pop-up content starts
pop-up content ends

News and media

​​Australian National University National Security College 10th Anniversary Conversation Series

13 October 2020​

Michael Pezzullo AO
Secretary, Department of Home Affairs

Security as a Positi​ve and Unifying Force


Security should not be conflated with fear and anxiety. I recognise that over the course of the past four decades, the sum of fears has expanded in the security realm. In the 1980s we feared nuclear annihilation.  After 9/11, it was the global threat of violent Islamist extremism, and the potential terrorist use of chemical, biological, radiological or nuclear weapons. In recent years, we have come to fear assaults from the natural world – extreme weather, climate change, and pandemics.

Fear and anxiety are not, however, security aids or tools. Security requires clear specification, the rational calculation of risk, and the purposeful enactment of measures taken in relation to defined problems. Of course, fear is a biosocial mechanism which is associated with our visceral responses of fight or flight in the face of sensed danger. At some deep level, anxiety too plays a role in vigilance and preparedness but the unease and alienation which is said to be located in human existence – at least according to thinkers such as Kierkegaard, Heidegger and Sartre – is not a force which is able to be mobilised in the security enterprise.

We have to think differently about ‘security’, as a concept and as an object of policy. In doing so, we need to leave some thinkers or at least some thinking behind. Take Hobbes. He was concerned with security against the attacker, whom we dread. In Leviathan (1651), we are presented with the “war of all against all”.  For Hobbes, while each of us is by right of nature the judge of what we must do to protect ourselves, the fear of death creates the basis for civil peace, under the authority of the Leviathan, to whom we cede the right to be the judge of what might threaten us.

There are other conceptions of security which should also be significantly reframed.  For Foucault, security ‘effects’ are instances of power which are exercised in order to subjugate populations and to discipline bodies, in a dialectic of master and slave (see especially his Lectures to the Collège de France, 1970-84). Foucault did not allow for the juridical establishment and protection of liberty, and for checks against power.  Rather than focusing on the supposedly oppressive structures of power in liberal democracies, scholars inspired by Foucault might one day turn their attention to the ‘disciplinary’ effects of the new surveillance technologies and practices which are today being deployed without juridical checks by authoritarian regimes.

In Schmitt’s more sinister conception, security is a signifier of a reserve force which is in the preserve of the Sovereign, who is able to decide the ‘State of Exception’, whereby norms and laws are suspended in the name of the Emergency.  Schmitt serves to remind us (even if only by our taking exception to his Exception) that all emergency forms of power should be constitutionally grounded, codified as far as is possible, and applied proportionately.    

Of course, thinking about security will continue to be necessarily concerned with concepts of power and the monopoly (or otherwise) of violence. If, for instance, a violent actor is located within a jurisdiction, security against that actor - as Hobbes suggested - is best located within a juridical framework of civil peace and laws, whereby the right to use force (except in instances of justifiable self-defence) is yielded to the State.  However, a view of security which is concerned exclusively with the administration of violence does not assist us to prepare for other dilemmas which might impinge on civil peace, such as a global pandemic, or a potentially catastrophic geomagnetic storm which could well occur on a scale which would render most electrified technologies inoperable. Who is the attacker in this latter instance – the Sun, Nature, or perhaps God Himself?

Of course at one level, security dilemmas reduce logically to human difference and alterity, whether one reads Hobbes, Foucault, Schmitt or Heidegger, or for that matter Hegel, Marx, Nietzsche or Derrida, to name a few of the relevant thinkers in the Western tradition.  In the absence of the transcendence of difference – that is to say, in the absence of a universal human society – difference, alterity, the division of ‘Self’ and ‘the Other’, the distinction of ‘citizen’ and ‘alien’, or (following Schmitt) ‘friend’ and ‘enemy’, will always present security dilemmas.  The very idea of ‘alien’ is entrenched in the Australian Constitution (at s51 [xix]), where we see an ancient word meaning ‘the other of two’, with an implication of ‘the Other’ being a stranger. The very idea of the Body Politic carries with it exclusionary features - with signifiers such as ‘sovereignty’, ‘jurisdiction’, ‘citizen’, ‘alien’, ‘territory’, ‘border’, ‘quarantine’ and ‘defence’.    

