{"id":37384,"date":"2018-02-19T11:00:54","date_gmt":"2018-02-19T00:00:54","guid":{"rendered":"https:\/\/www.aspistrategist.ru\/?p=37384"},"modified":"2018-03-07T11:08:09","modified_gmt":"2018-03-07T00:08:09","slug":"security-not-dirty-word","status":"publish","type":"post","link":"https:\/\/www.aspistrategist.ru\/security-not-dirty-word\/","title":{"rendered":"Security is not a dirty word"},"content":{"rendered":"<p>&nbsp;<\/p>\n<figure><img loading=\"lazy\" decoding=\"async\" width=\"640\" height=\"480\" class=\"alignnone size-full wp-image-37739 aligncenter\" src=\"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2018\/02\/1376837300_e66f7e8876_z.jpg\" srcset=\"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2018\/02\/1376837300_e66f7e8876_z.jpg 640w, https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2018\/02\/1376837300_e66f7e8876_z-205x154.jpg 205w\" sizes=\"(max-width: 640px) 100vw, 640px\" \/><\/figure>\n<p>For over a decade, both of our major political parties, in the face of uncertain times, have been going forth \u2018getting tough on security\u2019. It would seem that General Melchett, Stephen Fry\u2019s character from the 1980s comedy classic <em>Black Adder Goes Forth<\/em>, must\u2019ve been right when he declared, \u2018<a href=\"https:\/\/www.youtube.com\/watch?v=VIHtxWsEhJw\" target=\"_blank\" rel=\"noopener\">Security is not a dirty word<\/a>\u2019. However, security became a really dirty word for government last month when we had one of Australia\u2019s biggest breaches of cabinet security. <a href=\"http:\/\/www.abc.net.au\/news\/2018-01-31\/cabinet-files-reveal-inner-government-decisions\/9168442\" target=\"_blank\" rel=\"noopener\">Thousands of documents<\/a> spanning nearly a decade\u2014nearly all classified\u2014were sold off in two old filing cabinets at a Canberra second-hand shop.<\/p>\n<p>You could be forgiven for chuckling over the irony that at the same time that our government was talking up new legislation to protect the country from foreign interference, one department was giving the secrets away. All jokes aside, the real problem is that the \u2018<a href=\"http:\/\/www.abc.net.au\/news\/2018-01-31\/cabinet-files-reveal-inner-government-decisions\/9168442\" target=\"_blank\" rel=\"noopener\">The Cabinet files<\/a>\u2019 may not be a \u2018<a href=\"http:\/\/www.abc.net.au\/news\/2018-02-03\/cabinet-files-security-blunder-a-one-off-government-tells-allies\/9393296\" target=\"_blank\" rel=\"noopener\">one-off\u2019 breach<\/a>, but rather a symptom of the Commonwealth\u2019s declining investment in one of the less interesting but crucial elements of national security: protective security policy.<\/p>\n<p>Let\u2019s not forget that as bad as the Cabinet files breach was, it also revealed other security problems:<\/p>\n<ul>\n<li><span style=\"font-weight: 400;\">The Australian Federal Police <a href=\"https:\/\/www.afp.gov.au\/news-media\/media-releases\/media-statement-reports-afp-lost-400-national-security-documents-five\" target=\"_blank\" rel=\"noopener\">\u2018lost\u2019 national security files<\/a>.<\/span><\/li>\n<li><span style=\"font-weight: 400;\">Nearly 200 top secret, code word\u2013protected documents that were supposed to be collected by the Department of Finance were left behind in a locked cabinet in the office of Senator Penny Wong during the transition of government in 2013.\u00a0<\/span><\/li>\n<\/ul>\n<p>Just as the dust was settling over the Cabinet file\u2019s, the Australian government was struck by another embarrassing security breach. A classified notebook and identification cards belonging to a Defence official were <a href=\"http:\/\/www.canberratimes.com.au\/national\/public-service\/mystery-surrounds-classified-defence-notebook-sold-in-furniture-at-canberra-tip-20180204-h0tk93.html\" target=\"_blank\" rel=\"noopener\">found by a member of the public<\/a>.<\/p>\n<p>Our growing protective security problem isn\u2019t isolated to physical or information security either, as there are also long-term problems with personnel security. In August last year, following the <a href=\"https:\/\/pmc.gov.au\/sites\/default\/files\/publications\/2017-Independent-Intelligence-Review.pdf\" target=\"_blank\" rel=\"noopener\">2017 Independent Intelligence Review<\/a>, <a href=\"https:\/\/www.aspistrategist.ru\/vetting-the-vetters\/#https:\/\/pmc.gov.au\/resource-centre\/national-security\/report-2017-independent-intelligence-review\" target=\"_blank\" rel=\"noopener\">Kate Grayson<\/a> highlighted that the \u2018the long delays in security vetting for some of our key intelligence agencies are clearly unacceptable\u2019. John agreed but argued that <a href=\"https:\/\/www.aspistrategist.ru\/clearing-backlog-look-future-not-past\/\" target=\"_blank\" rel=\"noopener\">decentralisation was not the answer<\/a>. While these delays had much to do with an increasing demand for clearances, the problem had been present for many years with little in the way of an effective policy response.