex and dynamic.
  • The traditional paradigm of state-orchestrated espionage is being unsettled, and security services like ASIO must continue to conceptualise and manage the risks and implications.
  • In a recent address, I argued against viewing the change in the post-Cold War environment simply in terms of a shift from a 'bipolar' to a 'unipolar' world.
    • This is too neat, and misses the reality of a 'pluriverse' of state and sub-state actors, movements, and forces oriented to various political and ideological agendas, and prone to slip between coexistence and crisis mode in its relations with a 'universe' shaped by US primacy.
  • This has implications for counter-espionage, particularly for making judgements about what information is of value, to whom, and why.
  • As does globalisation, which, as a driver of change, has depended on, and reinforced, quantum advances in communications and information technologies.
  • In a relatively short period of time, the volume, velocity, and reach of information flows has grown exponentially.
  • This information revolution is changing the environment in which we now all work, and the way we conduct business.
    • Who would have imagined, even at the beginning of the 1990s, that security services like ASIO would have public websites that can be accessed virtually from anywhere in the world?
  • It has, though, also brought in its train new types of risk.
  • Accompanying the traditional range of espionage activities - think human agents physically deployed within their field of operation - there are now various entities capable of compromising the integrity of information systems via the internet.
  • Tins of honey and microfilm have given way to malicious code and software that, if undetected, can 'exfiltrate' information clandestinely from one part of the world to another.
    • Absent secure and robust protections, government and business IT systems are vulnerable to attack, anonymously, and from anywhere.
  • Or consider how the globalisation of markets has led to more cross-border activity, and not just in the economic sphere.
  • Some labour markets, particularly in high tech industries and the so-called smart economy, have been truly internationalised.
  • Business supply chains invariably cross multiple borders, and involve a veritable Gordian knot of contractual and sub-contractual arrangements.
  • The benefits to national economies able to take advantage of these changes have been clear: greater capacity to harness innovation; more incentive to achieve efficiencies; an expanding horizon of opportunities.
  • But we cannot wish away associated consequences and challenges for national security.
  • Globalisation is exposing states, industries, businesses, and, indeed, whole peoples, to competitive forces.
  • In this evolving international arena, there is pressure to catch up, or to gain an edge, and this pressure has the capacity to fuel trade in sensitive information, in both public and private sectors.
    • In this environment, private businesses are susceptible to espionage activities targeting sensitive commercial information.
  • And as the incentives to undertake espionage activities continue to evolve, so too do the types of actor prepared to undertake them.
  • Non-state actors - individuals, businesses, front companies, networks, terrorist groups - may seek to gain access to sensitive information via a variety of more or less sophisticated avenues.
  • They may or may not be working with states. Or, in a sellers' market, they may work indifferently with any particular state.
  • Tins of honey and microfilm aside, Rossler, a German national, living in Switzerland, and providing information to the Czechs and Russians, may have presaged this situation.
  • Or consider the more recent case of A.Q. Khan, who for years sat at the centre of a nuclear proliferation network spanning the state and non-state spheres.
  • Khan was motivated in part, apparently, by a desire to facilitate the nuclear armament of Muslim countries, beginning with his country of origin, Pakistan.
    • But this was no barrier to him dealing with North Korea.
  • These are some of the changes we are seeing, and some of the emerging threats we anticipate.
  • Clearly, they have consequences, not just for the work of ASIO, but for all agencies, industries and businesses whose work falls within the sphere of national security.
4. Risks and challenges
  • Within Australia, there are a range of offences dealing with the unlawful communication or provision of information about the security or defence of the Commonwealth to another country, foreign organisation, or person acting on their behalf.
  • While prosecutions for espionage have been uncommon in Australia, we cannot be complacent, and should seek to prevent it by managing the risks actively.
  • The challenge, in light of the evolving environment I have just sketched, is to ensure we put in place suitable precautions, and maintain effective protections for sensitive information, technology, and capability.
  • Working in, and with defence, you are no doubt particularly sensitive to these issues, and to the importance of developing and maintaining a strong reputation for security practice.
  • I would, however, like to draw your attention to four potential areas of vulnerability that need to be handled appropriately. These are:
    • protective security measures securing the work environment;
    • information technology systems;
    • partnerships with the non-government sector; and
    • people management policy and procedures.
  • It is important that agencies ensure their work environment limits the potential for the integrity, availability and confidentiality of official information to be compromised.
  • Suitable measures need to be carefully considered, implemented, and tested regularly for their effectiveness.
  • If you haven't already, I would encourage you to consider appointing a dedicated company security officer.