However, if we turn the security question around – with a focus on banding together, and the positive pooling of power and capacity by which to better deal with security dilemmas - then the first question to be asked is ‘what is being secured?’, as opposed to ‘against whom is it being secured?’. Or put another way: what is the ‘unit of security’?  Who is banding together, which capacities are being pooled, and to what extent?  We should take banding together to be a function of the building of common purpose and community, and the marshalling of material and economic resources to this end, a sub-end of which is the achievement of greater levels of protection. On this view, greater agency is exercised by the population at large, whereby the State becomes less a Leviathan and more a platform for unified purpose.

At this stage of human evolution it is empirically evident that the nation-state is the elemental ‘unit of security’, insofar as nation-states are sovereign actors within their juridical boundaries (meaning both legal jurisdiction and territorial limits), and they in turn form an international society which has an anarchical quality, in the sense meant by Hedley Bull (1977).  For the purposes of this lecture I will only touch on the security dilemmas of international society and the resultant implications for statecraft and diplomacy. The ‘unit of security’ creates juridical space for human difference, which is mediated and moderated by internal politico-legal constraints and norms – as evidenced by the security of property.

Having established the ‘unit of security’, we then have to ask ourselves how to conceive of and value security?  Unless we assume that it is a universal, free-standing good which everyone needs in the same way, and to the same degree, that it is independent of beliefs, other values and interests, and that its practice entails no disagreement – which would be absurd, given differing ideologies and interests within a society, and the requirement to allocate resources in priority order to all goods – then we need to establish a means of calculating the value of security, and agreeing how best to effect it. Choices are made within units of security about which security risks are to be treated, and how, as an expression for instance of the resources to be expended – on, for instance, military capability, countering terrorism, dealing with climate change, motor vehicle safety, and preventing cancer, diabetes, obesity or suicide.   

As we make these choices, it is crucially important that the ‘vector of the threat’ is separated from the ‘sector of impact’. By this I mean that we should logically separate the ‘vector’ – whether it be an invading army, an enemy fleet, terrorists, saboteurs, cyber hackers, violent criminals, extreme weather events, or a global pandemic, and so on – from the ‘sectors’ of society and the economy which are likely to be impacted, and which will need to be defended, mobilised and/or remediated.  Relatedly, the logic and language of war in security thinking should be reduced to its proper and legitimate place, which is to say the field of armed conflict – where it has enough to do.

We have to view security as a capacity to generate effects.  This leads logically to thinking in ‘effects’, or mission terms.  Indeed, security cannot be practised in the absence of mission specifications, as I suggested earlier. In recent years, some political scientists and philosophers have begun to press these questions. That is to say, security for whom? What is to be secured in terms of values – such as physical safety, national independence, sovereignty, territorial integrity, economic prosperity, social unity, individual liberty and autonomy? From which threats? How much security is desired or required?  What is the effect that is to be generated?  By what means?  Who will provide those resources? At what cost?  Who is accountable?  What is the duration period of the intended effect?  What is the operational concept, strategy and plan?  Who will decide on adjustments during the execution of operations?

Security is a purposive activity, whose hallmarks are unification of effort, clarity of goals, and mission focus. Security is not solely a performative domain (to adapt an idea from linguist philosophy) insofar as the ‘speech acts’ of security do not in themselves fully constitute security effects. Security is not generated by rhetorical pronouncement, or in a theatre of performance.  Only through the generation of material effects can security be constituted and reproduced.

Within government we need to integrate all of our tools of national power in the pursuit of security effects. We need to continually examine how best to align missions and functions, and how we might best integrate effort across organisational boundaries. Our systems, processes and capabilities have to become networked, within national jurisdictions and across them, with like-minded allies and partners. We need to aggressively tackle the problem of jurisdictional, regulatory and compliance gaps and seams, especially as this relates to those parts of the world where ineffectual state control is in evidence, and in relation to the illicit mode of globalisation which has emerged in recent decades – as evidenced in the global marketplace of illicit drugs.

