Following news the Defence Department has had reams of sensitive information stolen by a hacker, Murray Hunter looks at Australia's weak link — the public service.
WITH AUSTRALIA positioned uniquely in Asia, but with its roots in the West, the nation's civil service – the Australian Public Service (APS) – seems uniquely vulnerable to foreign infiltration, yet the Government does remarkably little about it.
The public service has never been identified as threatened and lies primarily unprotected. The Australian Security Intelligence Organisation (ASIO), the country’s counterspy apparatus, has spent massive time and resources on vainly trying to catch agents cultivating targets.
The APS employs more than 243,300 civil servants, with another 1.5 million in the respective state public services. Tens of thousands of outside contractors and consultants serve the Government as well, representing more than 16.4% of all Australian jobs. Today, more than 22% of employees were born in another country and more than 14.5% of employees come from non-English speaking backgrounds, notably South Central Asia, East Asia, South-East Asia and Eastern Europe. The services are much more reflective of Australian society today, but also much more open to potential infiltration.
In addition, much of the work done within the APS is handled by outside contractors, such as the London based VFS Global, which through directorships is related to Booz Allan Hamilton, a consulting firm closely involved in the area of predictive intelligence for a number of foreign governments. There have been a number of cases of negligence of confidential client data, security compromise and data leakage associated with this contractor.
Another major change to the APS is reliance upon regulation rather than legislation. This has strengthened the service, taking power away from the parliament and executive, as the majority of government decisions now reside within the bureaucracy. The service now plays a much more directive role today than its administrative role in the past. Consequently, if any person or organization wants information, influence decision making, or future policy, the public service is the institution to target, rather than the executive or parliament. In addition, the focus of espionage today appears to be more commercially than politically orientated.
Flamin’ heck! A hacker named ‘Alf’ from Home and Away has stolen restricted Defence information from the Australian Government! #sun7 pic.twitter.com/4xK5Akbtub— Sunrise (@sunriseon7) October 11, 2017
The APS can be infiltrated in many ways and there is also a long history of it happening. However, evidence and details of these infiltrations are difficult to pin down, let alone act upon. Accusations are, at best, based upon unproven suspicion and speculation. Massive resources have been allocated to protect the APS against some of the newer methods of infiltration, such as cyber attacks, but little protection has been developed for some of the more traditional methods of infiltration.
According to a May 2015 Victorian Government Anti-Corruption Commission report, the target of potential infiltrators include
'... sensitive information or systems, decision-making processes, matrices or criteria, property or goods with a high resale value, (and) knowledge that facilitates criminal activity.'
Targets thus include areas and computers where information is stored, work areas and vulnerable individuals. These individuals would include senior executives and their assistants, help desk staff, system and network administrators, employees with access to sensitive information, employees with remote access, and people who interact with employees.
CULTIVATING TARGETED PEOPLE
The APS has had a history of foreign infiltration ever since its formation, especially during the Cold War, with some infiltrations becoming public scandals. The recently released history of the ASIO has documented how deeply Canberra was penetrated by Soviet spies since the 1940s. In addition, Des Ball and David Horner in their book Breaking the Codes elaborated with details from ASIO files of a Soviet spy ring led by a KGB officer Gerontiy Pavlovich Lazovik, who recruited public servants, diplomats, MPs, and journalists to supply him information from many government departments and ministries during the 1970s. This information was sent from the Soviet Embassy in Canberra to both the Soviet KGB and GRU.
The cultivation of David Combe, a former Australian Labour Party National Secretary by then KGB officer Valery Ivanov, led to shock and despair within the Hawke Government in the 1980s, with Combe banned from any contact with government officials.
David Combe, centre, was being cultivated by Russian agents (Image: ASIO via abc.net.au)
More recently, in 2012 a Vietnamese security agent Luong Ngoc Anh cultivated a romantic relationship with Australian Trade Representative Elizabeth Masamune, who at the time had access to classified trade briefings. The next year, South Korean agents were caught cultivating public servants to obtain trade secrets. The Chinese too have been accused of cultivating Australian public servants through providing them with lavish holidays in China.
Australia’s closest ally the United States is no stranger to the game. For many years the U.S. Embassy in Canberra and consulates in Melbourne and Sydney cultivated potential future Australian leaders, and assisted them to undertake trips to the United States.
Today, public service employees are much more openly prone to persuasion, pressure, and even blackmail by existing friends, family members and by members of their respective ethnic communities. This was reflected in the case of Yeon Kim being cultivated by Hoo-Young Park of the South Korean National Intelligence Service through regular Sunday afternoon soccer matches in Canberra. A common language, cultural background, and social interaction are powerful tools in cultivation and persuasion.
Chen Yonglin, a former Chinese defense attaché who defected to Australia in 2005, has warned that China has in excess of 1200 spies scattered through both the community and government departments, indicating that foreign infiltration into the APS is now in epidemic proportions.
We can only speculate about embedded agents within the APS, as none have ever been captured during their careers. Consequently, it may take years before documents, reports and books put any light onto potential contemporary agents within the service.
Australian National University Professor Des Ball in preparing his book Breaking the Codes came across sources of information that ASIO would not have had at the time. Ball asserts that the secretary of the Department of External Affairs during the 1940s, John Burton, was probably a Soviet intelligence agent, who had up to a dozen agents working with him in the department.
