Defence IT outsourcing 'threatens national security'

By Shelly Simonds

Government plans to contract out information technology (IT) services could compromise national security, a defence expert at the ANU has warned.

In April, the government said it would put out to tender Commonwealth IT infrastructure, including computer mainframes and desktop equipment, in a bid to improve cost efficiency.

But Dr Adam Cobb, a research fellow in the ANU's Strategic and Defence Studies Centre, RSPAS, has warned that not enough is known about information vulnerabilities in the Department of Defence and other government departments.

"I think the government still has to make a case that defence capability will not be impaired by outsourcing," he said.

Concerns over national security have also been raised within government. The National Security Sub-Committee of cabinet is examining Australia's vulnerability to information attack.

Possible defence weaknesses include use of the Internet to generate misinformation during war; foreign software developers leaking valuable information about military capabilities; and hackers breaking into government computer systems to gain intelligence for extortion or espionage.

Computer systems in the private and public sector are equally vulnerable to attacks by hackers. However, Dr Cobb argues the government has a difficult enough time defending complicated and dispersed computer networks against attack, without the added complication of outsourcing.

Recognising that information is vital to all aspects of defence, the 1997 Defence Efficiency Review called for a single, centralised IT organisation for the department.

"Outsourcing would increase the decentralisation of information management at a time when a more centralised strategy is badly needed," said Dr Cobb.

Outsourcing has already raised some fundamental questions in the Department of Defence. A department source said the military recently outsourced the development of defence software to Israel. Israel in turn outsourced the development of some components to China.

Dr Cobb said the Department of Defence believes strongly that information must be centralised and kept in-house with strict controls, and questions why the same logic would not apply to other areas of government.

"Those in government in favour of outsourcing often claim that it happens successfully in the private sector. But you can be sure that banks don't outsource core IT services; they have too much to lose," he said. "So do many government departments."

Computer systems in government departments handle an array of sensitive information, from tax returns and medical records to social security payments.

Dr Cobb said the 1988 Privacy Act has no provision for outsourced information and privacy issues would be handled in private contracts between the Government and the company.

However, a spokesman for the Minister for Finance, John Fahey, said the Government was in the process of fine-tuning strict contractual conditions for outsourcing to ensure national security was not put at risk.

He said legislation would be introduced to amend the Privacy Act to cover outsourcing and international companies with IT contracts would be required to process data in Australia.