Security and ICT services

Program 3.1

Not Met Partially Met Met

Deliverables

2013–14

2014–15

Enhanced protection through strengthened security measures in line with the evolving international security environment, particularly in high-threat locations.

Icon indicating met

Icon indicating met

Protection of classified information and ICT services through effective management of ICT systems and security vetting processes, as well as through staff security training to ensure high standards of awareness and vigilance.

Icon indicating met

Icon indicating met

Continued progress in moving the department’s ICT systems infrastructure to a common platform that can be more efficiently integrated and supported, and implementation of key elements of the Government’s ICT Reform Program and ICT elements of the Government’s national security policy and objectives.

Icon showing partially met

Icon indicating met

High-quality overseas ICT services to other government agencies.

Icon indicating met

Icon indicating met

Ongoing implementation of the International Communications Network—upgrade program.1

Icon indicating met

Key Performance Indicators

2013–14

2014–15

Effective threat and risk mitigation strategies appropriate to increased security risks, including timely and effective responses to all security incidents overseas.

Icon indicating met

Icon indicating met

Security risks relating to classified information are minimised, as evidenced by a low number of sensitive security breaches.

Icon indicating met

Icon indicating met

Client satisfaction with the accessibility, reliability and effectiveness of the secure cable network (Official Diplomatic Information Network) and the global secure telecommunications infrastructure.

Icon indicating met

Icon showing partially met

Staged delivery of the International Communications Network—upgrade program within budget and against timelines.1

Icon indicating met

1 New deliverable and KPI for 2014–15.

Overview

The department continued to counter threats from politically motivated violence, civil disorder, foreign intelligence service intrusion, crime and cyber espionage. We developed a stronger real-time security threat assessment and risk management capability. We continued to oversee the physical security of Australia’s chanceries and residences and ensured that operational security measures were robust and matched the prevailing local security environments. We delivered appropriate training, including for a stronger security awareness culture across the organisation. Posts in Afghanistan, Iraq and Pakistan were a priority, together with other high-threat posts in the Middle East and Africa.

The department managed a major tender for new contracts for the delivery of private security services for our posts in Baghdad, Kabul and Jakarta, where current contracts are due to expire in late 2015.

Figure 35: Security and ICT services

Infographic depicting security and ICT services

The International Communications Network (ICN) Program to modernise the department’s global ICT services and infrastructure entered its major procurement and delivery phase and will run until the end of 2017–18.

We expanded mobile communications services, made it easier for staff to collaborate and improved the performance and reliability of our international network operations.

Following the DFAT–AusAID integration, the department consolidated its ICT systems, moving 24 of 35 former AusAID sites onto the SATIN network. The remaining sites will be moved by December 2015. To assist a smooth transition, 584 staff received training on ICT systems and services.

Security threat assessment

In response to the increase in Islamist fundamentalism, the department enhanced its threat assessment capability for all staff irrespective of where they worked and travelled. We worked with the National Threat Assessment Centre to assess threats and to determine posts’ security risk profiles and mitigation measures, operational procedures and contingency readiness. We provided up-to-date threat assessments of dangers to staff and dependants, security risks to government property and threats to the department’s global ICT network and official information, including from foreign country and third-party cyber espionage.

These assessments were used to inform decision-makers about the deployment of personnel from across government. Our diplomatic security team worked closely with our consular staff to ensure the most accurate and timely threat assessment advice was available internally and publicly. The department strengthened its links with like-minded countries to enhance our threat and risk collection and reporting capacity.

An effort to streamline incident reporting through a new database did not perform to expectations and we reverted to the previous reporting practice to reduce the administrative burden imposed on posts by the new system.

Managing security at overseas missions

Departmental security personnel conducted 87 official inspections at posts to ensure security arrangements matched the prevailing threat environments, and to reinforce key security messages. Following the terrorist attacks in Europe, security liaison visits were undertaken to various posts to review post security and provide on-the-ground support. Visits were undertaken to Ankara, Çanakkale and Istanbul to assist posts manage risks during the Anzac Centenary celebrations.

The department’s network of Regional Security Advisers (based in Baghdad, Beijing, Jakarta, Kabul, Islamabad, New Delhi and Port Moresby) monitored and reported on threat changes in their respective regions, and provided practical support and advice where required.

The department engaged specialist security contractors to supplement and reinforce our capabilities, particularly in vulnerable locations such as Baghdad, Islamabad, Jakarta, Kabul and Port Moresby. The department worked on new contracts for private security services in Baghdad, Jakarta and Kabul to start in 2015–16, by managing an open market tendering process. The department continued to operate the armoured vehicle fleet program across Commonwealth agencies overseas.

We continued to ensure compliance with physical security standards for the new embassies being constructed in Jakarta and Bangkok.

