Southern Space Symposium 2021
29 November 2021
Michael Pezzullo AO
Secretary, Department of Home Affairs
CONVENOR: It’s my privilege to introduce our keynote speaker for the conference, Secretary Michael Pezzullo, the Secretary of the Department of Home Affairs; a man who needs no introduction – in this town – who has worked in Defence, who has worked in the Department of the Prime Minister and Cabinet, who has worked on the personal staff of a former Foreign Minister, worked with Kim Beazley – I can imagine briefing Kim Beazley would be a pretty tough job in and of itself – and he has worked for the last four years to reform what was formerly Immigration and Border Protection into the Department that is Home Affairs. We invite him to speak today for a few reasons. Firstly, he is a strategic thinker, somebody who understands Australia’s strategic environment, who understands the pressures we face but also the opportunities we can grab and need to grab, who is versed in our international partnerships, who has shown time and time again that you can look over the horizon, see what’s coming and work out how best to position Australia to deal with it. Secondly, because he is, at his heart, a reformer; somebody who refuses to accept the way things are, who is always looking for a better way to move Australia forward. And, thirdly, because he is a leader. And he has time and time again set out visions, moved departments, moved agencies forward and moved the country forward to grapple with both the opportunities and the challenges that present to us.
In a second I’ll ask him to join me on stage to present his address. I’ve asked him to speak to the topic of ‘Space as Critical Infrastructure’. And it’s been my pleasure to deal with the Department of Home Affairs on a number of occasions this year across a broad range of topic areas. They’ve been accessible, they’ve been open, they’ve been consultative and they’ve bent over backwards on a number of occasions to help us achieve the best results for this industry.
So as we stand at a pivotal moment for Australian space, I can think of no-one better than Secretary Michael Pezzullo to tell us where we should be going and what we should be focused on. Secretary.
MICHAEL PEZZULLO: Well, thank you for that extraordinarily warm introduction – at times verging on deceptive and misleading. Some of the comments were far too effusive. Thank you in return for your leadership in this area and that of the organisation that you lead. This symposium hardly needs to hear from me on the vital importance of space itself. Indeed, if you’re following proceedings, whether you’re here or otherwise following it virtually, you already appreciate the importance of the topic.
My principal duty today – regrettably in one respect – is to debunk the agreeable but illusory viewpoint that space as a domain is where humanity will reimagine and reset itself, where space can be harnessed effortlessly for the benefit of all, and where a new Earth can be built in the hitherto inaccessible heavens. I regret to inform you that when we go into space, or when we use space, we bring ourselves on that journey, which means that we bring human hope, innovation, freedom and creativity as well as malice, fear, avarice and tyranny.
Space and space-enabled activity, therefore, needs to be approached in policy terms with the standard array of strategic tools that we apply in other domains – tools such as deterrents, risk, protection, resilience and so on.
Now none of this is to detract from positive possibility. Our idealism, however, has to be tempered with realism. Today I should like to outline the role of the Department of Home Affairs in this regard.
Australia, of course, relies on space-based technologies to overcome its expansive geography and great distances. Our reliance on these technologies will, of course, only increase – as this audience knows only too well – especially in relation to critical and emerging technologies connected to smart infrastructure, earth observation to support drought and climate management, for instance, as well as weather forecasting, position navigation and timing functions, smart cities, the Internet of Things and secure communication.
The next generation of space technologies will boost productivity and efficiency in every sector of Australia’s industries. Indeed, it’s unlikely that any industry will remain unaffected of course. Space investment can yield diverse economic benefits, including in those regional areas that hopefully will serve as gateways to space. Regional Australia particularly stands to benefit from the space sector in other ways – for example, through its space-based Internet of Things capabilities that can support applications such as remote monitoring of dams and water tanks or the virtual fencing of cattle on remote stations.
For the Department, space impacts many of our roles and responsibilities accordingly. Space we treat as critical infrastructure and, indeed, it represents the next generation for us of critical and emerging technology. It is an industry regrettably at risk of foreign interference and cyber attack – and I’ll come back to those points in a moment.
The Australian government is committed to working in partnership with all critical infrastructure providers – space included, of course – in support of Australia’s prosperity, security and unity. A range of threats have the potential to disrupt essential services that we enjoy across this country. A cyber attack, for instance, on space infrastructure, such as on satellites themselves or ground-based systems that control them, could easily result in widespread degradation or, indeed, disruption of communications, positioning systems, navigation systems and timing systems.
Most critical infrastructure assets in Australia rely, of course, on accurate positioning, navigation, and timing (PNT) infrastructure as a core requirement for their operations. This in turn is inherently reliant on space infrastructure, as we know only too well. A major impact to space infrastructure could, therefore, have a catastrophic effect on the functioning of society as a whole as every critical sector relies on the data which passes through these systems and the connectivity that they provide. Such an impact will only increase over time as satellites and space infrastructure more generally become more important for our prosperity.
Space will therefore hold a key to expanding telecommunications infrastructure as we currently know it, and indeed, shaping how Australia communicates for civil, industrial, military, intelligence and other purposes. A cyber attack that severely disrupts satellite assisted navigation, for example, could affect shipping, trucking and other transport, leading to drastic shortages on our supermarket shelves – and we’ve experienced some of those recently for entirely different reasons.
The functioning of automated equipment on the farms that supply those supermarkets could also be affected. Any system that relies on GPS, such as water, electricity and gas production and transmission, could equally be impacted. A successful cyber attack could thus wreak havoc on the economy and lead to disastrous shortages of everyday supplies as well as essential services.
Then there is the navigation of satellites themselves. Currently there are about 5,000 satellites in orbit, but by 2030 it’s estimated that that number is expected to be more than 50,000. Many of these will be small– nanosatellites, of course – in global constellations linked to billions of IOT – or internet of things – devices serving government purposes, industry and society more generally. But, of course, more traditional large-scale satellite constellations will still be used and deployed for a variety of purposes.