<\/p>\n<p>While Australia\u2019s protective security has been tested recently and certainly been found wanting, the problem originated with changes to Australia\u2019s protective security framework at the beginning of the decade.<\/p>\n<p>In 2010, the Commonwealth embraced a paradigm shift in the government\u2019s protective security model that moved from a prescriptive compliance approach under the Protective Security Manual to a risk management approach under the <a href=\"https:\/\/www.protectivesecurity.gov.au\/Documents\/Protective-Security-Policy-Framework-transition-booklet.PDF\" target=\"_blank\" rel=\"noopener\">Protective Security Policy Framework<\/a> (PSPF).<\/p>\n<p>The PSPF model provides guidance to government in identifying and managing security risks to its personnel, intellectual property and assets. The model was developed to build a secure information architecture across the various tiers of Australian government. This information architecture was supposed to create the security environment necessary for the conduct of government business with the Australian public. In other words, it\u2019s the nuts and bolts for ensuring that government activities and confidential information flows remain secure. However, the PSPF\u2019s decentralised and less prescriptive approach appears to have created some rather conspicuous protective security gaps between agencies and other stakeholders in the private sector.<\/p>\n<p>Australia\u2019s protective security policy environment has become increasingly complex in recent years. As Australia increasingly relies on public\u2013private partnerships in <a href=\"http:\/\/www.defence.gov.au\/WhitePaper\/Docs\/2016-Defence-Industry-Policy-Statement.pdf\" target=\"_blank\" rel=\"noopener\">defence<\/a> and <a href=\"https:\/\/www.pmc.gov.au\/news-centre\/cyber-security\/partnership-innovation-and-cyber-security-lexicon\" target=\"_blank\" rel=\"noopener\">security<\/a>, if the government\u2019s security arrangements stymie threats, those threats are likely to seek out third-party contractors, who are probably easier marks.<\/p>\n<p>The government seems to be fine with that. Minister for Defence Industry Christopher Pyne <a href=\"http:\/\/www.smh.com.au\/federal-politics\/political-news\/dont-blame-government-for-lax-security-of-defence-contractors-says-christopher-pyne-20171011-gyz78v.html\" target=\"_blank\" rel=\"noopener\">says<\/a> that the government can\u2019t be held responsible for a contractor\u2019s lax security. But Pyne\u2019s sentiments contradict the PSPF, which specifies that \u2018[government] agencies must ensure the contracted service provider complies with the requirements of this policy and any protective security protocols\u2019.<\/p>\n<p>Owing to the PSPF, training courses accredited by the Attorney-General&#8217;s Department and delivered by the Protective Security Training College in Canberra and the Australian Emergency Management Institute in Mt Macedon, Victoria, aren\u2019t offered any longer. Security practitioners argue that this has led to a deskilling among government security professionals.<\/p>\n<p>The risk-based model also led to a downsizing of the Protective Security Coordination Centre, which was historically charged with formulating security policy. More recently, the responsibilities have shifted to Emergency Management Australia (EMA). With EMA\u2019s transfer to the newly established Home Affairs Portfolio, it now falls under the remit of Minister Peter Dutton.<\/p>\n<p>The incidents above tells us that Australia\u2019s PSPF isn\u2019t satisfying government\u2019s protective security requirements. More than a few commentators and policymakers will be quick to argue that a fully digitised information architecture\u2014which would provide a tighter grasp on information flows\u2014could be the trick to improve security. However, there\u2019s a broader imperative for a reformed protective security doctrine.