The department completed security works for new posts in Addis Ababa, Chengdu and Kyiv, and the relocated chancery in Noumea. We also completed a physical security enhancement program as part of the Paris embassy mid-life upgrade. Physical security works for the relocation of the Melbourne state and passport offices were completed. A new Electronic Access Control System was rolled out to all Canberra sites. Based on threat and physical security assessments, initial advice was provided for embassy relocations planned for Athens and Rangoon. We finalised security infrastructure requirements for the new embassy in Nairobi. The department began to develop security advice for the new posts proposed for Doha, Makassar, Ulaanbaatar and Phuket.

The department provided security documentation and project oversight for other government agency works in a number of overseas locations. We improved communication links and physical security across a range of posts to protect against potential intrusions.

In response to the 2014 ANAO cyber security audit, we developed a new cyber security accreditation process to ensure security compliance and performance validation for our ICT systems. This included accrediting the new cloud-based innovationXchange initiative. The department appointed a permanent specialist IT Security Adviser to reform ICT cyber security and to support the department’s Chief Information Security Officer.

The Inter-Agency Overseas Security Forum (IAOSF) working group completed its review of a new Security Services MOU. The final draft will be considered at the next IAOSF meeting early in 2015–16.

Security vetting, compliance and awareness

As an exempt vetting agency, the department managed security clearance processing for all staff in Australia and overseas. This included the granting of 238 initial clearances, recognition of 518 external clearances, approval of 457 security revalidations and the approval of 179 upgraded clearances (predominantly for former AusAID staff). We were unable to complete work on developing a proposed electronic revalidation system owing to resource and technical obstacles.

The department’s Security Manual Change Management Committee considered a range of improvements to the manual resulting in 42 amendments. These covered measures to strengthen the department’s clear-desk policy, security breach system and the use of mobile electronic devices. We replaced the hardcopy Annual Declaration on Protective Security form with an electronic system. We also introduced the mandatory completion by all staff and contractors of a formal security e-quiz to test staff about their knowledge and understanding of protective security requirements.

We minimised security risks to classified information through a strictly-enforced security breach monitoring and reporting system. Significant breaches were investigated and, where appropriate, sanctions applied. Pre-posting security briefings were held for sensitive posts. The department met all mandatory requirements of the Protective Security Policy Framework (PSPF) for security governance, personnel security and physical security.

Security training

We provided security training for over 1500 staff, including 229 staff from 17 other agencies. Pre-departure training was mandatory for all staff, including other government agency staff, going on long- and short-term postings. Training covered personal and overseas security awareness, post security officer responsibilities and defensive driving. Intensive training was mandatory for all staff visiting or going on posting to high-threat environments, such as Baghdad and Kabul. Training for armoured vehicle drivers and security guards was provided on the ground to over 80 locally engaged staff at a range of posts.

Figure 36: Security training, 2010–11 to 2014–15

Bar chart showing security training for 2010–15

ICT capability building

The ICN program is the scheduled replacement and modernisation of the department’s SATIN network. The investment is essential to the department’s and Australian Government’s ability to deliver Australia’s national security, service delivery and productivity objectives.

Significant progress has been made in improving network performance and reliability at 114 overseas and domestic sites. Upgrades to satellite communications infrastructure were completed at 16 overseas posts. The establishment of a modern data centre for the department’s future needs further strengthened the reliability of our global network.

Upgraded satellite communications infrastructure, Phnom Penh

Upgraded satellite communications infrastructure, Phnom Penh, 26 November 2014. [DFAT]

We provided new and improved ways to access the department’s networks for those working outside the office. Mobile phones and tablet devices can now access a greater range of services such as cables and the department’s intranet as well as email and calendar access. The fleet of laptops was modernised and increased with a new remote access capability provided for staff. ICN delivered an improved instant messaging capability to allow greater staff collaboration.

The launch of the innovationXchange on 23 March 2015 saw the department become the first department to adopt Microsoft’s public cloud services in the Australian Government since the Cloud First policy was announced in October of 2014.

We began a number of large procurements for global help-desk services, post communications infrastructure, and international telecommunications services. These activities will be essential for the department to deliver key ICN benefits from 2015–16.

A new Consular Information System was delivered on 15 June 2015. During the project, over 39 million records were migrated from the old Consular Management Information System. The system has been well received by its 1300 users since delivery.

We continue to support the whole-of-government entry level recruitment programs. During 2014, two ICT apprentices and one ICT cadet completed their certifications, while two ICT cadets are expected to complete their programs in late 2015. We recruited two graduates and one cadet this year. We established an ICT Women’s Working Group to promote women’s careers in ICT.