Malicious actors may seek to attack the control systems of satellites or to attack or interrupt the data that flows to and from those satellites. Such actors may attempt to shut these satellites down, deny access to their services or otherwise jam or spoof the signals from satellites, creating some of the havoc for critical infrastructure that I’ve already mentioned.
Malicious or irresponsible activities in space could also pose physical risks to space assets. Space debris, of course, in particular poses significant and growing risks. Such debris is often difficult to predict as to where it will land and when, and also how much of that material may impact in space itself. It can be, of course, created accidentally, for example, when a space launch is unsuccessful, or intentionally through reckless or disruptive, destructive behaviour.
Poorly written or compromised software an of course also be exploited to degrade and disrupt the functioning of a satellites or space-based – or space-related infrastructure, I should say. The highly technical nature of satellites of course means that multiple manufacturers are involved in building the various components needed to make something work in space. The process of getting these satellites into space is also complicated, involving, again, numerous companies.
Now, once satellites are in space the organisations that own them often outsource their day-to-day management to other companies, whether it is for the functioning of the satellite itself or for the operation of the broader satellite constellations. With each additional vendor in the chain the vulnerabilities increase, as malicious actors have multiple opportunities to infiltrate systems and exploit those vulnerabilities.
This highlights the importance of critical infrastructure operators, whether in the space industry or otherwise, to understand their supply chain risks and the possibility of malicious actors seeking to introduce compromised code, for instance, or parts – physical parts – into the manufacturing of satellites which may later be exploited to facilitate an attack.
So it is imperative that satellites and other space-based systems are rendered less vulnerable to such attacks. If they are indeed vulnerable, other countries or other malicious actors, non-state actors, may seek to attack our space systems as a way of gaining advantage.
Now, threats to the operation of all of Australia’s critical infrastructure networks and entities continue to be significant, space just being one of those sectors. And, indeed, failure or disruption in one area of critical infrastructure can have flow-on effects in others. The Australian government is therefore leading a whole-of-economy reform effort in relation to how the nation protects its critical infrastructure.
On the 10th of December 2020 – so a little under a year ago – the government introduced the Security Legislation (Critical Infrastructure) Amendment Bill 2020. At its core, this bill put forward both preventative and responsive security measures to protect critical infrastructure. The Parliamentary Joint Committee on Intelligence and Security – otherwise known as the PJCIS – reviewed the bill and suggested in September of this year that it be split into two parts. The first bill, which I will describe in a moment, covering, in the committee’s view, the most urgent measures that need to be legislated in the shortest possible time, with a second bill that the government anticipates following on in early 2022 covering the remaining measures.
So I’ll turn my attention here to the first bill. On the 22nd of November – that is to say, a week ago today – the Australian Parliament passed the Security Legislation Amendment (Critical Infrastructure) Bill 2021, the first of those two bills that I’ve just mentioned. Importantly, this bill sets out a new expanded definition of what we mean by critical infrastructure. This bill expands the critical infrastructure sectors covered by the original Security of Critical Infrastructure Act, which was passed in 2018, which at that stage included energy, communications and financial services. It now includes defence industry, higher education and research, data storage or processing, food and grocery, health care and medical, transport, water and sewerage and, of course, space technology.
The space technology sector is defined as that part of the Australian economy that involves the commercial provision of space-related activities as critical infrastructure. Examples that are in the bill of what this means in practice include position navigation and timing services in relation to space objects, space situational awareness services, space weather monitoring and forecasting, communications, tracking, telemetry and control in relation to space objects, promote sensing earth observations from space, and infrastructure that facilitates access to space.
The bill introduces a cyber incident reporting regime for critical infrastructure assets and introduces government assistance measures that will ensure the government has measures available, including through the ability to deploy classified measures, to assist industry when no other regulatory regime is able to respond to a nationally significant cyber incident.
Enactment of this bill will mean that the government will be able to provide assistance immediately prior to, during or following a significant cyber security incident to ensure the continued provision of essential services. Without commensurate advances in cyber security risk management and prevention from industry, however, the Government’s ability to protect and secure Australia’s national interests will be limited, and will leave our critical infrastructure materially exposed.
So the Government has foreshadowed that in early 2022 it intends to introduce an additional bill, the second bill that I mentioned earlier, as recommended by the parliamentary committee, with further amendments to the relevant legislation – the Security of Critical Infrastructure Act – which will pick up the remaining elements of the bill that was first introduced in December of last year.
This bill will include preventative measures to complement the recently passed bill that I’ve just mentioned – the one that passed last week – and provide the Government and the Australian people with an assurance that our essential services will continue as best as possible, even when faced with the most severe threats and challenges.
The bill next year – the 2022 bill – will also include or codify the concept of Systems of National Significance within the Department, known as SONS for short. These are the systems that are so interdependent and crucial to the functioning of critical infrastructure that if they were to be successfully attacked they could have significant catastrophic impacts on Australian prosperity, security and/or defence.
These amendments, should they be passed, will provide governments with the ability to identify and work in partnership with the owners and operators of Systems of National Significance to better prepare them for cyber threats through a set of enhanced cyber security obligations. One element of the bill that I’m describing as the 2022 bill will be the development of a risk management program for all 11 critical infrastructure sectors.
The Department of Home Affairs is currently co-designing the rules that will underpin the risk management program with relevant industry partners in each sector. A disproportionate number of risks relate to the reliance of critical infrastructure on space and broader communications assets, that, were they to be attacked – particularly but not limited to a cyber vector – could cause the significant catastrophic disruptions and stoppage to Australian infrastructure and, therefore, economic functioning that I’ve mentioned.
Should this bill pass the Parliament next year we will, of course, look forward eagerly to collaborating with the space sector alongside other critical infrastructure sectors to look at what critical infrastructure assets and networks should be properly recommended to the Minister for Home Affairs to be declared as Systems of National Significance.
