A stronger centre is key to future Australian intelligence capability

It will be a welcome step if the current Independent Intelligence Review (IIR) recommends further empowering the Office of National Intelligence (ONI) to lead capability development and, by extension, to achieve a more collective approach by the many Australian agencies working in the field.

Terms of reference for the IIR encompass progress in the implementation of recommendations from previous reviews, including the establishment of the ONI and the creation of the national intelligence community (NIC). The review has been due to report to the government in mid-2024.

Australia’s traditionally federated intelligence community might seem unusual, given its moderate size; it’s more comparable to the notoriously decentralised US intelligence community than those of other Five Eyes countries. Australia typically separates assessment from collection (although not in the case of the Australian Security Intelligence Organisation, or ASIO) and has different agencies for different collection modes (signals, imagery and human intelligence-gathering) and for different intelligence purposes (foreign, defence, security, law enforcement, border and regulatory). The resulting myriad agencies, variously reporting to five ministers, work collaboratively towards common goals.

This is not accidental. As the 2017 IIR observed, ‘those delineations have broad enduring relevance. They capture, in particular, the essential requirements for a relationship of trust between government and the wider community in Australia about the legitimate uses of intelligence, and therefore the legal framework within which the agencies need to operate.’ However, the future would ‘demand greater levels of collaboration across traditional dividing lines and more cross-over points’.

So we got ONI, built up from the old Office of National Assessments (ONA) and responsible for the NIC’s enterprise-level management—‘leading the development and implementation of national intelligence priorities, undertaking systematic and rigorous evaluation of the performance of the agencies, implementing strategic workforce planning and facilitating joint capability planning,’ as the 2017 report said.

Seven years on, the NIC hasn’t quite developed as envisioned. As I’ve written previously, that’s due to levers that aren’t exercised as fully as the 2017 reviewers recommended (the Joint Capability Fund, or JCF, and the Intelligence Capability Investment Program, or ICIP); such unforeseen developments as establishment of the Department of Home Affairs and the Defence Intelligence Group; and natural structural features and incentives. The latter include enduring deficiencies in national security decision-making.

ONI’s role was defined cautiously, including legislatively, as ‘guidance’ and ‘coordination’. Within ONI, there remains gravitational pull upon attention and resources by its enduring role from when it was ONA as the principal all-source assessment agency.

It’s not quite the vision from the speech of the then attorney-general introducing ONI’s charter legislation: ‘ONI will lead the NIC with an “enterprise management” approach, creating … a “whole greater than the sum of its parts” which will leverage the strengths of each agency and enable government to consider the NIC’s efforts in their entirety.’ In short, a stronger centre.

Meanwhile, drivers identified earlier for a concerted community approach are now more pressing: the prospect of war, the persistence of transnational threats and the intensification of the international intelligence contest.

Portfolio-based approaches to operations and oversight still make sense, as confirmed by Dennis Richardson’s 2019 Comprehensive Review of national security legislation. For this outcome, an ONI that coordinates is sufficient, but capability development requires a more empowered ONI (one that leads) and a genuine community-first approach.

That’s not to say there haven’t been gains. In December 2021, ONI Director-General Andrew Shearer noted NIC agreement to capability-sharing principles, ‘so that we don’t have different agencies duplicating each other and inventing different solutions to the same problems’.

Nonetheless, we need not just the 2017 IIR vision for ONI but that model’s further enhancement. The tale of the Top Secret Cloud, foreshadowed in that review’s recommendation 13, illustrates this well.

In 2019, ASIO announced the pursuit of a new, cloud-based enterprise technology platform. This was superseded by ONI’s late 2020 request for expressions of interest for NIC-wide cloud computing services. A year later, Shearer acknowledged that agencies were cooperating on a top-secret cloud initiative. Then, in December 2023, he confirmed that the initiative was ongoing and it promised to ‘open up a shared collaborative space that will really reinforce this sense of working together as a genuine community and bringing all those different capabilities to bear on problems.’ On 4 July 2024, the government announced a strategic partnership between the Australian Signals Directorate (ASD) and Amazon Web Services to deliver the Top Secret Cloud at a cost of at least $2 billion.

An empowered ONI, leading a more collectively capable NIC, is critical to kicking on and making good on similar, future joint-capability developments. In fact, ASPI recommended this in relation to the Top Secret Cloud in its 2020 report National security agencies and the cloud: An urgent capability issue for Australia.

There is more than one way to skin the capability development cat. Community approaches needn’t be monolithic. Mini-lateralism can also be relevant. ONI can organise and direct community-benefiting developments through other NIC elements that are particularly capable of executing complex technical projects. In the case of information technologies, as we can see from the Top Secret Cloud announcement, that’s ASD.

What’s more, the Top Secret Cloud itself promises to drive other capability developments and operational effectiveness. Associated encouragement of more adaptive approaches to security can in the future open up other forms of efficiency and effectiveness (that is, the adoption of certain shared services).

Legislation shouldn’t be a barrier. Leaning forward on capability development, as distinct from agencies’ operations, shouldn’t fall foul of section 10 of the Office of National Intelligence Act 2018 (which details limits to ONI’s role).

Achieving a more collective NIC isn’t solely an agency problem. We also need ministers to buy in, providing incentive structures for agency leaders to prioritise community where appropriate. That includes more community-focused processes for decision-making. It also includes re-examining measures like JCF and ICIP, but funded as envisaged in 2017, and moving away from innovation-killers like the budgetary efficiency dividend.

ONI can also lead broader reforms, changing cultural and organisational incentives and disincentives for interagency service, encouraging more informed support to the NIC from the Department of Finance and others, and adaptive security approaches (that is, with focus on net result). The latter should be free of Monday morning experts appearing when future security problems are encountered, as they will—with or without adopting cloud computing.

A note of caution. The new assertion of leadership by ONI can’t be exclusionary. ONI can’t say ‘my way or the highway.’ In fact, it will be vital to avoid a potential pothole of cloud-related (operational) costs distorting existing budgets, especially for agencies that are already transforming business models through decade-long programs: ASIO ($1.3 billion), ASD’s Project REDSPICE ($9.9 billion) and the ‘modernisation’ of the Australian Secret Intelligence Service ($1.58 billion). That would be a surefire way of cruelling the case for future collective action.