10th Australian Institute of Professional Intelligence Officers (AIPIO)
November 2001, Queensland, Australia
Review by Vernon Stagg
March 17, 2002
vstagg@deakin.edu.au
The Australian Institute of Professional Intelligence Officers held its tenth conference in November 2001 at the ANA Hotel on the Gold Coast, Queensland. The theme of the conference was "
e-intelligence: New challenges and solutions". There was a common theme of cooperation, integration, sharing, and awareness running throughout the presentations, and the spectre of the September 11 attacks fresh on everyone's mind.
Ian Wing, President of AIPIO and Lieutenant Colonel in the Australian Army, presided over the conference and presented the welcoming ceremony for delegates. He discussed the role of AIPIO, its inception in 1990, and its role in the promotion of intelligence professionals throughout Australia.
Day One
Alfred Rolington, Group Managing Director of Jane's Information Group was the keynote speaker for Day One. He spoke of the problems of information overload, the difference between analysis and policy, and the growth of technology and globalisation, particularly as transnational threats move to a "network function". When producing information, we need to be aware of customer's expectations, the differences between conspiracy and bias, and secrecy versus open source. In dealing with open source, we need to appreciate its many different forms: contextual, factual, opinion, and bias. In closing, Alfred discussed the restructuring of Jane's services with a focus on these issues, to produce an enhanced information product.
Grant Wardlaw, Director of the Australian Bureau of Criminal Intelligence, lead the first plenary session. He spoke of the importance of reporting incidents, and the possession of unique technical knowledge within the private sector. There is a growing need for cooperation and collaboration between intelligence agencies and the private sector, as well as new approaches to security and information-related product development. In this new e-environment there are new concepts of jurisdiction, new/no boundaries, and the end of the territorial state. He discussed the growing issue of responsibility and the impact/effect a crime can have on a nation/state's economy. To enable better cooperation he suggested starting off with a small element (eg. fraud), establishing a network, and then expanding from there.
Allan McDonald, Business Development Manager for the Distillery, spoke next. His focus was an integrated approach to systems and information gathering and analysis. Citing a Victorian Police case study, he discussed the shift from early information collection/collation efforts to stand-alone PC-based intelligent databases to state wide integrated investigation systems. Some of the drivers and enablers for this change are: wider acceptance and understanding of the benefits of intelligence; cross training of investigators in intelligence; intelligence professionals becoming technologically literate; use of data clustering to improve information stored; the need to increase functionality in investigation and intelligence systems.
Graeme Clark, Deputy Commandant of the Defence Intelligence Training Centre (DintTC), discussed developments in defence intelligence training. He began with a history of defence intelligence training and education: its stove-piped approach, duplication of efforts, and general dissatisfaction within the intelligence community. Following the Baker review of 1990 there was a restructuring and development of core competencies, career development, training, and education, which saw the establishment of the DintTC. Competencies were clearly defined, training philosophies restructured, and a focus on issues such as: general-to-specific, adult, continuing development, principles, technology, and analysis. Validation of methods from reporting to assessment stages has improved all source fusions, and increased productivity and multiple skills.
Peter Ford, First Assistant Secretary of the Australian Attorney-General's Department, looked at unique policy problems relating to intelligence. Issues include determining whether a problem is security or privacy related, regulation, and development of public policy. There is also the need to consider the global nature of attacks and threats, differentiation of threats, and who is responsible for protection/prevention. Looking at the National and Critical Information Infrastructures, he remarked that the strengths of these systems are their weaknesses. Citing a recent OECD workshop, he pointed out the need for mechanisms for sharing information on incidents, threats, and systems failure, the establishment of security professional networks, and training. He finished with details of an Australian government and business task force that has been set up to develop measures to protect information systems, and the roles expected of each other.
Alex Gibbs, Wing Commander RAAF, and Fiona Peacock, psychologist at the Department of Defence, lead a presentation on Information Operations (IO). They looked at the gradual inclusion of information into military doctrine/strategy, and its close links to intelligence. Referring to the Knowledge Edge concept, they showed that IO is another targeting option, it is critical if the information is critical, and the importance of the National Information Infrastructure. They pointed out that eWarfare is a means, not an enabler, that technology is the enabler and we are still reliant on humans. eIntel is considered a tool, not a solution: it supports overall system survivability, facilitates decision making, and without security efforts we will remain reactive not proactive.
Glenn Phelps, Manager GSK Australia, discussed Competitive Intelligence (CI) and its capabilities. He began by describing what CI is not: market research or vice versa, nor a function of marketing. Everyone is considered a CI practitioner in his or her own right, and tacit knowledge is an asset. He discussed the need for reporting and delivery, and the design or war room scenarios. A model of CI was presented consisting of inputs: media, Internet, rumours; processes: analysis, inputs from internal databases; and output: reports, summaries.
