|You are currently viewing: Contents > Performance Reporting > Outcome 1 > Output 1.2: Overview|
Secure government communications and security of overseas missions
- IT governance and management
- Information management and secure communications access
- Physical and technical security overseas
- Security risk assessment
- Addressing emerging security issues and security technologies
- Security awareness and practice
As owner of the Government's global communications network, the department provides the communications backbone for the Government's international operations. The network provides secure communication links to 11 government agencies and seven ministers' offices in Australia and 86 locations overseas. We develop, operate, and maintain the network across a diverse range of locations worldwide, often in areas with rudimentary communications infrastructure.
Planning and launching the first phase of a three-year global deployment of the new Secure Australian Telecommunications and Information Network (SATIN) has been the major focus of the department's information management and communications program. SATIN was successfully deployed in Australia and the rollout overseas began. The department has also continued to strengthen its IT management through consolidation of a new IT governance structure and development of a rolling Five Year Information Technology Plan.
We continued to improve security awareness and practice among our staff and strengthened our efforts to ensure the security of Australia's missions overseas. The 11 September 2001 terrorist attacks in the United States changed the international security environment. Following the attacks the department conducted an extensive review of physical security arrangements at our overseas missions. The results of the review, combined with up-to-date risk analyses of terrorist threats, were used to inform physical security upgrades in a number of our missions overseas, focusing on missions considered most at risk in the changed environment. A number of initiatives to improve security in the R G Casey Building, the department's headquarters, were also implemented.
At the same time, we continued to give priority to ensuring a high level of security awareness and practice among our staff in Canberra, and among departmental and other staff at posts. We also gave priority to ensuring that appropriate security measures were in place in the development and use of IT systems, including the new SATIN system.
| Top |
IT governance and management
The department further strengthened IT management, consolidating the IT governance structure and continuing efforts to establish a more robust whole-of-department IT environment. The IT Strategy Committee, the pre-eminent body of the revised IT governance arrangements, developed the department's Five Year Information Technology Plan. A key strategic planning document, the plan sets out IT-related goals, objectives and technical standards, to provide more effective long-term planning for the department as a whole. IT capability is now better integrated into our strategic management processes as well as being more service and support-oriented.
| Top |
Information management and secure communications access
The department completed the first phase of the global deployment of SATIN, the largest IT project we have undertaken to date. The SATIN network replaces the ageing Australian Diplomatic Communications Network (ADCNET) and Non-National Secure (NNS) systems. The 2001-02 Commonwealth Budget committed $36 million of new funding over three years towards the replacement of ADCNET.
Operating both secure and non-national secure systems from a single desktop unit, SATIN has increased productivity and will rationalise support costs once fully deployed. It has been well received in the locations where it has been installed to date-despite some initial user concerns about system performance-and is essential to the delivery of whole-of-government secure communications in Canberra and overseas.
Given the complexities and costs in replacing systems at our posts overseas, SATIN design has incorporated strategies for a longer-than-average life for system hardware. Asset management has been a priority, and mechanisms are in place to ensure effective asset management of SATIN equipment as it is deployed.
We installed SATIN in our state and passport offices (except Perth, where it was installed after the period of review) with minimal disruption to operations. SATIN rollout to Australian missions overseas, including attached agencies, also began in 2001-02. The rollout has been completed at eight posts in Asia and the Pacific. The deployment of SATIN to the remainder of Australia's diplomatic and consular missions abroad will continue over the next two financial years.
To ensure the new system performs to its capacity, we provided mandatory training to all departmental staff in Canberra and at rollout posts, and to staff of other agencies at posts. Continuous monitoring and testing will help us refine and improve the system.
The department's mobile communication system, the FlyAway unit, provides secure communications for temporary Australian offices set up for specific needs. It was successfully deployed at the South Pacific Forum and later at short notice in Nauru to support an Australian Administrative Centre set up to facilitate the establishment of an asylum seeker processing facility. A FlyAway unit was used at CHOGM to provide secure communications for the Prime Minister and other ministers. Secure communications support through FlyAway units was also provided to ministers and the delegation attending the WTO Ministerial Meeting in Doha.
Many of our posts are located in developing countries where the unreliability of telecommunications can impede normal business operations. In May 2002 the department signed contracts with service providers for the provision of international terrestrial and satellite telecommunications links to Australia's overseas missions to support SATIN. This followed exhaustive market testing and rigorous risk analysis that began in January 2001. The contracts enable us to expand bandwidth capacity significantly at minimal extra cost (see Section 3-Corporate Management and Accountability-at page 217 for further detail on these contracts).
Building on work already undertaken before 11 September 2001, the department further improved its disaster recovery capability with the establishment of an off-site data storage facility. We successfully outsourced the remaining IBM mainframe, used primarily for passports processing, in October 2001. This has eliminated the risks to our passport operations posed by the lack of an adequate in-house back-up facility.
The department continued to develop IT applications to increase the efficiency of our main corporate business systems and to improve the delivery of services to external clients. In particular, we developed a global Consular Management Information System to improve consular services, enabling officers in Canberra and overseas to track and share information on consular cases more efficiently (see output 2.1 at page 135 for further information).
| Top |
Physical and technical security overseas
The 11 September 2001 terrorist attacks highlighted the vulnerability of infrastructure, further underlining the importance of ensuring appropriate levels of physical security for Australian missions overseas.