<\/p>\n<p>At a time when the security threat is so diverse, the nation\u2019s protective security arrangements need to be independently reviewed as soon as possible. Such a review would need to examine the full spectrum of physical, information and personnel security policies that form the framework of our protective security strategy. The terms of reference would also need to address such issues as security cultures, awareness, training and education.<\/p>\n<p>To be very sure, finding and punishing the public servant responsible for the Cabinet files\u2019 will have no impact on national security, nor produce any lasting improvement in security. The rot is entrenched in the system and must be exorcised.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>&nbsp; For over a decade, both of our major political parties, in the face of uncertain times, have been going forth \u2018getting tough on security\u2019. It would seem that General Melchett, Stephen Fry\u2019s character from &#8230;<\/p>\n","protected":false},"author":310,"featured_media":37739,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_mi_skip_tracking":false,"footnotes":""},"categories":[1],"tags":[932],"class_list":["post-37384","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-general","tag-security"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v19.3 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Security is not a dirty word | The Strategist<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.aspistrategist.ru\/security-not-dirty-word\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Security is not a dirty word | The Strategist\" \/>\n<meta property=\"og:description\" content=\"&nbsp; For over a decade, both of our major political parties, in the face of uncertain times, have been going forth \u2018getting tough on security\u2019. It would seem that General Melchett, Stephen Fry\u2019s character from ...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.aspistrategist.ru\/security-not-dirty-word\/\" \/>\n<meta property=\"og:site_name\" content=\"The Strategist\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/ASPI.org\" \/>\n<meta property=\"article:published_time\" content=\"2018-02-19T00:00:54+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2018-03-07T00:08:09+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2018\/02\/1376837300_e66f7e8876_z.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"640\" \/>\n\t<meta property=\"og:image:height\" content=\"480\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"John Coyne\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@ASPI_org\" \/>\n<meta name=\"twitter:site\" content=\"@ASPI_org\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"John Coyne\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.aspistrategist.ru\/#website\",\"url\":\"https:\/\/www.aspistrategist.ru\/\",\"name\":\"The Strategist\",\"description\":\"ASPI&#039;s analysis and commentary site\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.aspistrategist.ru\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-AU\"},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-AU\",\"@id\":\"https:\/\/www.aspistrategist.ru\/security-not-dirty-word\/#primaryimage\",\"url\":\"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2018\/02\/1376837300_e66f7e8876_z.jpg\",\"contentUrl\":\"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2018\/02\/1376837300_e66f7e8876_z.jpg\",\"width\":640,\"height\":480},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.aspistrategist.ru\/security-not-dirty-word\/\",\"url\":\"https:\/\/www.aspistrategist.ru\/security-not-dirty-word\/\",\"name\":\"Security is not a dirty word | The Strategist\",\"isPartOf\":{\"@id\":\"https:\/\/www.aspistrategist.ru\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.aspistrategist.ru\/security-not-dirty-word\/#primaryimage\"},\"datePublished\":\"2018-02-19T00:00:54+00:00\",\"dateModified\":\"2018-03-07T00:08:09+00:00\",\"author\":{\"@id\":\"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/a67980596297e3db4ad0b3fde70aa778\"},\"breadcrumb\":{\"@id\":\"https:\/\/www.aspistrategist.ru\/security-not-dirty-word\/#breadcrumb\"},\"inLanguage\":\"en-AU\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.aspistrategist.ru\/security-not-dirty-word\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.aspistrategist.ru\/security-not-dirty-word\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.aspistrategist.ru\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Security is not a dirty word\"}]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/a67980596297e3db4ad0b3fde70aa778\",\"name\":\"John Coyne\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-AU\",\"@id\":\"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/e84af569f04d25615d1447d4fe1908a9?