Security, however, extends beyond government. It is generated through the whole of society, with government leading and guiding through a networked partnership with the rest of society – which is to say, the population at large and the sectors of which I spoke earlier. It follows logically that security has to be designed into societal structures, institutions and systems. It cannot be an afterthought or a supplementary, appended function.  It has to be ubiquitous without being oppressive. The domain of cyber will accelerate this imperative. The centuries-old nexus between the Sovereign’s protection and the spatial limits of the state is being deconstructed by cyber effects, where everyone and everything within the bordered state is externally-facing, and cyber-exposed, and security cannot be assured within orthodox constructs.

The approach that I should like to suggest is to be distinguished from the mobilisation of society and the economy during times of total war, such as was seen during the Second World War, where there were theatres of combat, the ‘home front’, civil defence, industrial mobilisation, the protection of sea lanes, ports and harbours, and the rationing of food and supplies, and so on.

The mobilisation of which I speak here is altogether different: security outside of total war has to be founded on a very different footing and effected through a radically different mechanism of national coordination.  In the face of discussion about ‘grey zone conflict’, the basic tenets of which are sound and from which flow logically coherent conclusions for action, there is a temptation to move intellectually to a model of ‘societal warfare’, with the whole of society being mobilised to counter threats.

However, society is not a ‘battlespace’.  It is not ‘human terrain’ over which security effects are imparted. There has been a concerning tendency in recent years to import the language and the strategy of counter-insurgency practice and its underpinning orientation of fighting ‘wars amongst the population’ into domestic society. This is dangerous, as it risks alienating the production of security effects from the population which is being secured.

As an alternative, we should take an altogether different approach.  One which starts with a deconstruction of the triangular oppositions between security, economic prosperity and social order, and which would allow us to take a unified approach which brings security, social and economic functions into a single conception and mechanism of national resilience, where social and economic systems are characterised by continuity, redundancy and adaptability. We should as a matter of national philosophy practise adaptability, and plan to recover from shocks always more strongly.

As societies and economies have become more complex and interconnected in recent years, new vulnerabilities have been added systematically, generating the increased likelihood, and increased impacts, of the disruption of supply chains, essential services and infrastructure. The more connections that we make, and the more that networks expand, the more it is the case that risk is being introduced systematically into an ever-more complex global grid of physical and virtual connectivity. Risk as a result has now become more distributed, more networked, and more inter-connected than has ever been the case in human history. So much so, I would contend that calculating risk and framing resultant choices for policy, and options for action, has become an almost impossible challenge for traditional models of decision-making, which tend to be characterised by incremental options sets, empiricism as against probabilistic conjecture and, more often than not, a default mode of aversion to risk. 

The complexity of modern human systems is such that the calculability of risk will become so difficult as to be practically impossible using traditional methods.  In recent years, the field of ‘natural security’, whose ideas are drawn from biology, ecology and epidemiology, has emerged, perhaps pointing the way.  I refer here especially to the work of the late Rafe Sagarin. This approach suggests that we have to build by design into our social and economic systems the adaptive features which are evident in the biological domain – where survival and living with risk are a function of an organism’s intrinsic ability to sense, calculate and act, to actively defend itself, to build redundancy and immunity, to employ countermeasures, engage in deception, and to strike where necessary.  In the biological world, the best response to external change is often internal change, and an adaptation of the familiar. Today, one of the most vital security practices in the face of the threat of COVID-19 is handwashing and good hand hygiene, a measure which is as far removed from the appearance and character of a complex weapon system, and yet of more importance to the current security of the population than every weapon in our armed forces.

This approach requires us to move away from the strategic language and thinking which is typically confined to reducible linear concepts – which tend to be marked by concepts such as stability, friction, tension and momentum.  In a networked world, a less mechanistic and more organic conception is required – which is marked by concepts such as risk, the chronic state as against the acute state, susceptibility, immunity, contagion, virulence. During the Cold War, we spoke of a balance of forces in a physical and mechanical world. Today, we should speak of what we think reality is in an organic and networked world.  The laws of physics have not been suspended, but for some decades we acted as if the laws of biology had been.