We conducted an extensive review of physical security arrangements at our overseas missions. Risk analyses of terrorist threat informed physical security upgrades at those missions considered most at risk. The range of additional physical security measures included increased guarding services, upgraded perimeter security, better public access control, and metal and mail detection equipment. We also provided prompt and comprehensive advice to posts on managing the risk of a biological attack or hoax, and on appropriate mail-handling procedures.
As part of our responsibility to protect Australian missions against technical and electronic attack, we carried out inspections of 23 posts, including seven new or relocated missions. We provided technical security support to a number of prime ministerial visits overseas. We also conducted special security assessment and advisory visits to posts with particular security concerns. We continued to participate in a useful exchange of technical security techniques and procedures with Canada, the United States and the United Kingdom.
Security fit-outs were undertaken at a number of newly established or refurbished overseas missions, ensuring compliance with departmental standards and consistent with threat assessments.
| Top |
Security risk assessment
In June 2002 the department carried out a generic security risk assessment of its operations.
The assessment considered the security risks that the department faces, the measures in place to treat those risks and the likelihood and possible consequences of various scenarios. While the department operates in a high threat environment, sound risk management practices enable us to continue to operate efficiently and safely.
The assessment found that the department should continue giving the highest priority to protecting staff and assets from violent physical harm. Espionage and unauthorised disclosure of official information were also identified as key risks, which the department was reducing through effective counter-measures. The assessment also considered the risk to official information and assets from theft, non-violent crime, unethical behaviour, accidents and natural disasters.
The assessment found overall that we were handling our security risks thoroughly and effectively. The assessment will inform a revision of our agency security plan in 2002-03.
Addressing emerging security issues and security technologies
Personal Digital Assistants have become popular business tools but they can pose significant security risks to organisations dealing with sensitive information. The department has developed guidelines on the use of these devices to reduce risks in handling such information.
Access control in overseas missions has traditionally relied on a variety of combination locks, PIN numbers and IT logons. While effective, they are also prone to human error and typically have had only limited audit trails.
The department is trialling a new biometrics access control system that has the potential to replace memory-based entry codes with an iris scan. The system is safe, convenient and, with a rate of false acceptances that is claimed to be almost non-existent, offers the potential to improve security with reduced administrative overheads. We hope to introduce a pilot scheme into an overseas post before the end of 2002.
| Top |
Security awareness and practice
The department ensured high standards of security awareness and practice in Australia and at overseas posts.
We reviewed and restructured our overseas security awareness course, which is compulsory for all staff before overseas postings, including staff from other agencies. The course now has an introductory component for people on their first postings as well as a refresher component. A total of 206 staff from the department and 158 from other agencies attended the course in 2001-02.
We restructured our compulsory security awareness training for staff in Australia along similar lines to the overseas course and will introduce the new format early in 2002-03. A total of 196 staff attended the course in 2001-02.
New measures at overseas posts
In March 2002 we introduced a number of measures to improve security awareness and practice overseas. A strict 'clear desk' policy now applies at overseas posts to reduce the possibility of classified material being compromised. The policy applies to all agencies at posts that regularly handle classified material and is enforced through regular unannounced after-hours inspections of work areas. All security breaches at overseas posts are reported promptly to central office. Posts report quarterly on their compliance with these new procedures and a range of other security requirements.
We conducted a successful pilot security audit of an overseas post, and will make such exercises a routine part of visits to posts by audit and technical security teams.
We improved the physical protection of the R G Casey Building in Canberra by constructing additional access control points for sensitive parts of the building. We also launched a pilot project to assess the use of biometric access controls. (See box above on 'Addressing emerging security issues and security technologies')
New York Consulate-General staff member Lakpa Sherpa sorts mail using precautions against exposure to anthrax spores.
| Top |
The department conducted 308 initial security clearances for new staff and 588 security clearance reviews for other staff (including 469 re-evaluations and 119 recognitions). The number of clearances processed was higher than in 2000-01. This reflected an increase in the number of new starters and contractors requiring clearances, and the introduction of a clearance database in December 2001 which allowed substantial progress towards the removal of a backlog of clearance re-evaluations.
We called for tenders for the external provision of security clearance processing for our contractors and non-ongoing staff. The successful tenderer agreed to conduct clearances to the department's minimum standards (which exceed those in the Commonwealth Protective Security Manual 2000) and to meet rigorous performance targets.
The department places a high priority on ensuring that appropriate security measures are in place in the development and use of IT systems. We are developing a comprehensive security framework to consolidate policy and instructions relating to IT systems. We completed a comprehensive risk and threat assessment for the SATIN system.
We continued to provide IT security awareness training to staff, stressing the need to adhere to departmental instructions when using official systems, as well as encouraging officers to observe good personal security practices in daily life. IT security inspections were conducted at posts to ensure compliance and to provide advice on measures to reduce emerging risks.
| Top |
Send us feedback.