Australia's Department of Home Affairs focused on untangling its data problem

The newly shaped superministry is working through its data problem while coming to grips with being understaffed and operating 20-year-old systems run on a mainframe.

The Australian government last year created the Department of Home Affairs by merging the majority of its enforcement agencies under one roof.

The superministry comprising the Australian Security Intelligence Organisation, Australian Federal Police, Border Force, Australian Criminal Intelligence Commission, Austrac, and the office of transport security, is led by Peter Dutton, who was the minister in charge of the Department of Immigration and Border Protection (DIBP).

DIBP was also the result of a merger between the Department of Immigration and Border Protection and the Australian Customs and Border Protection Service only a few years prior.

With all of the departmental mergers and Machinery of Government (MoG) changes, it comes as no surprise the new department finds itself with a spaghetti bowl of data.

According to Tom Bryan, assistant secretary at Home Affairs' Intelligence, Identity and Biometrics Systems Branch, the department is faced with the challenge of bringing all of its data together in a way that benefits all of the parties that need to be fed.

Bryan told the 4th Australian Government Data Summit in Canberra last week he was appointed by DIBP to establish a branch to centralise the delivery of data information to the department to support the establishment of central intelligence and identity management capabilities.

But now, Home Affairs is a much larger beast, comprising what he called a "mish-mash of everything you could possibly think of".

He said the government took a look at a lot of the new department's functions and thought there was plenty of crossover to make a seamless transition. However, it wasn't as easy as that; Bryan highlighted that even the visa compliance officers and the visa processing officers -- two seemingly similar functions -- aren't ever going to talk to each other.

Another challenge for this new superministry is that its volumes are increasing and the cyber threats are growing as well.

"In typical fashion, we're running 20-year-old processing systems ... which are all very manual, there's a bit of automation in there, but we've got a pretty heavy relationship between more stuff, more people -- which works fine, but we don't have enough people and we're not going to get more, so we're sort of caught-up," he said.

"We could automate the hell out of everything, but there's a trade-off to be had -- we miss a lot of stuff.

"It's a fundamental trade-off which runs through most of the department: One of facilitation and less of detection."

To Bryan, the solution is enterprise data.

"We're not going to cross-train everyone and have everyone talk to each other to ensure the lessons are learned -- the connection's the data. It's the only place we'll be able to say we can link these two together in a meaningful way," he said.

"All of those functions know how to run their own operational systems, run their own operations, a police officer or law enforcement officer or customs officer, visa processing officer ... some working in policy or critical infrastructure are not going to blend themselves together in a day-to-day way to connect the dots. They'll run how they run because that's what they need to do and they need to connect the data."

Home Affairs boasts one data platform comprising "lots of bits". And with Bryan noting his department goes the "hard way for just about everything", its data acquisition program has taken a while to get going.

"We've got a production line now, we get lots of data, 50-plus or so primary data sources ... but there's lots of tables, lots of columns, we have some very, very complex mainframe systems -- a lot of our processes are run on mainframe systems and we've got lots of them," he added.

"A lot of them we bring in real-time -- well as close to real-time as we can -- so we're very quick at getting most of this data as fast as we can, obviously there's a lot of it."

Bryan said that although the department was a little naive when it started the program in terms of how much work it would actually be, Home Affairs is slowly getting its head around it. However, the superministry is playing the dangerous game of what should go where, and for what purpose.

"This one can turn into a religious article if you're not careful ... it can splinter your groups and splinter your organisations," Bryan added. "We managed to do that pretty well in terms of getting some good barneys going, which we could have avoided by thinking it through a bit more, but we're working those through -- remember, we're doing things the hard way."

Previously, if a staff member wanted to find an individual, they'd have to search up to 70 different systems, load it into a spreadsheet, and then figure out which ones were the same.

The Department of Home Affairs appointed its first chief data officer last month, scoring former general manager of statistics at the Australian Prudential Regulation Authority (APRA) Steve Davies.

"He's a bit freaked out at the scale of what he needs to do," Bryan joked.

"The challenge we have is everyone wants to do everything differently; every one of those has different requirements; they all actually want the same data, but they want to use things very differently."

In an Australian National Audit Office (ANAO) security probe released last March, DIBP was found as having insufficient protection against external threats, and was under the belief it was doing better than it was. To add insult to injury, DIBP was ranked below the derided Department of Human Services that concocted the robodebt system, and alongside the Australian Taxation Office.

At the time, DIBP said its systems had become more complex since its inception in 2015, and was only two years into an IT investment program.

"In comparing DIBP with the agencies, subjected to this audit is important to recognise the relevant position of each agency on the ICT investment curve," DIBP said previously. "This in turn has a direct implication and relationship to the maturity of their respective cybersecurity initiatives."

The ANAO though, seemed to disregard the excuses of DIBP.

"Since the first audit in 2014, all three entities have undergone strategic business changes, such as machinery of government changes or upgrading and transforming core ICT systems that support government service delivery," it said.

"These changes are common in the public sector landscape and entities must maintain business continuity, including ensuring the integrity and availability of their systems, data, and information."

But Bryan sees light at the end of the tunnel for the newly formed department and its data program, noting that communication between teams is key.

"We really haven't nailed how to do that ... there's a real challenge in being able to drive those changes and get to the bottom of what the real issues that need to be resolved are," he concluded.

With all of that in place, when asked what he would do if Home Affairs was to get "mogged" apart, Bryan said there are some things he just doesn't want to think about.

Related Coverage