# # #

For centuries, after the rise of the modern nation-state in Europe in the 17th Century, we tended to think of the state as possessing ‘majestic power’ (the Leviathan of Hobbes), with the symbols of that power displayed atop houses of parliament and court buildings. Now, in an era when global forces are seeing the erosion of the ability of the Sovereign to guarantee internal peace and protect us from external foes, nothing less than the transformation of the state itself, and the state’s relationship with society, is required.

The idea of ‘security’ should be best associated with notions of reassurance and relative peace of mind.  Its etymology points the way: ‘security’ comes from late Middle English, and in turn from Latin (‘securitas’), meaning the condition of being secure (from securus, ‘free from care or concern’). ‘Security’ should evoke the sense of protection: safety; safeguarding and safe-keeping.  Think of the idea of a ‘security blanket’ – an object depended upon for reassurance and comfort.  When we ‘secure’ something, we make it safe. We speak of emotional security; financial security; job security, and so on. Security in this sense is the systematic feature of a secure situation, characterised in my profession by ideas such as defence in depth, access control, identity assurance, asset protection, continuity and vulnerability mitigation.

‘Security’ also has a related meaning of a thing which is deposited or pledged as a guarantee of the fulfilment of an undertaking or the repayment of a loan, to be forfeited in case of default (its synonyms are: guarantee, collateral, surety, pledge, bond). Security in this sense underpins trust and confidence, such as that required to invest, to accept rulings in relation to property, equity and torts. Security, when read in these ways, is a positive condition which enables prosperity and unity – and underpins markets, political discourse, democratic institutions, laws and regulations, public administration, accountability in public and corporate institutions, and criminal and civil justice. 

Security has to be read as a means to an end. Its effects enable the pursuit of happiness and prosperity, which are the greater ends. Security has to be visibly connected to prosperity, social cohesion and unity, and the maintenance of an open and free society. To separate ‘security’ as a function of state – in the sense of a ‘security state’ or a ‘deep state’ – is illogical and a misnomer: security is an intrinsic function of state.

This is not however the same as is meant in illiberal discourse where there is to be found the idea of ‘state security’. The very idea of ‘state security’ separates the state from the population, such that the security of the former becomes the principal end in itself. Contrary to the authoritarian discourse of ‘state security’, security should be supervised by institutions which are separate from the executive state, and discussion about security should be as free and open as possible, subject only to strictly applied secrecy limitations which are concerned with the protection of sensitive capabilities and operations, and intelligence sources and methods. 

On this account, ‘national security’ has a particular meaning, insofar as it concerned with a narrower but significant scope of security – namely the security and defence of the nation-state, whether against military attack, or actions by states and non-state actors which transgress the political independence, sovereignty and integrity (including the territorial integrity) of the nation-state. In this sense, a nation is secure when it does not have to sacrifice or compromise on its national interests in order to avoid war or armed aggression, and is able to protect those interests by engaging if necessary in the use of force.

For this reason, I am not an advocate for expanding the definition of ‘national security’.  Where would one stop?  If the concept of ‘security’ becomes a synonym for all desirable policy values (such as sovereignty, prosperity, equality, liberty, unity) then security becomes the entire policy agenda. I am in favour, however, of emphasising concepts such as ‘self-reliance’ and ‘sovereign capability’ in national policy discourse, which would require the closer integration of security, economic and social policy. (For this reason, the most important challenge in this area does not relate to structures and institutional alignment around ‘national security’. This simply avoids the higher challenge of thinking through the proper integration of security, economic and social policy.) 

None of which is to say that ‘hard security’ is no longer an imperative. In relation to security from military attack, our basic national security objective remains the deterrence of, and the defence against, direct armed attack. In relation to territorial integrity, globalisation and the relatively free movement of goods, people, services and capital has not so deterritorialised the state such as to unravel the direct coupling of security, territory, and population, as we have been reminded through the impact of COVID-19.

# # #

In my speech of 13 March 2019, titled “Seven Gathering Storms: National Security in the 2020s”, I attempted to make sense of strategic risks as they relate to national security.  I did not on that occasion intend to cover all risks to prosperity, security and unity. Today I will go further. If one were to construct a national risk register, it would be immediately apparent that some are not ‘national security’ issues at all, unless that term is extended as I said a moment ago to encompass risks which go to the prosperity and unity of the nation, and its character as a free and open democratic polity.