Now, being declared as such a system – a System of National Significance – would give rise to requirements for the provision of systems information to the Australian Cyber Security Centre (which is a component of the Australian Signals Directorate), the conduct of vulnerability assessments, the creation and exercise of incident response plans, and the conduct of exercises to make sure that we are able to prepare for and respond to any threats to the continuity of critical infrastructure.
I personally, and the Department, would very much value your engagement in this process. You know how important space technologies are, the significant potential they have to enhance our national interests and the fact that they are increasingly vital to our continued security, economic prosperity and global competitiveness.
The critical infrastructure reforms in their totality – limited not just to space – not only recognise that space technology itself is a critical sector, but also recognises that our network systems and infrastructure themselves operate as an interdependent ecosystem underpinning our national life, our economy and our global connectivity.
The space sector itself is, of course, in a unique position to address such concerns as these evolve, as opposed to many other sectors which are much more established, and more traditionally, regulated where these security overlay features are having to be retrofitted.
So we very much look forward to working with our industry partners in this sector to co-design these requirements at a relatively nascent stage of this sector’s development – as compared to some of the other sectors that I mentioned earlier. And we certainly commit to working closely with the space sector, as well as with our colleagues across Government, including the Australian Space Agency and elsewhere, to consider these broader concerns as they relate to this sector as it matures.
Now, in concert with these important legislative reforms, the Department is also advancing non-regulatory, non-legislative initiatives to boost the security and resilience of our critical infrastructure, including in relation to this sector. For instance, the Department is enhancing and integrating the government’s existing critical infrastructure education, communications and engagement activities through a re-invigorated Trusted Information Sharing Network, or TISN – I’m a public servant so we have acronyms for everything – as well as an updated critical infrastructure resilience strategy that will shortly be available.
The TISN – or the Trusted Information Sharing Network – is the place where we will run exercises, share best practice and risk assessments, discuss the interdependencies of infrastructure that I’ve already mentioned across the economy, and enable deeper collaboration between governments and industry. I say governments because we’re increasingly, of course, interacting with our state and territory and, indeed, municipal colleagues in many of these regards.
Our approach is one of partnership in an increasingly interconnected set of infrastructure requirements and policy problems. Within TISN there is a space sector group that has now been established in its own right, which is a natural evolution from its previous status as a cross-sectoral group. Its task, the task of this sector group, is to ensure that we are focused on building an understanding of your sector and working collaboratively on these critical infrastructure protection overlays that I’ve been mentioning.
Now the legislation that passed the Parliament last week, and that which will be introduced early next year, in 2022, set out the legislative framework for effective collaboration. Our job, though, is not just simply to set and forget through legislation; it’s to work in partnership and to constantly scan the environment and the horizon to make sure we’re working towards as secure a critical infrastructure sector in our country as can possibly be achieved.
To that end, in September this year, the Department established a co-located set of functions within the Cyber and Infrastructure Security Centre – headed up by a Group Manager within the Department who reports directly to me, Mr Hamish Hansford – which brings together all of the Department’s regulatory critical infrastructure functions, as they relate to aviation security, maritime security, transport security, the existing critical infrastructure protections that flow from the 2018 legislation, as well as our background checking and vetting capabilities.
The CISC – or the Cyber and Infrastructure Security Centre – is driving an all-hazards regime, a true all-hazards regime, of critical infrastructure protection which is enabled by this functional alignment and the stronger focus that we’ve created on cyber security. Although I hasten to add, that whilst it’s got cyber in its title, Hamish Hansford and his team are very much focused on physical threats to critical infrastructure, including that which might arise from physical sabotage.
The Cyber and Infrastructure Security Centre within the Department also engages regularly with the space sector – indeed, in some cases on a daily basis as we develop and co-design the rules that I mentioned earlier to boost security resilience through the TISN network, as well as collaboration with individual firms and individual stakeholders. Over the past 12 months I’ve been delighted by the contribution of space representatives to both the work of the CISC, both through the TISN network and also more directly in relation to direct engagement between firms and stakeholders.
So I’d like to think that our engagement with our space sector counterparts is already broad; I’d like to deepen it. And this engagement spans the strategic context to help us frame legislation, which is going on as we speak, through to very tactical and operational potential disruptions, for instance, posed by solar activity such as coronal mass ejections and natural hazard impacts, particularly as we head into the high-risk weather season here – just another compounding weather risk factor that we have to take into account in the Department.
As you well know, space weather can impact a range of space-based and land-based technologies. Solar flares, as they’re often known, can block or degrade high frequency radio waves, for instance, creating a radio blackout storm. Radio communications are still critically important for airline operators, for instance, for emergency services and the military. Solar flares, of course, release energy equivalent to millions of hydrogen bombs exploding at the same time. And as this energy reaches the earth it can have significant consequences for our society, especially as our level of digital connectivity increases.
The impact of a significant space weather event would be wide-ranging, including significant and potentially catastrophic disruptions to the electrical grid, damage to satellites, as well as compromising operations of other critical infrastructure sectors such as offshore oil and gas, to name but one. So a space ecosystem that is resilient to both natural hazards, cyber threats and, indeed, physical threats will ensure that we’re able to bounce back from adverse and, indeed, at times catastrophic events.
Through Emergency Management Australia, or EMA, another part of the Department – you often hear about EMA in relation to other matters – the Department works in partnership with the Bureau of Meteorology and its Space Weather Services section to provide advanced warning to government and industry on space weather forecasting. And the BOM does a terrific job in terms of notifying the public, and we’re there to deliver the system by amplifying their messages through our networks.
The National Situation Room which is situated within EMA, which is an all-hazards crisis management centre, indeed receives regular space weather reporting from BOM, and we’re very grateful for the partnership we have with the Bureau. Home Affairs is working with other Government departments and the BOM to develop a national space weather plan which will be informed by scenario-based exercises to help prepare for a major space weather event.