Records management

The department has continued its drive to meet the whole-of-government Digital Transition Policy to reduce reliance on paper records by undertaking several bulk file scanning projects. These projects have resulted in the digitisation of more than 12,000 paper files. Overall, we successfully sentenced 96,000 records within Canberra, including aid records retrieved from posts. In Canberra, 58,131 files were created in EDRMS during the reporting period.

Following an extensive review, the department and the former AusAID disposal authorities were amalgamated and updated. This has reduced risks related to the incorrect disposal of departmental information.

ICT training and development

To meet the needs of our global workforce, we developed alternatives to instructor-led classroom-based training. We published more accessible, digital guidance on ICT issues on the corporate intranet and initiated a strategic move towards e-learning. We trained 210 people to be local system administrators and over 2300 staff received training on a range of ICT services including the use of the diplomatic cables system.

Cyber security

The department continues to collaborate with the Australian Signals Directorate (ASD) to assure the integrity and security of our systems and information in response to the continually evolving cyber threat environment. We are executing a program of continuous improvement to implement ASD’s Strategies to Mitigate Targeted Cyber Intrusions across our ICT environments.

Responding to the ANAO’s cyber security audit we continue to improve our ICT security compliance position through business-as-usual activity and project-based opportunities.

ICT Client Services

We provided ICT services in support of AUSMIN (August 2014), the Trans-Pacific Partnership Trade Ministers’ Meeting (October 2014), the G20 Summit held in Brisbane (November 2014), and AUKMIN (February 2015). We supported the 100th anniversary commemoration of Anzac Day in Turkey.

Our support to portfolio ministers, parliamentary secretary and ministerial staff included office relocations, office fit-outs and general ICT services.

We completed ICT fit-outs for new posts in Chengdu, Guangzhou, Houston and Kyiv. Relocation, refurbishments and expansions were undertaken in Ankara, Beijing, Canberra, Dubai, Hanoi, Kabul, Noumea and several state offices.

Our regional technical officers conducted 255 routine and emergency maintenance short-term missions, with all posts visited at least once in the year.

Two officers on deployment to Port Vila when Tropical Cyclone Pam hit responded quickly to the significant damage to the post’s communications. They re-established communications early on the first afternoon and maintained effective systems operations, enabling the high commission to fulfil its emergency response and consular functions.

A further six agencies signed up to the MOU for DFAT ICT Services, taking the total number of agencies receiving ICT products and services to 49. (See Appendix 10.)

The remaining portion of a large construction crane (still to be removed) that fell across the high commission
The remaining portion of a large construction crane (still to be removed) that fell across the high commission, narrowly missing the post’s satellite dish, Port Vila, March 2015. [DFAT]
Table 13: Security and ICT statistics

2009–10

2010–11

2011–12

2012–13

2013–14

2014–15

Number of posts and Australian Government entities with access to secure communications network and secure telecommunications infrastructure

145

148

145

144

172

168

Number of client agencies receiving ICT services

42

44

42

42

42

49

Number of cables

166,580

160,137

145,021

149,090

142,945

136,642

Cables to overseas post

83,221

74,590

67,290

67,401

66,092

64,335

Cables from overseas posts

83,359

85,547

77,731

81,689

76,853

72,307

Number of security-related visits to overseas missions

187

127

106

111

131

87

Number of security clearances and revalidations processed

849

1,154

830

1,582

2,905

1,392

Outlook

The department will continue to enhance its capability to respond effectively to security trends, incidents and security risks, especially at overseas posts. This will include strengthening security governance arrangements and introducing program reforms to meet performance and accountability requirements under the Public Governance, Performance and Accountability Act 2013.

We will continue the physical security fit-out for new embassies in Jakarta, Bangkok and Nairobi. We will conduct threat and risk assessments, and oversee physical and operational security standards for project works in Washington DC and new posts in Doha, Makassar, Phuket and Ulaanbaatar.

The department will work with the Australian intelligence community to assess threats across the global network. We will inspect a range of posts to ensure physical, operational and procedural security mitigation arrangements match assessed threat levels.

The department will strengthen security culture across the organisation to ensure staff fully understand and meet their individual and collective security obligations. A new cyber security awareness program with e-learning components will be rolled out. An internal ICT cyber security audit program will be introduced to measure compliance against the Government’s Information Security Manual and PSPF policy and standards.

The department will begin implementing the new ICT Strategy in 2015–16, aligned with the delivery of high performance capabilities through the ICN program and its major procurements.

The ICN program will continue to deliver improvements in network operability, collaboration and mobility enhancements across the department, with partner agencies and whole-of-government.

We will deliver the ICT requirements of the new overseas posts in Doha, Makassar, Phuket and Ulaanbaatar.

We will need to find innovative ICT solutions and capability to make best use of the department’s Ideas Challenge and ongoing efforts to remove red tape.