  • Suspicious contact or inquiries should be reported.
  • Risk management plans need to address, for instance, the physical integrity of, and access to, premises; the internal security of work areas; and appropriate protocols for the classification, registration and removal of sensitive information and materials.
  • The pace of technology change means we all need regularly to revisit the effectiveness of our physical and IT security measures.
  • The risks are not simply changing; they are compounding.
  • In addition to the risks associated with the traditional paper-based work environment, there are risks of possible compromise associated with the digital environment.
  • The security of IT systems is critical, both from external attack, and from internal misuse.
    • If you suspect or know that your company has been subject to serious electronic attack, it is critical that you report it to the National Information Infrastructure Protection Hotline (+ 61 2 6266 9145).
    • This information, which will be passed to ASIO promptly, will be treated in the strictest confidence.
  • Consideration, too, needs to be given to the risks posed by the array of increasingly sophisticated electronic devices that have become part of the everyday environment, including:
    • mobile phones and digital entertainment devices (MP3 players, etc) with significant image and sound recording capability;
    • digital thumb drives with greater storage capacity than some earlier generation personal computers; and
    • hand-held personal organisers with functions so complex as to require user manuals of encyclopaedic proportions.
  • Yet razor-wire perimeter fences, security guards, the handling of classified materials, and the screening of electronic devices, only go so far.
  • The effective management of security risk calls for a combination of measures, particularly good staff vetting procedures and effective people management systems.
  • In today's competitive labour market, it is important to maintain high standards, and, where positions will involve access to classified information, to carry out vetting processes consonant with the proposed level of access.
  • This applies, too, to the burgeoning world of contract work, and the use of public-private partnerships - an area with which Defence has had considerable experience.
  • More people are working under the national security tent, and it is important to know who they are, where they come from, and what, if any, are their potential vulnerabilities.
  • Background checking is only the beginning, though.
  • Consider, again, the case of A.Q. Khan.
  • As an employee of the FDO, itself a sub-contractor of Ultra Centrifuge Nederland, the Dutch partner in the URENCO uranium enrichment consortium, Khan had access to highly-classified information, and was required to obtain the necessary security clearances.
    • As I understand the case, though, there was nothing in his personal history or circumstances to indicate or raise any suspicions about his later role in unlawfully acquiring sensitive information, and making it available to his country of origin, and beyond.
  • Over and above good vetting procedures, it is critical that organisations holding or dealing with sensitive information manage their staff well, and have in place strong systems and strategies to deal with issues before they become potential problems.
    • There have been a range of cases worldwide where significant, serious and ongoing espionage could have been prevented or stopped earlier, if suspicious activity was reported or systems properly administered.
  • Even during the heights of the Cold War, espionage tended to be committed by a trusted insider who volunteered his or her services to a foreign power or entity.
  • Certainly, some individuals have betrayed the trust of their colleagues and country very early in their careers for ideological purposes.
    • Philby, Burgess, Maclean and Blunt being perhaps the most famous examples.
    • Or more recently, Ana Montes, the senior Cuba analyst from the US Defense Intelligence Agency who passed classified information to Cuba for the duration of her employment, motivated, it seems, by the conviction that the world was really one big country.
  • But the path more commonly trod, even for high profile cases like US citizens, Robert Hanson and Aldrich Ames, is the sobering and prosaic reality of individuals:
    • whose personal or professional lives have somehow spiralled out of control; or
    • who form the belief they might somehow rectify personal problems or grievances by betraying their organisation or country; or
    • who seek personal gain at the expense of the national interest.
  • There is a long list of individuals - including, for example, Australian citizen, Jean-Philippe Wispelaere - whose situation or behaviour in some way signalled their activities.
  • This is why our strategies need to be layered, and focused on active prevention.
  • At ASIO, we make security awareness and training an integral part of our risk management strategy.
  • We emphasise the law. We emphasise our values. And we emphasise the responsibility everyone has to instil and develop an effective security culture.
  • We are also realistic: people are fallible; mistakes are made; life throws up unforeseen, unfortunate, and unwanted events.
    • So a supportive work environment with good people management arrangements, including ongoing vetting, is invaluable - both in its own right, and as a check and balance against potential vulnerability and compromise.
  • I have spoken to you today about the threats posed by espionage in the 21st century, and some of the ways we can counter it.
  • Let me end by recalling George Kennan's observation in his 'Long Telegram' of 1946 to the US Government about the looming Soviet threat, and ways to contain it, that 'much depends on the health and vigour of our own society'.
  • This clear and direct advice still has application, particularly at the level of our own national defence and security organisations.