Under the TISN that I’ve already mentioned – the Trusted Information Sharing Network – we are already enabling cross-sectoral engagement so that owners and operators of critical infrastructure can engage with other sectors to advance both security and resilience objectives. And cross-sectoral areas of collaboration span prevention, preparedness, response and recovery, as I’ve mentioned, but also include the other departmental functions for which we are responsible and where we can provide a functional, cross-portfolio, value-adding effort in relation to counter-terrorism, countering foreign interference, espionage, emergency management – as already mentioned – and supply chain resilience.
So we are very eager to work with the space industry through our outreach teams that are in the Cyber and Infrastructure Security Centre and, of course, in respect of cyber in partnership with our colleagues in ASD’s Cyber Security Centre.
As Australia’s space industry aims to triple in size to, I’m told $12 billion, and to create up to 20,000 new Australian jobs – and I’m delighted to see the Australian Space Agency represented here – our Department is also assisting, through the Global Business and Talent Attraction Taskforce, to both increasing the profile of Australia’s space sector for visa applicants who might be minded to make Australia their homes or, indeed, should whole firms be minded to uplift and come to Australia, we can also engage through the Taskforce with firms at the company level as well.
The Taskforce, which is located in the Department, working very closely with Austrade, as well as other partners who are responsible for business attraction – we obviously do the visa and immigration element of it – is geared towards attracting the best talent in transformative technologies and scientific areas to Australia. Some of the areas that are relevant to these proceedings relate to robotics and automation systems, the commercialisation of rocket technology, in the area of nano and small satellites, launch vehicles and facilities, propellants and fuels, payload sensors and communications arrays, PNT tools, as already mentioned, structural components and communications technologies. And as I’ve said, we’ve got quite a number of irons in the fire both in terms of individual talent as well as firm-level talent as well.
No country can, of course, navigate the deployment of advanced future technologies in isolation, or manage the risks that I’ve been highlighting through this address. Cooperation, therefore, with like-minded partners and engagement through international fora is very much required – and in Australia’s case, we’re especially focused amongst other things on furthering our dialogue through the Quad process with the US, Japan and India. I also note the Australian Strategic Policy Institute (ASPI)’s hosting of the Sydney Dialogue recently which touched on many of these themes. And of course, the recently announced AUKUS trilateral technology agreement between Australia, the US and UK will also have a bearing.
This kind of collaboration, international collaboration, will be critical in driving the utilisation of space in line with our shared commitment to the enduring peace and stability of both the Indo-Pacific region specifically and the global system more generally.
With our key international partners the government will continue to grow our capacity to develop sovereign capability in critical technologies. Others will speak to this during the course of these proceedings. We will work to ensure that all Australians can benefit from access to advances in space technology, whilst protecting that sector as best as we can against the actions of malicious actors.
I’ve highlighted some of the considerable security threats that the Australian and global space sectors face. The coming new era of space will certainly make my job and the work of the Department of Home Affairs much more complex, as we contend with the intricacies of technology, the ever-evolving interconnected nature of threats and risks and a need for advanced security to be built into space infrastructure at the sector level.
The Australian space sector is abuzz with opportunity – and hopefully I haven’t dampened your spirits too much with this address. With the appropriate emphasis on security and resilience at the design stage, I'm very confident that we can leverage space to underpin Australia’s continuing economic prosperity and national security. These are not paradoxical or contradictory objectives; they are complementary and, indeed, they should be integrated objectives.
This will only be achieved through working cooperatively with industry, other sectors of government and like-minded international partners. That’s why I’m so delighted to be here. Thank you for the opportunity to present.
CONVENOR: Secretary, thank you very much. I think we’re going to need a new line of government funding to train people in how to understand acronyms for the next few years ahead.
I want to start by asking you, you’ve laid out the importance of space as critical infrastructure, the way it permeates many of the other sectors of our economy and our national security systems. At the moment we rely on the US for GPS and location data, we rely on Japan for weather data; almost everything we use in the civilian sense comes from satellites that are owned and operated by other countries. Are you happy with that, and what principle do we use to think about sovereignty and the risk of not having sovereign assets in space?
MICHAEL PEZZULLO: Thanks. If anything, the pandemic has demonstrated both the strengths and weaknesses of deep integration in the global system. It has demonstrated vulnerability, and some of the supply chain issues that we’ve all had to experience. We’ve had a live – not just a scenario-based exercise, but a real-world experience – of what can happen when you suffer from certain deficiencies in terms of sovereign capability. And the Government’s made it very clear either in relation to manufacturing, space to some extent, and a number of other sectors, that it’s not satisfied. So it’s not about whether I’m happy or not – I’m a loyal servant who turns up every day irrespective of which government is in power. So my level of happiness relates to the fact that our advice is listened to. Different trade-offs have to be made about where that extra dollar should best be spent. There’s obviously some trade-offs that relate to every single marginal dollar. But as a general proposition, whether through supply chain disruptions that have been so manifestly evident through the pandemic, through to some of the supply chain and service continuity issues that are starting to arise through cyber, particularly malicious attacks through cyber, the dependency that you mentioned on foreign space capabilities, that’s very much front-of-mind for government generally.
Now, every dollar is finite so you’ve got to figure out where that marginal dollar best goes, and there’s obviously always going to be competing demands for those dollars. All Western countries – in fact every country – has had to go into very significant deficit support to hold the economy up through the pandemic. That’s going to create more limited ranges of choices in relation to how you might confront some of these issues than if you went into such a circumstance with either surplus budgets or at least very minimal debt.
Now, Australia actually went into the pandemic in strong fiscal circumstances. So that’s stood us in very good stead. So you’ve always got to make a judgement about where that last marginal dollar goes, and does it go into pharmaceuticals, does it go into space, does it go into the next evolution of telecommunications. So we’re already starting to think, in partnership with the telecommunications industry, about what does 6G look like, for instance. So you’ve always got to be making those trade-off dollars.
