Defence

Intelligence and Security

Off-site security - remember the risks!

Tim Scully

Planning Day! A great opportunity to get your people away from the office to talk about future directions, but is it secure?

Off-site planning days are generally favoured because we can leave the distractions of our normal work environment. But off-site locations also present conference organisers with a number of security considerations. Unfortunately, these are not always addressed.

Security planning is based on an assessment of the threat to the conference or planning day and is generally coordinated by a Conference Security Officer (CSO). The CSO should seek advice on the following tasks:

• obtaining a threat assessment;
• preparing a security plan;
• preparing for the conference;
• coordinating security; and
• liaising with appropriate security authorities.

Depending on the classification level of topics to be discussed at the conference, these questions must be answered to determine what security measures are needed:

• Will a high office holder attend?
• Do you need technical security counter measures?
• What needs protection - people, information, assets?
• Is the venue on Government-controlled premises or on commercial premises?
• Who are the participants - unit personnel only, other Defence personnel, contractors, media?
• What classification is the information to be discussed?

We take these matters for granted in our normal working environment where embedded security measures and cleared personnel are the norm. However, when we move off-site, the risk is magnified and sometimes the group of familiar faces belies the fact that we are no longer in a secure environment.

Everybody has a responsibility to protect classified information. If you are off-site, enjoy the change of surroundings, but ensure they are appropriately secured.

If you are planning a work conference or meeting at an off-site facility, please consult the Defence Security Manual or your regional Defence Security Authority office.

Conferences involving Top Secret, Secret or Highly Protected information are generally held on controlled premises. If a conference is at an external venue, the originator of the classified material must agree to accept the risk of information compromise and seek my approval.

Remember, security is everybody's business.

Collection activities targeting defence industry

With today's heightened security environment a critical issue for all personnel within Defence, the results of a 2005 American study into intelligence collection attempts against the defence industry community are of immense importance. While the findings reflect attempts to gain United States (US) information, the results are also valid for Australia's defence industry given our close alliance with the US. Wing Commander Patrick Holland explains.

Domestic industries in Australia and western countries develop and produce the bulk of our defence technology and it is essential that we protect this capability, which plays such a significant role in creating the information that is critical to Australia's national security.

An emerging global market, dependent upon mass communication, opens the door for legitimate businesses to become the targets of subversive attempts by foreign entities to gain access to sensitive technologies. Defence is no exception.

What are foreign intelligence collectors after?

The top 10 technologies generating the most foreign interest in 2004 were:

• information technology;
• sensors;
• aeronautics;
• electronics;
• armaments and energetic materials;
• lasers and optics;
• signature control technology;
• materials and processing technology;
• chemical technology; and
• space systems.

What Collection Techniques are we most likely to encounter?

The techniques used by foreign entities when attempting to collect sensitive or classified information include:

• requests for information;
• acquisition of controlled technology;
• solicitation and marketing of services;
• exploitation of relationships;
• exploitation of foreign visits to Western industrial sites;
• unsolicited Internet activity;
• targeting at conventions, expositions and seminars; and
• foreign employees - work offers from foreign employers.
  

The top three techniques were used in over 80 per cent of all foreign collection attempts. Collectors are generally persistent in achieving their aims and, in many cases, use a combination of collection techniques. Unsolicited use of the Internet, such as emails in which pointed questions are asked, contributed to some of the most successful technology collection events.

What can we do to reduce the threat?

Foreign requests for defence science and technology information are the most frequently reported techniques. Requests usually involve faxing, mailing, emailing or telephoning individuals rather than corporate marketing departments. A way in which to reduce this significant threat is for commanders and supervisors to ensure the following security countermeasures are in place:

• have a technology control plan;
• have a written company policy on how to respond to requests;
• brief personnel not to respond to suspicious requests;
• ensure personnel are briefed on the scope of foreign visits;
• seek travel briefings before departing on overseas business travel; and
• review what information you have in the open domain.

Within Defence, both military members and civilian staff must be aware of the importance of maintaining security measures and ensuring physical, personnel and information security is upheld. Our best defence is, undoubtedly, to promote a high level of security awareness within our staff, both within Australian and abroad. For further information on security within Defence, visit the Defence Security Authority's comprehensive website at http://intranet.defence.gov.au/dsa/.

Secure capability, secure operations, secure Defence: it's everybody's business.

[ top of page ]