The 'spy' who didn't shag me: the spurious case against John Burtonhttp://t.co/2ubRQ7XnpO #auspol #Canberra pic.twitter.com/sKQdK1WxRY— Markus Mannheim (@MarkusMannheim) November 6, 2014
The exposure of agents within the Australian Public Service is extremely difficult, and most often requires historians to uncover other sources of information and match them with what information was available at the time before speculations can be made. So it will not be until midway through this current century before historians are able to cast educated suspicions upon the service today. As a pointer, it was only last year that ASIO actually admitted that the organization was infiltrated by foreign spies in the 1970s and 1980s.
CONSULTANTS AND CONTRACTORS
The consultant and contracting out of government work in Australia has been growing at almost 4% annually with A$687 million paid out to consultants in 2015. Consultants and contractors are being used for temporary work, exhibitions, event management, policy development work, data management and computer programming and so on. This doesn’t include the costs of contractors, such as security, cleaning and rubbish removal. In addition, there are consultants who specialise in lobbying the Australian and state governments, many of them former ministers or ex-public servants.
Many consultants and contractors have access to, at least, sensitive and private information, if not some classified information, without necessarily undergoing any security screening. Through the Australian Immigration contractor VFS, confidential information found its way into the public domain. Consequently, information that consultants and contractors handle can inadvertently be put into the public domain, or at worst be compromised through a conflict of interest and passed on to foreign parties.
Unfortunately there is very little transparency in the work that consultants undertake for the government. Many are ex-ministers or public service employees, who in need of revenue may also work with foreign organizations, thus creating potential conflicts of interest. For example, former Australian Trade Minister Andrew Robb, an economic consultant, immediately upon leaving government took a "well paid" consultancy job with a Chinese company aligned to the Communist Party of China that operates the Port of Darwin.
Liberal Andrew Robb takes $880k China job as soon as he finishes in parliament https://t.co/ONNym1HdpA via @FinancialReview— Stuart Tomlinson (@virgotweet) June 20, 2017
Consultants are not subject any code of conduct, unlike ministers and public servants. Many contracts are given out to past employees without any public tendering process, or through a pseudo-process where any terms of reference only suit the person a ministry has in mind. The process of hiring outside consultants has been so sensitive, Finance Minister Mathias Cormann has refused to reveal where Federal Government has spent funds. According to Daily Telegraph reports, however, most of the recipients are former politicians and public servants.
Cyber operations have become the fifth dimension of warfare. Cyber attacks can destroy systems, bring down public infrastructure and be used to collect information from remote systems. Government data networks are under constant daily attacks. It is very difficult to prove, but large volumes of data are being siphoned out of government data systems and processed in some manner in China.
According to ABC Four Corners, the ministries of Defence, Prime Minister and Foreign Affairs have all been hacked, and information such as emails are continuously collected. In addition, the Bureau of Metrology was recently attacked and Austrade infiltrated. According to Four Corners, even the blueprints to ASIO’s new headquarters in Canberra have been stolen, preventing the organisation moving in on building completion, as the inside had to be completely redesigned.
The Australian Cyber Security Commission 2016 Threat Report states that it is “aware of (foreign) state based adversaries attempting cyber espionage against Australian systems to satisfy strategic, operational, and commercial intelligence requirements”.
SOVEREIGNTY LOST BUT AUSTRALIA DOESN’T KNOW IT
Besides territory and culture, the heart of Australian sovereignty is the information and decision-making processes inside the institutions, which enable the country to operate smoothly with integrity.
Australia’s geopolitical position between China and the United States presents the country with specific issues that other countries in the region don’t face. This is compounded by the fact that the composition of the APS is most likely to have a percentage of employees who, through dual citizenship, have a pledge of loyalty to another country other than Australia. This is a characteristic that other civil services in the region don’t exhibit and are, therefore, potentially less vulnerable to foreign infiltration than the APS.
ASIO has historically been extremely poor in shifting through the public service for moles, and employees who have been compromised through cultivation by foreign diplomats and intelligence operatives. Given what Chinese defector Chen Yonglin has said, that Chinese agents reside in the general and student populations and have infiltrated the government, makes the job of exposing those who are cultivated or put under duress to provide sensitive information to outsiders even more difficult for ASIO.
Chau is Vice President of China Federation of Overseas Chinese Entrepreneurs（侨商会）under the All-China Federation... https://t.co/yiJfhGce3g— chen yonglin (@chen_yonglin) October 6, 2017
In fact, the job of uncovering people who have been cultivated may rely purely on tipoffs, as security organisations resources are now heavily focused on the “War on Terror”, in line with Australia’s loyalty to the U.S. alliance.
Something has to be done to protect the security integrity and sovereignty of the Australian Public Service. This is of paramount importance when Australia has placed so many of its strategic assets and business interests in foreign hands. To ignore the problem will be at Australia’s peril.
Murray Hunter is an Australian independent academic based in Thailand. You can follow Murray on Twitter @DalastKimbasabi. This article was originally published in the Asia Sentinel.
This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivs 3.0 Australia License
Sensitive spy plane & warship data stolen from "sloppy" defence firm, which is no match for 'China Chopper' hacker.https://t.co/ZrYzidvQaH— The CEO Magazine (@CEOMagazineAU) October 11, 2017
Infiltrate the truth. Subscribe to IA for just $5.