A review of secret classification domains conducted in 2011 by the Australian Government and released this week under Freedom of Information laws, has revealed a proposal to move security agencies to a shared infrastructure and systems model to cut down on costs and improve efficiency.
Within government, there are various classification levels of IT systems within departments, the highest being the so-called "secret domain" systems. The office of the Prime Minister ordered a review of the government's secret ICT domains in 2011, a heavily-censored version of which was released to The Canberra Times by the Department of Prime Minister and Cabinet last week, which was posted online yesterday. The review was conducted by the Office of the National Security Chief Information Officer and consultant Frank Lewincamp.
The report noted that the different levels of security classification for agencies' data made sharing information between agencies in a timely manner difficult, as it required information to be re-classified before it was shared with another agency.
The report outlined a vision for a consolidated secret IT domain, where agencies can share and access information across the government, and have real-time collaboration with standardised tools. The report states that the government should have interoperable, secure and reliable ICT and consistent standards across all agencies, regardless of the security classification.
More than anything, the investment in IT for these agencies should represent best value for money, the report stated.
The report stated that the starting point for federating secret domain systems would be the infrastructure layer, bringing together the telecommunications contracts, networks and servers and reduce "the number of outstanding systemic issues related to governance, business process and the diversity of applications".
With an enhanced suite of data management tools across the secret domain, the government would be able to achieve "significant savings" in data storage, according to the report.
Overall, moving towards a shared services model for the secret domain in government would simplify security of the information held in the secret domain and provide greater value for money for investment in ICT, by reducing transport, infrastructure and service costs. It would also reduce the cost of IT through economies of scale.
However, smaller agencies noted that, because they don't require the same levels of service as the bigger agencies, getting services from just the one provider could end up costing more.
The report recommended that the government look at encouraging re-use and sharing of ICT assets, develop information management and communication sharing programs, establish an ICT testing environment for agencies to test updated or new products to ensure they fit with the secret domain, and establish central oversight of ICT expenditure on the secret domain.