What follows is not ranked as a set of predictions, or in priority order for policy. It represents a framework of risks which are cast over a century (to 2120), and which might materialise, and which therefore demand our close attention. Here is my expanded register:

  • the prospect of Great Power war, which carries with it the prospect of nuclear war;
  • the employment of chemical, biological, radiological or nuclear weapons outside of Great Power war;
  • cyber-attacks, many of which are in reality cyber-enabled espionage, but which could also entail catastrophic attacks on critical national infrastructure;
  • the subversion of our democratic institutions (including elections) and the fragmentation of our social cohesion by way of foreign interference, political warfare and disinformation; or misinformation through what some have termed the ‘Death of Truth’ and the weaponisation of social media and declining trust in public institutions;
  • espionage against our decision-making processes, and in relation to our military, diplomatic, governmental, scientific and technological secrets;
  • ungoverned territory and the failure of state authority in parts of the world, often linked to corruption and unmitigated urban sprawl which can lead to state failure or civil conflict within failing and failed states (creating in turn safe havens and staging points for terror and crime);
  • uncontrolled mass migration, including as a result of civil conflict and climate change, as well as mass human trafficking, and people smuggling;
  • terrorist attacks, whether by transnational or domestic terrorists – with Islamist terrorist groups being of the greatest concern due to their global reach, although of increasing concern is the rise of fascist extremist groups;
  • politically-motivated violence within the meaning of the Australian Security Intelligence Act 1979, including by armed groups which might be motivated by conspiratorially-framed ideologies;
  • the mass economic and social impact of transnational criminal networks, which can represent a strategic threat to economies, good governance and public order, revenue bases and border integrity;
  • poorly managed supply chains, which can be penetrated by transnational criminal networks for economic gain, as they mask the illicit movement of goods in the vast volumes of trade movements;
  • poorly managed travel networks, which can become a vector for people smuggling, human trafficking and for the transmission of pandemics;
  • poorly managed transport security in aviation and shipping, which can be a vector for terrorist attack, as well enabling transnational serious and organised crime;
  • the sabotage or sustained outage of critical physical infrastructure and information networks (including data, satellites, and undersea cables);
  • global capital flows which mask investments and economic activities which might be detrimental to national security, and other forms of economic warfare, including by way of the strategic acquisition and control of national security sensitive businesses;
  • illicit money flows which mask money laundering and terrorist financing;
  • supply chain risks, as they relate to lack of sovereignty in certain manufacturing and supply categories, such as medical equipment and supplies, specialist machinery and critical parts and components;
  • criminally exploited ubiquitous end-to-end encryption, the Dark Web, poorly managed data storage, mass data theft and identity fraud;
  • the adverse consequences of advanced technology, especially artificial intelligence and synthetic biology;
  • microbiobial resistance, a global pandemic, and worse a deliberate bio-warfare attack;
  • agricultural diseases and food insecurity;
  • water and resource shortages, severe energy shocks, and the disruption of energy supplies;
  • increased disaster and climate risk, biodiversity loss and ecosystem collapse;
  • major natural disasters, including earthquakes, tsunamis, volcanic eruptions and geomagnetic storms, and extreme weather events (fires, floods, storms); and
  • environmental damage and disasters (major oil spills; significant industrial accidents; radioactive contamination).

This is an apocalyptic list to be sure. Indeed, in relation to ways in which humanity might become extinct you will find arguable cases for the following scenarios, amongst others: a deliberately released, humanity-killing synthetic virus; super volcanic eruptions which block the Sun; the Terminator AI threat; a nuclear apocalypse; and, yes, the killer asteroid.

Complacency is certainly not warranted in the face of this register, but nor is an existentially pessimistic fatalism.  An exaggerated sense of danger is positively harmful, as is the over application of threats.  Over-arming the state is as great a danger as under-powering it. The best accounts, in my view, of how to strike the right balances are not surprisingly written by practitioners: works such as David Kilcullen, The Dragon and the Snakes: How the Rest Learned to Fight the West (2020); Janet Napolitano, How Safe Are We? Homeland Security since 9/11 (2019), and Sir David Omand, Securing the State (2010), all of whom focus on sustaining secure and resilient nations, with a clear-eyed view of risks and threats.

