The Australian Signals Directorate, which watches over the Australia’s telecommunications, electronic data networks and external radio monitoring activity, is making an urgent drive to upgrade the nation’s defences against cyber warfare attacks on key data and internet assets.
The ASD provides ICT services and capability for itself and its two partners in the Defence Intelligence Agencies, the Defence Intelligence Organisation (which does all-source intelligence analysis) and the Australian Geospatial Organisation. It also offers information security advice to other government agencies.
Since 2009, ASD has complemented its in-house IT skills with private sector talent on a Technical Support Services panel brought in for specific assignments inside intelligence facilities in Canberra as required.
However, with more than 30 private IT firms involved, the panel is in need of a serious overhaul to reduce the number of entities, improve the security management of highly skilled IT virtuosos, and ensure that advanced level talent in short supply is most effectively deployed to high priority tasks.
About half the firms on the existing panel have either dropped out altogether or are down to one or two personnel members, creating a fragmented workforce that is problematic to track or allocate effectively.
With the increasing emphasis on boosting cyber security, the current ASD pool of about 250 skilled outside professionals needs to be augmented to something more like 400 members – this, mind you, in an overall setting where there is a country-wide shortage of proficient, knowledgeable IT practitioners.
The seriousness of the current problems is underlined by the fact that before issuing a tender for a new Technical Support Services panel, ASD has released a pre-tender issues paper that spells out in detail its problems and frustrations with the earlier arrangements.
“It has become apparent that having over 30 panel members is not desirable from a management perspective, particularly as less than half of the existing panel members bring significant resource depth and capacity to the 2009 TSS panel,” the pre-tender issues paper commented bluntly.
In a request for preliminary response, open until April 29, ASD is looking to cut the number of firms involved to around 10. The hope is each will have a larger individual workforce to be more gainfully employed with high productivity and effective task allocation and coordination.
There will be less attempt to micro-manage. For the 2009 exercise for capability development within the then Intelligence & Security (I&S) group there was a nominated spread of skill sets, sorted into three categories. These were technical services; project management, administration and support; and technical documentation, graphical design and training.
The problem area was fragmentation of technical services. The agency specified requirements as separate skill areas definition and business process mapping, architecture and infrastructure services for information technology, database development, management administration and system support, and web design and maintenance.
To this add the usual software development, integration, implementation and maintenance with their necessary software testing. Reflecting the wireless-interception antecedents of ASD, the catalogue was rounded out with radio frequency systems design and development, and communications systems and network installation.
Within three years it became clear that having multiple sub-categories of nominated skills made workforce disposition too restrictive and onerous from a management perspective.
With the concurrence of all the 2009 panel members, it was decided to collapse all the skill set sub-streams and allow panel members to respond to any assignment they felt up to.
“The benefit of this change was that requirements could be released to a single distribution list and it was not necessary to track organisation membership against sub-categories,” the pre-tender issues paper stated.
“The new TSS panel will not make use of sub-categories for labour and panel members will be invited to respond to all requirements which are generally released.”
Based on its experience over the last seven years, ASD has some interesting thoughts on the relative strengths and shortcomings of large defence multinationals, contrasted with labour hire companies and owner-managed enterprises.
The big groups develop their personnel with good technical skills, and dedicated commercial management personnel. Disadvantages include high overheads and availability of personnel usually only from their existing workforce.
Labour hire companies are good at locating varying skill sets, are good administrators with lower corporate overheads and are lower cost. But they have fewer incentives to invest in ongoing welfare, training and development of personal, have limited reachback to the corporate knowledge found in a parent IT multinational, and may have minimal margin to manage security and complex service provider personnel management issues.
Owner-managers have sound understanding of security and are readily accessible, providing personnel at low margins, but have limited ability to locate new personnel.
Ideally, the ASD would like organisations that are good at finding service provider personnel with the right skill sets. They should appropriately manage and support their personnel and show a sound understanding of security requirements and management.The ASD is clearly anxious to get the new arrangement up and running as soon as possible. A formal, final request for tender is expected by the middle of the year.