That said, so holding all of those other variables constantly, space is so infused now into just about everything that we do – whether it’s our banking transactions, our farming, communications and all the other things that have come up in proceedings already and that will come up through the course of today and tomorrow and that I touched on in my speech – I think there is an argument to be made at least for some like-minded collaboration in Australia, of course, in a number of respects, including through a Defence White Paper of a number of years ago which talked about at least sovereign military capability in that regard.
We’re very close in partnership with the US, including a number of capability areas that used to be very highly classified and now over time have become more generally available. I can think, for instance, of geospatial information. When I first joined the Defence Department – I’m coming up to 35 years – I know at this point you’re going to say, “My, you must have started when you were very young, Mike” – so 35 years ago next month. The sort of imagery that we can now get through Google was largely, not exclusively – I still to this day can’t go quite into how much we knew of the Soviet Union at the time. Yes, at this point you’re meant to express surprise and say, “Wow, you worked at a time when the Soviet Union existed.” The commercially available geospatial information now is just so much more broadly accessible.
Now you can assume that military technologies have sort of bounded further and they can do other things in 35 years and someone else sitting here will go, “Wow, when I first joined this stuff was held in highly sensitive compartmented streams of information. Now everyone gets it.” So that’s just the nature of technology evolution.
To answer your question summarily, sovereign capability doesn’t mean only done here; it’s about sovereign access. And whether it’s through Quad, whether it’s through AUKUS, whether it’s through our bilateral arrangement with the Americans, whether it’s through bilateral engagement with countries such as Japan that you mentioned, or whether it’s genuinely vested and solely here – and, of course, with the Australian Space Agency charged with a mandate in that regard – I think it’s a suite of measures. And, you know, all of the above.
CONVENOR: This is the first time I’ve ever sat down to a fireside chat where the interviewee also asks the questions of me. You were very heavy on the cyber security threat. Of course, we’ve seen in recent weeks the Russian ASAT test. We’ve seen more discussion around military capabilities that countries have in space. But it’s very much for you the cyber threat that’s the most obvious or the most pervasive. Why are you focused on that above some of the other threats to space infrastructure?
MICHAEL PEZZULLO: Two reasons: we’ve got a more direct mandate in relation to cyber regulation. So the Department is the regulatory and policy lead for cyber. And then we obviously partner with the Australian Signals Directorate who then deliver the effects. So we’ve obviously got a natural bias, I suppose, to be most concerned. And cyber is becoming a pervasive risk. Let’s face it, whether it’s through the supply chain, including down to the level of physical components, whether it’s through the deployment of malicious code – sometimes latently deployed, sometimes deployed for sort of hit-and-run criminal purposes, sometimes for other purposes – it’s a major risk variable to be focused on in its own right.
If I was wearing a different hat – and obviously there are limits to what can be discussed, and I actually refreshed my memory before I came here because sometimes you read some intelligence reports, you’ve always got to remember which one is on the classified side of your brain and which is not.
CONVENOR: Just tell us the classified stuff.
MICHAEL PEZZULLO: Not a chance. So I reminded myself of the recent US Department of Defense China Military Power Report which came out recently. I refreshed my memory because I thought I’d read it in a non-classified source. They express quite significant concern about counter-space capabilities. It described, for instance, kinetic kill capability, directed energy capability. Now that’s a report on China’s military growth, but, of course, the US Government expressed its views about the Russian satellite kill test as well.
Look, those sorts of activities are reckless, if conducted in the way that they have been conducted. There was a similar test in 2007 that we’re still grappling with. I mean, that debris is a field that has to be tracked. The Russians have created another field. What is especially concerning – and the US has spoken about this in the context of the creation of its Space Force and the doctrine and strategy that’s starting to build around the Space Force – and I draw your attention to a number of US publications principally. That gives me the comfort of being able to say I can speak to public matters, rather than what’s in my brain that’s potentially classified. Counterspace is something that we need to be very focused on. And not simply because of the geopolitical and geostrategic consequence – that is huge enough as it is – but then all of the knock-on impacts it could have for civil applications and, you know, if satellites start being fried in space or kinetically taken down either by a kinetic kill or some sort of grapple, that’s always going to have impacts as well in relation to whether it’s PNT, whether it’s comms and so on and so forth.
So I defer to my colleagues in the Department of Defence and over at Foreign Affairs about the rules of the road as it were, the norms, the space diplomacy that we need to be pursuing, the deterrents and the protection of our access to space through the Defence Department and our wonderful colleagues over at DFAT that pursue diplomatic channels.
My job back on Earth is really the homeland resilience piece, the protection piece. And that’s why we tend to be actor- and threat-agnostic. Whether it’s a space weather event, whether it’s a malicious state action, whether it’s a malicious criminal action, our constant thought process or framing objective is, how do we take a hit, how do we get back online, how do we get those essential goods and services back flowing that are so critical to the running of our economy and to the functioning of our society.
CONVEER: One of the phrases I’ve been hearing more from some of our more military-focused space colleagues is the ability to have a system that gracefully degrades over time. You mentioned we’re at a nascent point in this industry. In many ways the journey we’re sort of going on from a policy point of view, legislation point of view, pretty similar to the journey that cyber has been on over the last five, seven years in government. Enrico Palermo this morning talked about the need for a national space strategy. In your speech you effectively were encouraging us to get the plumbing and wiring right for this industry in terms of how it deals with government.
One of the key issues there is the blurring between civilian space and defence space – so space situational awareness, space situational control. That leads into, for example, your maritime awareness needs, Defence’s, integrated air and missile defence. In almost every other space market you can see a very clear division between civil and defence space. Australia doesn’t necessarily have to make the same choice. What sort of principles should be guiding us when we think about how to manage both civilian space issues and defence space issues for Australia?
