Do intelligence agencies need restructuring for the digital disinformation age?
The current architecture of the intelligence world is full of historical accidents dating back to the Second World War, says Andrew Davies, a senior fellow at the Australian Strategic Policy Institute (ASPI) in Canberra.
Take all the cybers, for example. In most western countries both cyber intelligence and cybersecurity have ended up being run by the signals intelligence agencies.
The Australian Cyber Security Centre is part of the Australian Signals Directorate, for example. In the UK, the National Cyber Security Centre is part of their signals intelligence agency, the Government Communications Headquarters.
According to Davies, if you started with a blank sheet of paper you wouldn’t necessarily do it that way
Digital espionage has “been the leader” in the agencies’ adaptation to the internet age, he said, but the increasingly important areas of subversion and information operations look more like state-on-state hostile actions.
“The age-old game of subversion has now become something that can be done much more effectively, and with much deeper reach into somebody else’s population,” Davies said in a panel discussion last week.
“One of the things that the intelligence community is probably undercooked on is the sort of foreign influence, the sort of things that we saw Russia doing during the US presidential election and elsewhere in Europe in various elections, and the Brexit poll, for example,” he said.
“One of the problems the intelligence community has is that there’s not a great incentive on the behalf of the political entities that benefit from that influence to do much about it.”
In the US, for example, the Trump administration “has not exactly been on the front foot” in limiting the ability of future influence operations.
At the same time, Davies said, the levels of trust between the intelligence community and government have declined.
“Governments these days, for whatever reason, they’re much more convinced that they understand the world better than experts do,” he said.
“You only need to look at the climate change policies of most of the countries of the world to see that.”
There’s “a fair amount of circumstantial evidence” that the intelligence community gave plenty of warning about the coronavirus outbreak in Wuhan to the US government, Davies said, and presumably through the Five Eyes alliance to the UK and Australia.
“Yet two, three months later, governments were still scrambling to make things up as they went [along], which suggests that the warnings of intelligence agencies were not well taken on board,” he said.
“If I had to sum it up, I’d say that the biggest challenge is establishing credibility and trust with governments to provide that expert advice in a world where it’s now, I think, easier for adversaries to reach deep inside your society and foment distrust.”
Greater powers require greater oversight
Davies was a contributor to the latest edition of Australian Foreign Affairs, titled Spy vs Spy: The New Age of Espionage, for which last week’s panel was the launch.
In his essay, he notes that “regulation in the first few decades of Australian intelligence was much lighter than today”. Indeed, the agencies weren’t even publicly acknowledged until the 1970s, and there was “no significant independent oversight”.
Over the decades, that oversight has been improved by creating an independent Inspector-General of Intelligence and Security in 1986 and passing the Intelligence Services Act 2001.
But the agencies and their powers have also grown. Massively.
In 2001, ASIO’s budget was AU$61 million, for example, which is around $94 million in today’s money. But its budget now is AU$573 million.
Changes are needed, says Senator Penny Wong, the Shadow Minister for Foreign Affairs and a former member of the Parliamentary Joint Committee on Intelligence and Security.
“We need to consider whether or not how we operate as a polity, both in the intelligence architecture and culture and priorities, reflects the risks that Australia actually faces,” Wong said.
“Additional powers for intelligence and security entities ought to be accompanied by additional oversight.”
Wong is also worried about the way the public discussion of trade and security issues with China has been conducted.
“It is a difficult, complex-ish set of issues that we face as a nation in terms of the bilateral relationship and more broadly,” she said.
“I think we will benefit from very clear, consistent leadership in terms of the public discussion and from our political leaders.”
Australia also needs to tackle “something that has been neglected and misunderstood for a long time”, which is what China calls United Front Work and Australia has defined as “political interference”.
“It’s kind of a tricky one, because that one involves a mix of people who are professional employees of the Chinese state, and people who are sometimes working as business people and sometimes doing other stuff as well,” Wong said.
According to Professor Anne-Marie Brady, a specialist in Chinese politics, western nations need to understand the Chinese Communist Party (CCP) and its institutions in their own terms.
“We should have the same kind of basic knowledge across politicians and journalists and academics [about] the CCP intelligence agencies, as well as the other structures within the CCP system, as we do have that broad general knowledge and awareness about, say, the CIA or the FBI, or the KGB and FSB,” Brady said.
“We need to popularise that knowledge,” she said.
The rise of HUMINT-enabled cyber operations
While cyber espionage has certainly gained attention in recent years, Davies says the role of humans and human intelligence (HUMINT) won’t disappear.
“In almost any endeavour that people are involved in, the weakest link in the system is often a human being,” he said.
“Much more often, what a HUMINT operation looks like is an agent recruiting somebody within a foreign country, within the foreign government, within an organisation such as the IRA [Irish Republican Army] or even al Qaeda to act as a conduit of information, to exfiltrate information to the outside, and that won’t go away.”
Even the archetypical cyber sabotage operation, the Stuxnet attack on Iran’s uranium enrichment program revealed in 2010, probably involved a person with physical access to the controlling computer systems.
“People can actually act as an enabler for cyber as well,” Davies said.
These new ways of doing things will require a different skillset, panellists said.
ASPI’s Danielle Cave said she’s worried about recruitment, not just in the intelligence community, but also in the Department of Foreign Affairs and Trade, Home Affairs, and “the whole sort of foreign affairs and security space”.
“When I meet new people coming into different departments and agencies, I’m shocked by how little those people are different from the people I met 15, 20 years ago,” she said.
“There’s a lot of scope to go out and attract people in, and go poach talent from all different kinds of places.”
“The number of times technology was mentioned went from once in 2010 to nine times this year,” she said.
The word “critical”, in the context of critical technologies, critical infrastructure, critical minerals, rose from zero to 10. Also up were mentions of information, disinformation, interference, cyber, resilience, and, of course, 5G.
Wong said that reflects the new landscape we face.
“What you want in the foreign affairs department is a much greater expertise across a number of the domains you’re describing,” she said.
“Otherwise that institution simply won’t be effective, either in government or in terms of advocating Australia’s national interests.”
China’s United Front Work Department performs its ‘biggest magic’ through WeChat. Is it time to rein in its covert influence? Should it even be banned?
Among the sanctioned companies is a camera part supplier for Apple.
Select Committee hears testimony that no one in government thinks they own the problem of countering misinformation on social media.
It said the authority would be granted explicit insight into how content is filtered, blocked, amplified, or suppressed, both from a moderation and algorithmic amplification point of view.