Corporate Plan 2018–19

Download ASD Corporate Plan 2018–19 (PDF)

Table of contents

Director-General's introduction

It is my pleasure to present the Australian Signals Directorate (ASD) Corporate Plan 2018–19 (PDF). It is ASD’s first Corporate Plan as a statutory agency, which covers the period 2018–19 to 2021–22, as required under paragraph 35(1)(b) of the Public Governance, Performance and Accountability Act 2013.

In July 2017, the Australian Government agreed with the recommendation of the 2017 Independent Intelligence Review (the Review) that ASD become a statutory agency within the Defence Portfolio, given its increased national responsibilities, especially in relation to cyber security and the critical operational capabilities that ASD provides to the Australian Defence Force (ADF). The Review also recommended that ASD’s legislative mandate be amended to explicitly recognise its national responsibilities for cyber security, including the provision of advice and assistance to businesses and the community, and that it take formal responsibility for the Australian Cyber Security Centre (ACSC).

On 1 July 2018, following the passage of the enabling legislation through Parliament on 28 March 2018, ASD became a statutory agency. This is the most significant change to the organisation since the Defence Signals Bureau was established seventy-one years ago, in the aftermath of the Second World War.

ASD’s functions today are to:

The focus of these new functions on cyber security will not distract from ASD’s mission to support ADF operations globally and in the Indo-Pacific. The pace of technological change and the introduction of 5th-generation weapons systems in our region necessitate ASD’s support to military operations. This support comprises in-theatre operational effects, enhanced situational awareness and critical technical counter-measures.

The threat of terrorism will continue to present a major security threat globally and in our region. ASD will remain integral to Australia’s counter-terrorism response, delivering technological expertise and insight for the national security community to identify and disrupt terrorist threats – especially as they are being increasingly organised on the internet.

Faced with such complex strategic threats, ASD will place a premium on nurturing strong partnerships with the Australian national security community, its overseas intelligence partners, academia and industry. While these partnerships have always been important to ASD, the strategic environment’s complexity and rate of change demand closer integration and collaboration. In line with this direction, ASD will actively assist the soon to be formed Office of National Intelligence (ONI) by collaborating on implementing the Review’s recommendations for managing the National Intelligence Community as a genuinely national enterprise.

As recognised in the Review, recruiting and retaining specialist staff has become increasingly difficult due to the private sector competing for the talent ASD needs. ASD will therefore use its transition to a statutory agency as a chance to design new career pathways and employment opportunities that better reflect the kind of work that ASD does, so that it can better recruit, retain, train and develop its specialist staff. By harnessing a uniquely skilled workforce, empowered by partner agencies and innovative technology, ASD is best placed to master technology and its application. This will allow ASD to efficiently deliver unique intelligence, leading cyber security advice and assistance, and effects at scale in support of military operations and in countering terrorism and offshore cyber-enabled crime.

With such an historic change occurring, this Corporate Plan provides a new opportunity for ASD to articulate its purpose and set a baseline for how we will measure success against that purpose.

I am committed to leading an ASD that performs effectively and meets the expectations the Australian Government, industry and community set for us. Meeting and exceeding those expectations is vital in assuring our stakeholders that their trust in us is not misplaced. ASD’s strengthened and new corporate functions, which are being introduced, will be integral to this reassurance. Our corporate functions will enable us to achieve the highest standards of governance, performance and accountability, and demonstrate those achievements to the Australian Government, industry and community.

As ASD’s inaugural Director-General, I look forward to leading ASD into this next chapter of its history. While there will remain challenges ahead, I am confident that ASD, working closely with our partners, will continue to defend Australia from global threats and advance Australia’s national interests.

 
Mike Burgess
Director-General ASD

⇑ Back to top

ASD's purpose

ASD’s purpose is to defend Australia against global threats and advance our national interests through the provision of foreign signals intelligence, cyber security and offensive cyber operations as directed by the Australian Government.

In order to do this, ASD masters technology and its application to inform (signals intelligence), protect (cyber security) and disrupt (offensive cyber operations).

Our strategic objectives are to:

ASD’s commitment to legality and propriety

ASD is committed to fulfilling its purpose in accordance with the law. This is reflected in our values to be meticulous in execution, always acting legally and ethically, and being accountable to the public through government for everything we do. ASD recognises that its signals intelligence capabilities are uniquely intrusive, and its offensive cyber operations even more so. That is why maintaining the Australian Government’s and the Australian public’s trust, by demonstrating that ASD operates legally and with propriety, is of the utmost importance to ASD.

Demonstrating legality and propriety is the role of ASD’s comprehensive oversight and accountability framework – where legislative, ministerial, parliamentary and independent oversight elements complement each other to provide extensive assurance that ASD will continue to meet this commitment.