# # #

I intend to return at some future point to the issue of the design and functioning of public institutions and national ‘sectors’ in the light of this broad conception of security.  For the purpose of today’s lecture, several concluding thoughts suggest themselves:

  • Public institutions have to be designed to operate at the intersection of prosperity, security and unity. Security has to be subordinated to the greater end of an open, prosperous and unified society.  Security is an array of effects which support resilience and which are generated through a cycle of practices – namely threat scanning, risk management, planning, preparation and exercising, and operations, including first response, emergency management and, as necessary, disaster recovery and reconstruction.
  • Security focuses on the logical anticipation of dangers to come, and is best informed by a realistic (as distinct from a neurotic) ‘anxiety’ which is centred on defined dangers – or at least imaginable dangers. I do not therefore deny a link of sorts to fear and anxiety – but nor would I start there.
  • The operational state: within government, departments and agencies have to be designed to be operational – able to plan, to prepare, and to undertake operational missions as directed. The age of the programmatic or regulatory agency (the 1980s-2010s) is passing.  While of course they have their place, even in wartime, departmental operations which are focused on the pursuit of purposive outcomes as distinct from the supervision of arms-length processes are back in vogue, and not before time.
  • While much has been done in recent years to better link law enforcement, security intelligence, countering foreign interference, countering terrorism, immigration, citizenship, social cohesion, customs, border protection, maritime security, critical infrastructure protection, aviation and port security, supply chain security, cybersecurity, emergency management, disaster recovery, biosecurity and public health management and so on, governments will always be mindful of opportunities to achieve yet more scale and more agility in the generation of operational effects.
  • While national security effects will typically continue to be delivered by the principal departments of state – Foreign Affairs and Trade, Defence, and Home Affairs, working alone, or in combination – security effects are also being delivered through other combinations, such as through the partnerships that Home Affairs has with Treasury (in foreign investment screening); Agriculture (biosecurity); Transport (aviation and maritime security); Communications (telecommunications security, for instance in relation to 5G technology); Industry (supply chains and scientific research); Energy (energy security); Health (pandemic response) and Education (foreign interference in universities).
  • The extended state: perhaps the time has come to speak of the ‘extended state’ where public institutions in the executive remain the vital centre, as they possess convening power, threat intelligence, regulatory powers (for instance in the creation and enforcement of security obligations), emergency powers (as laid down in law), and the operational capabilities and capacities of which I spoke earlier. The ‘extended state’ for the purposes of security as I have defined it, which is a networked and dynamic conception of security which comprehends sectors across society and the economy, consists of the entire apparatus of the Australian Government, which convenes and coordinates; along with State, Territory and municipal governments; as well as the business sector, including finance and banking, food and groceries, health and medical services, transport, freight and logistics, water supply and sanitation, utilities, energy, fuel, telecommunications; the scientific and industrial research establishment; as well as non-for-profit and community organisations, including charities; and households as might be required.

# # #

Security is a shared responsibility, which should be designed into our plural institutions and processes, in order to ensure the resilience of the prosperity and unity of the nation, and its character as a free and open democratic polity. We have to think of it as continuously generated effects to this end. In a democracy, the nation’s security enterprise should be supervised within a juridical framework of separated powers.  We should resist the lure of the illiberal discourse which says that unitary authorities are the more effective security performers.

Security should not entail the administration of fearful and anxious subjects. Security should be contested by an informed citizenry who share a common horizon of threat awareness, and agency in relation to risk and opportunity.  On this reading, security is a dialectic between the State’s mandate and capacity to act, and the population’s collective specification of the trade-offs and the costs that it is willing to bear in the name of protection and survival. In the end security effects construct social life insofar as they underpin prosperity and unity, whereby the greater social end is the pursuit of happiness or ‘utility’, in the sense that a philosopher would use that term. As such, security is more than a question of protection, or of survival.  It is a question of how we should band together and pool our capacities for living.