In this blog, Matt Rossiter, Director of Tradecraft, calls on his intelligence experience to explore the AUKUS pact and the importance of initial assessments & continuous evaluation for effective security clearance management.
The AUKUS pact has been big news in Defense circles. Touted as the single most significant Defense investment in Australia’s history, the delivery of a nuclear submarine capability sends a strong message to other nation-states seeking to undermine and influence regional stability “Down Under” that – at least from a military standpoint – it won’t come easy.
Protecting AUKUS with Stringent Intelligence Processes
As the AUKUS partners move deeper into planning, and delivering this new capability, it’s worth pausing to reflect that national and regional security are about more than advanced stand-off weaponry to make an adversary think twice. So much of the success of AUKUS will come down to how the partners can protect these new capabilities and the technology shared between the three nations. Particularly for Australia, paramount is maintaining trust to handle what will be a new level of sensitive information the nation has not been exposed to before.
Like the AUKUS partners, the intelligence-gathering abilities of those adversarial states that seek to undermine this security pact are considerable – entrenched, capable, and highly persistent. These nations fully understand the need to maintain an intelligence edge as the force multiplier to their conventional use of force. Getting the intelligence picture wrong can expose your conventional forces to disastrous consequences. This is something Russia has learned the hard way in Ukraine. One of the key lessons analysts at the RUSI highlight in their preliminary piece on Russia’s apparent failure in Ukraine, is that the human intelligence (HUMINT) network Russia spent so many years building to support, then facilitate the invasion lacked the depth, breadth and, once the tanks started rolling, the motivation to lay the path needed for their conventional forces to overrun and control Kyiv.
Read more about Russian Military Applications – request our Case Study:
OSINT For Military Applications: Russia & Ukraine
The Russia/Ukraine example is instructive in discussions around the AUKUS pact. As much as the Russian human source network in Ukraine proved ineffective for a lightning invasion, its sheer size and the dizzying heights reached in the “turning” of Ukrainian Government officials – who had the highest levels of security clearances and access to critical information – is certainly sobering.
Russia’s tactics are a modern example of unconventional operations, where the foundations are laid years – possibly decades – in advance, and AUKUS nations should expect these sorts of long-game tactics to test the strength of the partnership.
Continuous Evaluation for AUKUS
To steel against the threat of intelligence-capable adversarial nation-states seeking to test the AUKUS partnership, each nation must continue investing in systems to ensure those charged with handling the most sensitive capabilities operate at the highest level of trust. While the partners already maintain sophisticated due diligence processes for security clearances, the assessment of a person’s suitability to handle classified information should be undertaken across three phases of a security assessment lifecycle:
- During the initial security assessment to determine suitability to access classified information,
- Continuous evaluation of a person’s suitability for the life of that security clearance, and
- Into periods of aftercare.
This last phase is perhaps not as prominent as it should be. Each AUKUS country has a version of the Official Secrets Act that effectively binds a security clearance holder for life.
read our Mitigating Insider Threat with Continuous Evaluation White Paper
STRENGTH IN THE SECURITY CLEARANCE PROCESS
Recent cases like former Marine Corp pilot Daniel Duggan’s pending extradition from Australia to face US charges of training Chinese military fliers highlight that while so much focus is necessarily on the first two phases of a security clearance (where a person has ongoing access to classified information), the knowledge a clearance holder retains in the aftercare phase can still do significant damage.
The significance of the aftercare phase in no way diminishes the importance of the first two phases. A case in point is Jack Teixeira. The 21-year-old, social media savvy, US Air National Guardsman and Top-Secret clearance holder is accused of posting highly classified documents to the social media platform Discord. What is reported to have started as leaks to a public Discord chatroom back in February 2022, escalated significantly in 2023 with leaks of highly classified documents focussed on the Ukraine conflict, ostensibly to impress a group of fellow gamers. Teixeira’s intent may have been trifling, but the damage is very, very real.
Due diligence systems for security clearance holders should check as many sources as practical. Current processes are often selective, with checks of financial and criminal offence databases, reporting of suspicious or unsuitable behaviours, and interviews with clearance holders and their close friends. This effectively ignores the online element of a person’s life, so critical to properly assess clearance holders who are digital natives. This potentially explains why Teixeira’s activity was apparently missed.
AUKUS nations need to consider carefully questions of how to protect our capability edge. Each country enjoys a special position of trust within the partnership for which strong due diligence for personnel security is key. The challenge now is to set up the systems to ensure that trust is maintained. The converse is more unnerving. Where we fail to observe any cracks to AUKUS security systems – especially nuclear ones – our adversaries are sure to see them.