John Geurts, Group Security Head at the Commonwealth Bank, presented a talk on security as a business enabler. He started with a look at the Bank for International Settlements Basel Committee and how, in 1988, they made operational risk part of the capital buffer related to credit risk. Operational risk was seen as identifying important/strategic elements, such as when a bank deals with the telecommunications sector to make sure that these communication providers also have operational risk procedures (elements such as fraud, armed robbery, kidnap, business continuity, etc.). He indicated the main electronic threat faced is not from hackers, but from credit card theft and identity theft. Strategies in place to deal with this include open source information, shared intelligence, advanced rules-based and neural network detection systems, environment scans, and risk assessments with product developers.
Day One finished off with two workshops, one by Steven Longford, Director at The Distillery, on the use of behavioural intelligence as an assessment tool. The other workshop was by Terry-Anne O'Neill, Attorney-General's Department, on developing professional pathways in intelligence.
Day Two
The keynote speaker for Day Two was Shane Carmody, Department of Defence. He began by emphasising the need to utilise the e-environment or risk losing the game. There is a need to derive intelligence from various sources using a model of direction, collection, process, and analysis. The emergence of user empowering technologies represents a new paradigm, not just a shift from mainframe to PC, new WAN's, high technology, etc. He indicated how e-intelligence has improved processes, parallel actions, and decision cycles, but cautioned to be aware of what information means and act accordingly.
Richard Lloyd Jones, Principal of Lloyd Jones Consulting, spoke of the impact of globalisation on intelligence activities. The organisational impact was felt across numerous sectors including: commercial (global markets), law enforcement (international crime), security (terrorism), and the military (asymmetric warfare). Technological challenges include: system flexibility - internationalisation, interoperability, and cooperation; decision enhancement - collection and document volume reduction, pattern recognition, and environmental understanding. He spoke of how new technologies allow for standardisation of data (eg. XML), as well as new means of attaining ends.
Graham Whyte, Australian Tax Office, presented a number of case studies in e-intelligence. The first study related to the FSM Knowledge Exchange website. It is available to various governments and deals with tax laws, rules, etc. and focuses on tax avoidance. The second study dealt with offshore tax promoters and open source issues. The third study looked at high wealth individuals and the creation of a task force to deal with this group. The last case study related to e-intelligence analytical tools used to identify tax schemes through the use of the tax return database.
Lorraine Van der Weide, SAS Institute, discussed the benefits of the SAS Intelligence Layer product. She highlighted the need for organisations to consider their information architecture, understand customers through data mining, and the importance of customer relationship management.
Geoff Rothfield, Senior Analyst Office of Strategic Crime Assessments, looked at law enforcement implications of new technologies. There is an expected slowdown in technology over the next five years with technology consolidating in its existing form. There will be a shift in the Information and Communications sector in business reengineering, reprioritising of resources, enhanced mobile functionality, and increased data transmission capacity. There will be the emergence of new technologies such as biotechnology and nanotechnology. There will also be the integration of technology to address risks and maximise benefits in law enforcement agencies.
Jeff Penrose, Australian Federal Police, discussed the AFP's intelligence processes. He highlighted the aspects of a new criminal environment and their use of intelligence, global alliances, and new technologies. The AFP is being intelligence led with four objectives: identify and develop high value criminal targets; determine and formulate operational priorities and strategies; support corporate policy and planning processes; and provide assistance to Government and law enforcement partners.
Jonathan Mobbs, CEO Crimtrac Agency, presented an overview of his agency, and the electronic law enforcement technologies in use there.
Steven James, CEO ITAC Security, gave an entertaining presentation on hacker intelligence. He looked at the hacker culture and the rise through the ranks of lamer to elite. Following a review of various hacker groups, people, and exploits he presented a hack attack framework. This framework consisted of a number of steps being 1: Select target. 2: Identify information, components, and active ports. 3: Cross-reference and run exploits. 4: Compromise. 5: Extend levels of access, leave backdoor/s, and manipulate audit trails. He went on to point out that business needs must drive security agendas, and that security should enable not hinder.
Steve Tregarthen, Senior Manager KPMG, discussed the issue of Corporate Intelligence which he defined as "the collection and analysis of public information that has strategic value". Corporations need to be aware of who they are dealing with, and the associated risks and threats (not just in the traditional way either, eg. is Company X harmful to the environment?). He went on to list a number of open source channels available for finding information about individuals, including global newspaper databases, credit background checks, criminal records, personal assets, and company and directorship information. He also detailed the necessity of understanding the different ways and means for obtaining information in different countries.
One of the workshops for Day Two was held by Jason Brown, Director General of Safety, Compensation and People Development, and focused on a "Code of Ethics" for the intelligence profession. Brett Peppler, Intelligent Futures, held the other workshop, dealing with knowledge mapping.