Developments at the antipodes

(To Enrico Magnani)

After having examined the developments in Australian defense policy, it is useful to look at another aspect of Canberra's security policy, namely intelligence where interesting developments are being recorded.

Again, the government led by Labor Party Tony Albanese grasps the timing and launches a project to review intelligence policy and architecture.

In practice, independent reviews of the Australian intelligence community are conducted every five to seven years, a pattern set by the Flood report post-2004 Iraq war1 which replaced the analyses on spot. Just the month of July marks six years since the publication of the report of the independent intelligence analysis of 2017, led by Michael L'Estrange and Stephen Merchant.

The government is likely to announce its next intelligence policy review shortly, which will build, in part, on this2. As you can imagine, a review in this area is not only due but highly timely. The strategic environment for Canberra, its Australian foreign, defense and intelligence policy is changing rapidly. International and regional power politics are heating up and intelligence will be a key tool for the federal government to operate in this scenario and achieve the national defense objectives described in the Strategic Review of Defense.

In this context, reconfirmation of previous schemas and architectures will not suffice. The first indications that emerged from the new report suggest that technological changes will be considered, some already underway in the world of intelligence, as well as those on the horizon, such as generative AI (Artificial Intelligence) and the enormous growth in opportunities for OSInt (Open Sources Intelligence).

The 23 recommendations of the 2017 review3 they had far-reaching consequences for the Australian intelligence community which will be reconfirmed in the new report. Fundamental was the establishment ofOffice of National Intelligence, body equivalent toU.S. Office of the Director of National Intelligence andUK Joint Intelligence Organisation and its director, in addition to leading the national intelligence community, is the prime minister's chief intelligence adviser4.

A joint capability fund and an investment plan for intelligence capabilities were established to support integrated capability development. L'Australian Signals Directorate after being taken off the addiction since Department of Defense it will not be reassigned but will continue to provide the requested data and information to the entire community5.

A comprehensive review of national security legislation was undertaken in late 2020. The review also recommended expanding the roles of the Office of the Inspector General for Intelligence and Security and the Joint Parliamentary Intelligence and Security Committee, although this has yet to be fully implemented6. The advances on the new report also confirm the salient point of the 2017 report, which is the confirmation of the reconfiguration of Australian intelligence into a community made up of 10 agencies7 incorporating AUSTRAC (the Australian Transaction Reports and Analysis Centre)8. This reconceptualization has led to a unicum that brings together all the elements of intelligence: security, foreign affairs, law enforcement and border protection.

What challenges

The challenges facing the Australian intelligence community are manifold, starting with the availability of personnel, in related terms of quantity and quality; to this must be added the need to adapt to rapid and profound technological change. And the third is the increasingly close partnership between the Australian intelligence community and those of allied countries, first and foremost, the aforementioned Five Eyes and now the AUKUS, but not forgetting the other nations of the region, such as France, South Korea, Japan, India, Indonesia, Malaysia, Vietnam, Singapore and the Philippines.

The report highlights how the past six years have raised important and challenging issues and identifies opportunities to further improve the intelligence community's performance. It also provides specific recommendations to inform planning and preparation for the new review.

The strategic context of the forthcoming review will necessarily be aligned with the Strategic Defense Review's assessments of accelerating strategic circumstances and planning timelines, such as the relative decline of counterterrorism as an intelligence priority and the growing centrality of China in intelligence planning, and whether these developments require changes to the model launched in 2017.

The 2004 and 2017 filings both produced substantial public reports in addition to their own classified reports. The forthcoming document should do the same, including making public recommendations, replicating the open approach to public dialogue and explanation offered by L'Estrange and Merchant. Given strategic developments since 2017, future reporting should include an appropriate level of frankness with national public opinion about the intelligence and cyber challenges posed to Australia by the rise of China.

Finally, the great value of the 2017 document has however been overshadowed by the absence of a comprehensive public account of the implementation of its recommendations. While there will always be elements that must remain confidential, the lack of communication with the public over the past six years has been disappointing. This time the release of a public evaluation of the is highly plausible follow-up of the implementation 18 to 24 months after the release of the review.

That the Chinese threat is not only commercial, aimed at rare earths or the acquisition of ports, and that it is not just the subject of more or less informed articles, was highlighted last May 25 when Australia and its partners, in the network of intelligence sharing Five Eyes, have revealed the existence of a group of cyber hackers named "Volt Typhoon"9. The group had been detected attempting to break into critical infrastructure since 2021, but the nature of recent information about its behavior suggests worrying developments in China's cyber establishment. While it appears clear that the Volt Typhoon emanating from the cyber intelligence community, there are many layers that need to be peeled away to reveal the true nature and implications of the threat.