MICHAEL PEZZULLO: There’s some guidance that flows from our experience in recent years in cyber – I’ll just go back to cyber momentarily. And this is where I think our Defence colleagues are coming from in terms of the commentary that you just alluded to. I think increasingly the blurring – and it’s not just in space, it has to be said, because cyber is similar – but there are also other domains where the military domain was effectively sealed off. But now, through advances in civil applications and often civil leadership and technology, it’s the military themselves that are actually drawing those benefits back into military industrial development. So cloud computing, to very briefly divert, is a great example of that. The cloud actually came out of the civilian sector, so unlike the 50s, 60s, 70s, 80s and well into the 90s, typically the military did it first and then we got it a generation later, because they did it for either military purposes or the space program itself. And then the diffusion of technology worked in reverse.
What’s typically happening now, with a few exceptions – you know, it would be really helpful if private industry wasn’t quietly developing weapons systems without us knowing about it – but typically a lot of the key components in there especially for connectivity, the software and so on, is actually coming from the civilian side and coming back into military.
So the blurring and the merging of a lot of development pathways is very different from the world that I joined. I mean, I made the reference, and not even half jokingly – it’s quite true – that military access to space was pretty much absolute in the 70s and 80s, and there was almost no bleeding into the civilian sector. I mean, if you cleared for access to satellite imagery, you were the only person who was ever going to see that imagery, because there was no commercial equivalent of the satellites that now create Google Earth or Google Maps and similar.
Now, as you can imagine, those applications on the military side then advance, as they should, because they’re applied in particular ways that you don’t hear about until over time they get declassified because they then bleed back into the civilian world. But what’s changed dramatically over the co of my public service career is that there’s much more of a peer-to-peer partnership on all sorts of technology pathways, development pathways. And there’s just so much available from the private sector that can enrich national security.
So if that frame is right, and I think it is, what that means is that the military needs to think about what its core business is, which largely is about the fighting of other militaries and, you know, that’s what military strategy is all about. And then to the extent that you derive other benefits and purposes – so the great support they provide to us in bushfires and civil natural disasters is wonderful, but they’re not built for that. They’re actually built effectively to fight other militaries and, by being so developed, hopefully you deter the fact that other military is going to want to engage in conflict with you.
So by that logic, I think the line isn’t between the nature of the organisation; it’s between the nature of the function. It’s kind of war, there’s the opposite of war – which used to be called peace, I’m not quite sure what it’s called now – and then, depending on which strategist you read, there’s either a grey zone or hybrid or sort of an intermingling of what used to be, in the Cold War at least, a very binary distinction between a state of war and a state of peace.
And so rather than thinking about the division between the military and the civilian, what we should be thinking about is all tools of national power trying to support prosperity, the unity of our society, its proper functioning, dealing with hazards as they come, short of a war – and that could be a massive cyber attack, it could be physical coercion, it could be foreign interference, it could be espionage – where there’s a mixed military/civilian role to play. So we work very closely with our colleagues in the Department of Defence in the – to use a term of academic art – grey zone or hybrid activities. And then, of course, the military should be allowed to develop its expertise – because that’s what it’s paid to do – in stepping into the lead, God forbid, if we ever get into situations where military operations are required in a state of war.
So I’m just not sure that we’ve got the right language yet. And I don’t think we’ve got the right conceptual boundaries intuitively and instinctively wired into our heads. But we should think less about organisational difference, military and civilian; we should think about functional difference.
CONVENOR: I want to give plenty of time for questions in the room… are there any questions for the Secretary?
AUDIENCE MEMBER: Very pleased to hear you highlight geospatial intelligence as one of the areas that Australia has expertise, and we are country that has been providing those services for 20 years. In that light, are you able to comment on the Request for Information for the Future Maritime Surveillance Capability that was released in 2018. Can you provide any advice to industry when those projects will start appearing, as that’s an area where the Australian space industry has quite a lot of capability.
MICHAEL PEZZULLO: Indeed. And the Border Force Commissioner and I keep a very close eye on market developments. For the moment the Government’s decided – based on advice – that the derivative use that we’re able to rely upon from our Defence colleagues is sufficient when mixed with the more immediate tactical and operational capability that we have through our fixed-wing fleet. But that situation over time is going to change, because the development both of uninhabited vehicles as well as different configurations in space is going to change that equation.
But in terms of persistent, broad-area, continuous surveillance of both broad areas, as well as then more tailored surveillance of focal areas, the Government, on advice, is of the view that the current configuration of arrangements whereby we have good access to both commercial as well as military-grade geospatial information, our fixed-wing fleet which we use in particular patrol sectors, is sufficient for the time being. These things are always a function of ‘if I had more dollars I’d have more capability’. So if I had more dollars I’d certainly spend it in that area. But we can manage the risk that we face in the vast offshore maritime domain that we have with the current mix.
So I can’t promise any early advances there. We are keeping, though, a very close eye on two particular technology vectors – uninhabited vehicles, which, again, we rely very heavily on our partnership with Defence there, but also what’s happening in terms of broad-area ocean. So for us the game is broad-area ocean surveillance. We’re keeping a very close eye on what’s happening in the space sector in that regard.
AUDIENCE MEMBER: Thank you for your talk today and taking questions. One of the concerns that some of the people in the space industry have had with the critical infrastructure bill is how far-reaching it might be. Does it cover everything in the industry? Where do you draw the line? Some of these things are blurred or line-ball calls. So just if I might tease out a few – a bit of your thinking along these lines. Clearly a satellite that provides a military payload and providing military services would fall in most people’s minds within the realm of critical infrastructure. But if that same satellite is carrying commercial payloads are those by definition – maybe they are because the whole bird is carrying a military payload – but I suppose we have a sister satellite that doesn’t have a military payload? Does that fall into the aspect of critical infrastructure?
So if you might give us some of your thinking on how those things are resolved, simply because while the critical infrastructure is a good idea in terms of the government’s assistance, there are some potentially onerous aspects of it for the private industry. So it’s a matter of getting that balance right.
And if I could just add one further aspect to that: how about a start-up? You know, again, they might have some bright new idea that hasn’t yet completely perhaps reached full blossom. But perhaps the internet of things constellations that are starting to emerge, you know, at what point does something trip the line to becoming critical infrastructure?
