Whenever there are heightened tensions between nations, foreign intelligence agencies come under pressure to ramp up their collection and foreign interference activities. Burgess notes that in Australia the main espionage target areas are trade, defence and intelligence.

Our international trade has become a more critical issue in the past year and I am aware of trade negotiations being conducted where the other party seems to have prior knowledge of our bottom line. This is costly for Australia unless we have provided our team with similar information.

We all know that since last year we have been in a more adversarial relationship with China. This is due to inept diplomacy over the source of the pandemic and our politicians exaggerating the military threat from China to distract from their inaction on, or mishandling of, other issues.

ASIO reports that targeted individuals are primarily current and former politicians and those who have, or have recently held, security clearances. Australians in general have a low opinion of the morals of our politicians and will be unsurprised that some are receptive to bribery and external influence. This is not new. For many years China has paid select well-connected Australians generous consultancy payments to better understand and influence our political and bureaucratic processes.

China has a substantial intelligence collection activity in Australia and among other things will be on the lookout for bureaucrats who are accessible and vulnerable. Not specifically mentioned among ASIO’s concerns is people in sensitive positions who could be pressured to provide information because of their ethnicity. Beijing, in particular, is adept at using the threat of pressure on relatives in China as a means of obtaining information from people of Chinese background.

Security vetting agencies are limited in what they can do to prevent people of any ethnic background from obtaining high-level security clearances if they are Australian citizens and have sufficient checkable background. In my view, high-level security access and dual citizenship (except for Five Eyes countries) should be incompatible.

In 2020-21, ASIO completed 39,320 personnel security assessments. More than 150 personal security briefings were completed, presumably for those assessed to be most vulnerable. ASIO also provided a number of (unspecified but probably few) adverse and qualified personnel security assessments that effectively limit a person’s security access. We should in any case be tightening access to top secret and compartmented information.

We know from experience there is also an ongoing potential security threat from within our own workforce that may or may not be related to external pressure. Workers can become disaffected for a variety of reasons; the indicators are well known to sec­urity officers and those paid to cultivate informants. It helps if co-workers report colleagues of concern, but it’s often considered un-Australian to do so.

One of the foreign interference concerns expressed in the ASIO report is the potential for adversaries to pre-position malware into critical infrastructure and networks. The critical infrastructure bill just introduced into parliament (with bipartisan support) provides the Australian Signals Directorate with greater powers to protect critical infrastructure, including requiring businesses to report ransomware attacks.

ASD wants businesses to make their networks more secure from attack, but businesses are in a difficult position once they’ve been successfully attacked. It’s usually a lot costlier for them to involve government than to pay a ransom quickly and get back to work. New powers to act against ransomware perpetrators will be ineffective if they are operating outside the Australian jurisdiction; the most competent ransomware attackers are based in eastern Europe.

ASIO also mentions use of less intrusive tracking devices. It’s difficult for us to manage without a smartphone because of Covid check-in requirements and phone-based payments, which means a person’s activities can be monitored remotely more effectively. In future, unless you are elderly or have a mental disability, not having a smartphone could raise suspicions about your reasons for not having one; having an untraceable phone even more so.

ASIO’s projected budget is $1.25bn across the next 10 years. It has 1921 full and part-time staff. When is enough security enough? It’s not possible to eliminate espionage, foreign interference or terrorism, so governments have to decide what level of malicious activity can be tolerated.

ASIO will continue to prioritise the prevention of religiously and ideologically motivated lone actor terrorist attacks causing loss of life, but safeguarding national security (often defined as the wellbeing of the nation) will be a growing challenge, particularly given adverse changes in our social and international environments.

Clive Williams is a campus visitor at the Australian National University’s Centre for Military and Security Law and a visiting fellow at the ANU’s Strategic and Defence Studies Centre. He is a former director of security intelligence in Defence.