⇑ Back to top

ASD values

  1. We make a difference
    • We give our customers the critical edge
    • Our output affects operations and policy
    • Our products are unique
  2. We strive for excellence
    • We seek and foster talent
    • We are world class
    • We are committed and enthusiastic
    • We are flexible and responsive
  3. We belong to a great team
    • We succeed through teamwork
    • We recognise others’ inputs
    • We support and care about each other
    • We all contribute
  4. We are audacious in concept
    • We operate in the slim area between the difficult and the impossible
  5. We are meticulous in execution
    • We always act legally and ethically
    • We are accountable to the public through government for everything we do
    • We manage risk effectively

As of 1 July 2018, ASD employees are no longer Australian Public Servants, but importantly we will continue to uphold the principles of the Australian Public Service Values.

⇑ Back to top

ASD's organisational chart

⇑ Back to top

Operating environment

As part of our new enabling legislation, ASD received three new functions: to provide cyber security advice and assistance to businesses and individuals, to prevent and disrupt offshore cyber-enabled crime and to protect the specialised tools ASD uses to fulfil its functions.

These new functions will help ASD address the increasing rate and sophistication of cyber threats that challenge Australia’s national interests. The integration of the Australian Cyber Security Centre into ASD will also assist ASD to respond effectively and at scale to Australia’s increasingly threatening cyber security environment.

The focus of these new functions on cyber security will not distract from ASD’s mission to support ADF operations globally and in the Indo-Pacific. The pace of technological change and the introduction of 5th-generation weapons systems in our region necessitate ASD’s support to military operations. This support is comprised of in-theatre operational effects, enhanced situational awareness and critical technical counter-measures.

The threat of terrorism will continue to present a major security threat globally and in our region for the foreseeable future. ASD will remain integral to Australia’s counter-terrorism response, delivering technological expertise and insight for the national security community to identify and disrupt terrorist threats – especially as they are being increasingly organised on the internet.

Faced with such a complex strategic environment, ASD will place a premium on nurturing strong partnerships with the Australian national security community, its overseas intelligence partners, academia and industry. While these partnerships have always been important to ASD, the strategic environment’s complexity and rate of change demand closer integration and collaboration. In line with this direction, ASD will actively assist the soon-to-be-formed Office of National Intelligence by collaborating on implementing the Review’s recommendations for managing the National Intelligence Community as a genuinely national enterprise.

As recognised in the Review, recruiting and retaining specialist staff has become increasingly difficult due to the private sector competing for the talent ASD needs. ASD will therefore use its transition to a statutory agency as a chance to design new career pathways and employment opportunities that better reflect the kind of work that ASD does, so that it can better recruit, retain, train and develop its specialist staff. By harnessing a uniquely skilled workforce, empowered by partner agencies and innovative technology, ASD is best placed to master technology and its application. This will allow ASD to efficiently deliver unique intelligence, leading cyber security advice and assistance, and effects at scale in support of military operations and in countering terrorism and offshore cyber-enabled crime.

⇑ Back to top

Performance

  Foreign signals intelligence Cyber security Offensive cyber operations
Activity Provide foreign signals intelligence. Provide cyber security services. Conduct offensive cyber operations.
Measure Our intelligence informs strategic, operational and tactical decision-making. Our cyber security services prevent, detect and remediate cyber threats to Australia. Our offensive cyber operations deliver real world impact, including providing advantage to military operations.
Benefit Enhance Australia’s prosperity and security by delivering strategic and tactical advantage. Improve cyber security and resilience across Australia. Disrupt threats to Australia’s national interests.

Target for activities

Our stakeholders value our unique and timely insights that enable their missions.

⇑ Back to top

Capability

ASD’s capabilities are the means by which we meet our three mission objectives: to provide foreign signals intelligence, cyber security and offensive cyber operations, as set out in our purpose. As a newly independent statutory agency we have the opportunity to define how we measure success for ASD’s capabilities going forward. As such, there are five key capabilities ASD will focus on strengthening over the course of this plan:

People and culture

As the Review noted, ASD experienced a net reduction in its workforce over recent years. We are now, however, on the path to regrowing our workforce capability. The 2016 Defence White Paper and the 2016 Cyber Security Strategy also provided significant resources to address this reduction and meet new outcomes directed by government. To effectively implement staffing increases, ASD will create a Corporate Division to include human resources, finance and governance functions. This division will implement a strategic workforce plan, a diversity and inclusion strategy and an enterprise-wide learning and development plan to ensure ASD has the right people, at the right time and with the right skills.

These plans form part of ASD’s broader cultural change program. We are implementing this cultural change program to make ASD the type of organisation that people aspire to join, and to foster a culture of excellence and inclusion in ASD. This program is key to ensuring the smooth integration of the new elements of ASD’s workforce, especially those joining the Australian Cyber Security Centre.