MICHAEL PEZZULLO: That’s a great question, and I won’t insult the intelligence of this audience by saying anything other than the bill will require a test of catastrophic or significant impact on society and economy. So there are some no-brainers that we’re going to prioritise early – banking payment system, the ability to both generate and distribute power. I mean, we all rely on electricity; the management of our water catchments and dam infrastructure, but from the point of view catastrophic impacts. So the bill won’t for instance, go to questions like water purity, which is already regulated at state level, but it will go to, for instance, a terrorist attack on our water system.
So in those well-developed, deeply mature sectors that are already highly regulated, it will be a question of really working your way through what are those critical pinch points or those critical vulnerability points that an adversary, state or non-state, would want to attack in order to create a catastrophic impact on the nation as a whole.
Space is a bit different. And we knew it to be different when we put it into the legislation. So we parked the sector there so as the sector grows into the slot that we’ve created, to kind of use a space satellite slot management theory, as it grows in we want to work with industry. And it might be initially very little, if any, will be regulated potentially. But not having the sector defined we thought was ill judged and ill advised.
And as to the start-up question, it might well be that – and there’s a number of high technology areas that we’re quite focused in on where there’s a combination of either start-up, you know, in some cases private equity, in some cases public research, in some cases academic research, whether it’s quantum, AI, some of the space technology areas. There’s another part of the bill that deals with sensitive research and higher education. Does that mean all universities? No. But does it mean that we’ll put particular protections in concert with, say, a publicly-funded research institution, a university, or potentially a private company if it meets the thresholds, could we, would we, in partnership create some obligations as well as some government assistance that comes over the top of those obligations which might include, for instance, remote sensing of the most dangerous and malicious cyber payloads that might be delivered.
I won’t raise any expectations in this room other than to say we’re going to be focused on those big sinews of society first – banking, power, gas, water. We have to because you take those things out society seizes up. But as we work through each sector it’s really a question of marking the spot for the future. And I think space is more in that category.
Now, if I was a US legislator, if I was looking at a security of critical infrastructure bill as an act of Congress and if I was in Homeland Security or the CIA or the US DoD, I’d probably take a very different view of space infrastructure. I’d be looking at launch systems, I’d be looking at the PMT system, I’d be looking at GPS, which obviously has got a lot of protection around it from a military point of view in any event.
So I think as Australia scales up I think the partnership between the department and the sector will need to scale up. And I think we’ll get very – I’d like to be very surgical and very deliberate in how we go about making assessments. Because if you cover too much ground you end up wasting a heck of a lot of resources protecting things that don’t need to be protected and you start to dilute the firepower that you do have. Because you either create unnecessary obligations on the private operator or you spread your government resources too thinly.
So we’ve created the sector of space in the bill quite deliberately as a for-development piece. And I’d like to say it’s a great audience to promulgate this message. Hamish, you’re in the audience; you’re hearing the guidance live. It is one where we want to edge into it, not because we’re overly cautious or, you know, we don’t really understand the sector. It’s just one that doesn’t need heavy boots. And it might never need heavy boots. Whereas other things – getting water to people, getting banking services to people, which themselves could well be space enabled, but typically from offshore – so we’ll work in partnership of other providers of critical infrastructure to harden up their infrastructure protection so that we get the benefit of that. That’s how we think of the space sector definition in the bill that passed last week.
CONVENOR: Thanks, Secretary. And I think in our conversations with the Department our understanding is that that awareness of the cost imposition for our companies is there and the presumption is more that space will be switched on selectively as need be rather than blanket switched on. I think we’ve got time for one more question and then I might ask a final question of the Secretary.
AUDIENCE MEMBER: Mike, thanks for your comments. There’s been a lot in the media over the last year or so about sovereign capability, particularly in light of Covid, sovereign industrial capability, industrial complexity etc. Most stations see sovereign capability as, you know, owned, operated and controlled by citizens of their respective nations. I find it really difficult to get a clear definition of “sovereign capability” from the Australian government. I’m just interested in your views.
MICHAEL PEZZULLO: Well, I just draw your attention and particularly to the work done last year in relation to modern manufacturing, in relation to pharmaceuticals and a number of other sectors. The government certainly does not – and [others] can speak to the space sector much more eloquently than I can – the government doesn’t start from that proposition. It’s about assured access. And I mentioned earlier other international trusted arrangements – whether it’s AUKUS, whether it’s derivative from the Quad, whether it’s derivative from bilateral relationships such as the bilateral science and technology relationship that we’re evolving with the government of Japan, for instance – it’s assured access, not necessarily everything being here. Because if you get to a point where everything has to be done on your soil, only by your citizens using materials that you exclusively have, then you’re North Korea, and that doesn’t work so well either.
So there’s somewhere between complete globalisation, just-in-time delivery with an assumption of reduced marginal costs because of on-time delivery through globally available supply chains right through to being completely autarchic. There’s a sweet spot in there. And, yes, it is about seeding a lot of capability here, whether it’s in relation to space, pharmaceuticals – of course, the government’s got a major initiative in relation to vaccine manufacturing capability obviously driven in part through Covid – and there are other areas where we’re seeking to capitalise on very strong native or indigenous cyber security industry to help with some of those obligations that companies are increasingly seized of. But that’s not to say that other configurations of capital investment, sourcing capital, sourcing talent – I made reference myself to people being attracted here through our global talent program who are currently citizens of other nations who we encourage to come here as permanent residents initially with a pathway to citizenship.
So it’s not about sealing Australia off; it’s about being risk-savvy and conscious of how to get the best level of assured supply with your most trusted partners and, regrettably – because the experiment of, you know, totally open globalisation that was tried in the ’90s after the fall of the Soviet system proved to be illusory – now some people might have said it was never going to work and others have said, “Well, we gave it a good run through the ’90s but it sort of fell apart thereafter” – whatever the historians end up saying about that period, we know that that doesn’t deliver the surety of supply, the surety of services that were I think in all of our minds’ eyes in the early ’90s. So we need something between completely open globalisation, which has got, frankly an ill-judged and brute view of global risk, versus something at the other end of the scale where there everything is done here completely because, as I said, that looks strangely like North Korea.