Cyberthreats aligned or sponsored by China can be grouped under two broad governmental structures: ministry of state security and strategic support force. ministry is China's flagship foreign policy intelligence, counterintelligence, and security agency, while the strategic support force is the joint information warfare command of thePeople's Liberation Army (PLA). It is similar to Cyber ​​Command but while this focuses solely on military cyber operations, the "force" has a broader remit covering electronic warfare, strategic military cyber operations, and political warfare10.

Chinese cyber operators have become notorious for intellectual property theft, but their cyber espionage business has gradually shifted to meet other strategic imperatives, as demonstrated by the case Volt Typhoon.

Offensive cyber intrusions for specific strategic effects usually require the replacement of technical systems and long-term access to the adversary's network well in advance of the operation. The recently resigned White House information security adviser Chris Inglis11 he called these facilities the intelligence, surveillance and reconnaissance platforms that they are "ubiquitous, real-time and persistent"12 and the story related to Volt Typhoon seems to have performed just such a pre-positioning operation.

The available intelligence on Chinese cyber activity can be confusing. The two aforementioned bodies use the services of private contractors to develop their offensive tool chains. This operational and infrastructure overlap means that commercial intelligence analysts end up lumping China-related cybercrime, cyberespionage, and military cyberactivity into large clusters such as Winnti, APT40, APT41, Bario, and Hafnium. This has muddied the waters considerably.

While the activities of the ministry of state security and its affiliates have been identified on global networks and connected to sophisticated political and economic espionage operations, the strategic support command, cooperating closely with the joint PLA exchequer commands, operates in the surrounding areas of China.

Le Technical Reconnaissance Base (TRB, formerly known as "offices"), are the branch offices of the network signals intelligence PLA and inserted in the joint commands of chessboards. TRBs are based on a combination of toolchain13 customized e toolchain shared with contractors and the ministry of state security. An example is shadowpad, thought to underlie one of the earliest known pre-positioning operations in China, e RedEcho, whose presence was identified in India's electricity grid in 2021 during the worst moments of military tensions on the Indo-China border and is considered a TRB reporting to the Western Joint Chessboard Command. Next to these have been identified the "Tonto Team" was connected to Unit 65016, a TRB of the northern theater command; "Naikon" was related to southern theater command; and "Tick" was related to Unit 61419, a TRB of the command of the strategic support force.

The operation of Volt Typhoon shows that this had a strategic scope and that it extended well beyond Australia and the Indo-Pacific and that the integration between the various structures, political, military and civilian, commercial companies is effective and that strategic cyber operations are directly sanctioned by the Central Military Commission and finally authorized by the supreme summit in Beijing.

Similarly, the activities of the 'contractors' (if you want to call them that way) of the ministry of state security are similarly pervasive as in the case of the Microsoft Exchange in 2020-21, which aggressively targeted many Western organizations, was orchestrated by a regional MSS office and therefore would not have passed through the channels of the PLA (People's Army of Liberation, ed) up to the top.

1 Federation of American Scientists, Report of the inquiry into Australian Intelligence Agencies, July 2004, Australian Government

2 Report of the 2017 Independent Intelligence Review

3 Ibidem

4 Office of National Intelligence Act 2018 No. 155, 2018

5 The ASD is part of the Five Eyes network, which includes organizations of the same nature as USA; Canada, Great Britain, New Zealand, Five Eyes Intelligence Oversight and Review Council (FIORC),

6 Review of the Australian Security Intelligence Organization Amendment Bill 2023

7 Australian Criminal Intelligence Commission (ACIC), Australian Federal Police (AFP), Australian Geospatial-Intelligence Organization (AGO), Australian Secret Intelligence Service (ASIS), Australian Security Intelligence Organization (ASIO), Australian Signals Directorate (ASD), Australian Transaction Reports and Analysis Center (AUSTRAC), Defense Intelligence Organization (DIO), Department of Home Affairs, Office of National Intelligence (ONI); to these must be added the Australian Border Force (ABF). In addition to the Prime Minister's Office, which in addition to having the direct jurisdiction of ONI and ASD, the other departments involved are Foreign, Interior, Defence, Finance

8 The Australian Transaction Reports and Analysis Center is an Australian government financial intelligence agency responsible for monitoring financial transactions to identify money laundering, organized crime, tax evasion, welfare fraud and terrorist financing. )

9 TXOne Network 30.05.2023 Volt Typhoon's Cyberattack: Key Concerns and Implications for the Industry

10 The Force was established in 2015 as part of PLA structural reforms led by Chinese President Xi Jinping. The Jamestown foundation, The People's Liberation Army Strategic Support Force: Update 2019 29.05.2023

11 Politico 08 Feb. 2023, Inglis to step down next week from post as nation's first national cyber director

12 H. Lin, A. Zegart, Bytes, Bombs, and Spies: The Strategic Dimensions of Offensive Cyber ​​Operations, Brookings Institution Press, 2018

13 In software, a toolchain is a set of programming tools used to perform a complex software development task or to create a software product, which is typically another computer program or set of related programs

Frame: Australian Government Defence