Technology

As noted in our operating environment assessment, the pace of technological change is increasing. That makes our technology capability, composed of the systems we need to achieve our purpose, fundamentally dependent on our external environment. This extends across the systems we collect intelligence from, the systems we protect information on, and the systems that our workforce requires.

Rapid technological change makes imposing long-term strategies and plans over a four-year horizon less optimal for our technology capability. Instead, our adaptive posture must enable agile decision-making, so we can consciously pivot into new and upcoming technologies as the enterprise requirement arises.

Tradecraft

Our tradecraft must evolve to remain cutting edge. Our tradecraft is our intellectual edge and is intrinsically linked with having the right skills in our people capability, and having the right tools in our technology capability.

ASD operates in the slim area between the difficult and the impossible. In order to evolve, ASD will develop a learning and development strategy that enables innovative tradecraft – keeping ASD at the cutting edge.

Partnerships

Our partnerships capability enables ASD to fulfil our purpose by leveraging complementary competencies with partners to achieve common goals.

The integration of the Australian Cyber Security Centre into ASD is an opportunity to re-cast how we see relationships with partners. ASD will seize this opportunity by implementing a stakeholder engagement review, aimed at maturing our relationships, particularly with industry and academia.

Within government, ASD prioritises our highly interactive and mutually beneficial relationship with the Department of Defence. Support to military operations has historically been a core mission for ASD, and it will remain so. Across the national intelligence enterprise ASD will collaborate on achieving common purposes, including with the recently-established Department of Home Affairs and soon-to-be-formed Office of National Intelligence.

Collaboration with international partner agencies is integral to ASD’s success. ASD’s international partnerships are essential in facilitating and extending our enterprise capabilities in support of government priorities. ASD will continue to foster our important relationships, working closely with other governments’ departments and agencies – in accordance with Australia’s whole-of-government strategic approach.

Governance and risk

ASD has a long history of striving for excellence in our operational areas. We understand that our new statutory agency status requires us to strengthen existing, and build new, enterprise-level governance and risk management arrangements in order to function effectively, efficiently and appropriately as a statutory agency. Consequently, our business reform strategy over the period of this plan will focus on establishing sound and consistent governance and risk management practices that enhance operational performance and meet our obligations under the Public Governance, Performance and Accountability Act 2013. ASD will also need to meet new governance requirements under the enhanced Commonwealth performance framework.

⇑ Back to top

Risk oversight and management

To respond to current challenges and make the most of opportunities, ASD needs to engage actively with risk. In June 2018, ASD established the Audit and Risk Committee (ASDARC) as a business improvement and assurance tool that meets the requirements of section 45 of the Public Governance, Performance and Accountability Act 2013. The ASDARC will be an integral part of improving ASD’s enterprise-level risk management and will provide independent advice on risk management directly to the Director-General of ASD.

The ASDARC will work in concert with ASD’s Office of Audit and Risk, which was recently stood up. Together, the ASDARC and Office of Audit and Risk will enable ASD to achieve the highest standards of governance, performance and accountability in the fulfilment of our purpose.

ASD’s Executive Committee is the primary committee that supports the Director-General in the governance of ASD. In accordance with the Commonwealth Risk Management Policy 2014, Director-General ASD appointed the following accountable officers for managing risk across five domains:

The table below shows ASD Enterprise Committees and associated risk owners for risk policy domains.

Director-General
Executive Committee (DG)
ASD Enterprise Committees (Chairs)
*ASD Audit and Risk Committee (External) Management Review Committee (DG/PDDG) Enterprise Performance Committee (PDDG) People Committee (DDGCC) Finance Committee (DDGCC) Data, Technology and Infrastructure Committee (DDGCC)
Enterprise Risk Owner
Security, Integrity and Reputation (DG) Enterprise Performance (PDDG) People (DDGCC) Finance (DDGCC) Data, Technology and Infrastructure (DDGCC)

* According to Public Governance, Performance and Accountability Act 2013 requirements, the Audit and Risk Committee will report directly to the Director-General as ASD’s accountable authority.

 
ASD has also implemented a Risk Management Policy and Framework that is compliant with the international standard, ISO 31000: 2018 Risk Management Guidelines. It sets out our approach to risk management and addresses risk appetite, tolerance, culture and assigns accountabilities and responsibilities. In 2018–19, ASD will take significant steps to strengthen its governance and reporting arrangements on key risks. The Enterprise Risk Management Team, within the Office of Audit and Risk, will support ASD staff to enhance risk management capabilities through facilitating training, developing a Critical Risks List and developing ASD’s Risk Management Guidelines.

⇑ Back to top