CONVENOR: I want to re-emphasise that message on global talent. We’ve had a number of engagements with the Secretary’s team around global talent visas. They’ve moved very quickly. And if you have critical talent you need to get into Australia to build our space capability, that could be turned around very fast and they’ve helped out with a number of those.
Secretary, last question before we thank you and let you go back to your busy schedule. It’s about the technology that you’ve seen in your position. You know, this is an exciting time. You spend most of your time thinking about technology that we need to be worried about, but is there a single piece of technology or a single technology area you’ve seen that you’re excited about that you think holds the most promise for Australia?
MICHAEL PEZZULLO: That’s a great question, and at the risk of starting another hour-long discussion – and I’m by training neither a quantitative person nor a scientific person; I’m an historian by training – but the incredible applications that are already becoming evident through AI are the thing that strike me all the time. I mean – and I’ll end on this note – I peppered my remarks earlier with just describing to you how ancient I am. When I joined the public service, very hierarchical, and not to speak ill of the people who mentored and supervised me, but not very inclusive, not very diverse. It didn’t look like this kind of audience. And, yes, there were very few women, particularly in the security agencies that I worked in in senior positions.
But information flowed in a very structured fashion. So when I was a newly minted intelligence analyst and I thought I had a great career ahead of me as a Soviet military affairs analyst, and then they disappeared 18 months later I thought I was out of a job. You couldn’t draw information in. There was no equivalent of a search function.
Now, to a lot of people – probably about half the people in this audience – they’re thinking, “Like, this guy is from the medieval ages”. So there was – you had to book time on to mainframes. You had to rely on what our great administrative and research staff put into your box. And it was actually a box. Like, you’d go to a pigeonhole and I was a very enthusiastic officer, so I’d race down. Some of the more cynical and world weary analysts would sort of take their time, but I’d sort of race on down and, “I’ll take your box as well and I’ll go through it as well”. And you’d get signals intelligence or human reports or open-source reports, and it was all curated for you.
Analysts put it there and people would exercise really good judgement about what you might need, and then there’d be this learning process. We’d say, “Give me more”. I always used to drive the clerical staff mad because I always – for every one bit they gave me I’d say, “Give me 10 more of these things”. And that wasn’t artificial intelligence; it was human intelligence. There was a pace and a scale that was kind of fitting with the technology that we had.
What it also meant was that the contestability, the diversity of thinking itself was stymied because you’re going at the pace at which your box is being filled and requests for information were going out. As I said, you’d have to book time on to mainframes to actually look up other reports. And to just show you just how ancient I am, I reckon Air Vice Marshal Deeble is the only person who can remember – sorry, Chris, I’m ageing you as well – we didn’t have anything on our desk to write reports on. You’d write them out longhand.
Now, half the audience has just gone, “What?” And you would take them to a typing pool. So you’d go to the – we worked on a particular floor in the joint intelligence organisation, so you’d go to a particular typing pool where the typists were cleared to the highest level of access, because we were working with the space-derived intelligence. And the trick was always never hit them up just before their break and always be nice. And, strangely enough, you’d sort of work out that’s just human relationship management, right?
But my point is, think of the situation now. So in the case of my own family, I’ve got a couple of children in the public service and just the wonderful staff that we have who are the same age are roaming over open-source information, whether it’s internet available or whether it’s on the secret network or the top secret cloud. They’re applying critical reasoning, they’re applying – they’re working with coders to run, you know, algorithms over that information, stuff that – you know, we were 23, 24, 25, algorithms? – and they’re applying AI and they’re very intuitive with it.
And the wonderful thing about our terrific workforce is that they come into the job typically digitally intuitively native. They’re already there because in their personal lives they’re been curating information. Now, there is flip of that – you don’t want to be too lazy and just be relying on the feed that’s coming at you. So we’re constantly looking out for inquisitive people who can go out and get that information. And I just think in my lifetime the combination – now, I’ve touched on a couple of different things there. One is, you know, data science and just how data sets are configured and made available to our analysts and then applying smart AI over the top to find patterns and to discern information.
I think – now maybe it’s just I’m so ancient that I can remember a time where you had typing pools and typewriters –that’s what’s stunned me. Just the access to data that our staff have, their ability to manipulate that data, their ability to discern patterns, and their ability at relatively young ages compared to what, you know, we were, to come up with insights. I think part of the trick of leadership today – sort of into a different topic now; it’s more about strategic leadership and growing the capability and talent of your officers – is actually have the voice to not presume that because of your extensive 35 years of wisdom you’re going to have the answers.
Typically what you’ll be able to bring is some guardrails that, “I’ve made that mistake before,” and typically wisdom is just code for, “I made that mistake but I got away with it.” And so there’s a nice partnership between the wisdom of experience and just this incredible capability that our younger staff members have. And not so young, too. I apologise to any colleagues in their 40s, 50s and 60s who say, “I’m a digital native.” Don’t believe it because they were growing up at the same time I was. Believe me, there was no machine on your desk, I can assure you.
Sorry, very long-winded and somewhat discursive answer to your question. But, yes, data AI and the power of fusing that with critical thinking, creative thinking and strategic imagination. It just gives us a capacity to derive insights and to develop options to deal with the most difficult problems that we just didn’t -- couldn’t dream of when I first started 35 years ago. So we’ll end there because otherwise we’ll go back into the Old Testament – we’ll keep going backwards in time.
CONVENOR: No, a long answer but a very thoughtful one. Look, we’re very grateful for the work that you do. You’re a great servant of the Australian people. You keep us safe so that we don’t get sent back to a time where we’re all relying on typists’ pools. But, ladies and gentlemen, would you please join me in thanking Secretary Pezzullo.