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/e84af569f04d25615d1447d4fe1908a9?s=96&d=mm&r=g\",\"caption\":\"John Coyne\"},\"url\":\"https:\/\/www.aspistrategist.ru\/author\/john-coyne\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Security is not a dirty word | The Strategist","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.aspistrategist.ru\/security-not-dirty-word\/","og_locale":"en_US","og_type":"article","og_title":"Security is not a dirty word | The Strategist","og_description":"&nbsp; For over a decade, both of our major political parties, in the face of uncertain times, have been going forth \u2018getting tough on security\u2019. It would seem that General Melchett, Stephen Fry\u2019s character from ...","og_url":"https:\/\/www.aspistrategist.ru\/security-not-dirty-word\/","og_site_name":"The Strategist","article_publisher":"https:\/\/www.facebook.com\/ASPI.org","article_published_time":"2018-02-19T00:00:54+00:00","article_modified_time":"2018-03-07T00:08:09+00:00","og_image":[{"width":640,"height":480,"url":"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2018\/02\/1376837300_e66f7e8876_z.jpg","type":"image\/jpeg"}],"author":"John Coyne","twitter_card":"summary_large_image","twitter_creator":"@ASPI_org","twitter_site":"@ASPI_org","twitter_misc":{"Written by":"John Coyne","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebSite","@id":"https:\/\/www.aspistrategist.ru\/#website","url":"https:\/\/www.aspistrategist.ru\/","name":"The Strategist","description":"ASPI&#039;s analysis and commentary site","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.aspistrategist.ru\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-AU"},{"@type":"ImageObject","inLanguage":"en-AU","@id":"https:\/\/www.aspistrategist.ru\/security-not-dirty-word\/#primaryimage","url":"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2018\/02\/1376837300_e66f7e8876_z.jpg","contentUrl":"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2018\/02\/1376837300_e66f7e8876_z.jpg","width":640,"height":480},{"@type":"WebPage","@id":"https:\/\/www.aspistrategist.ru\/security-not-dirty-word\/","url":"https:\/\/www.aspistrategist.ru\/security-not-dirty-word\/","name":"Security is not a dirty word | The Strategist","isPartOf":{"@id":"https:\/\/www.aspistrategist.ru\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.aspistrategist.ru\/security-not-dirty-word\/#primaryimage"},"datePublished":"2018-02-19T00:00:54+00:00","dateModified":"2018-03-07T00:08:09+00:00","author":{"@id":"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/a67980596297e3db4ad0b3fde70aa778"},"breadcrumb":{"@id":"https:\/\/www.aspistrategist.ru\/security-not-dirty-word\/#breadcrumb"},"inLanguage":"en-AU","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.aspistrategist.ru\/security-not-dirty-word\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.aspistrategist.ru\/security-not-dirty-word\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.aspistrategist.ru\/"},{"@type":"ListItem","position":2,"name":"Security is not a dirty word"}]},{"@type":"Person","@id":"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/a67980596297e3db4ad0b3fde70aa778","name":"John Coyne","image":{"@type":"ImageObject","inLanguage":"en-AU","@id":"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/e84af569f04d25615d1447d4fe1908a9?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/e84af569f04d25615d1447d4fe1908a9?s=96&d=mm&r=g","caption":"John Coyne"},"url":"https:\/\/www.aspistrategist.ru\/author\/john-coyne\/"}]}},"_links":{"self":[{"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/posts\/37384"}],"collection":[{"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/users\/310"}],"replies":[{"embeddable":true,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/comments?post=37384"}],"version-history":[{"count":8,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/posts\/37384\/revisions"}],"predecessor-version":[{"id":37740,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/posts\/37384\/revisions\/37740"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/media\/37739"}],"wp:attachment":[{"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/media?parent=37384"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/categories?post=37384"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/tags?post=37384"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}