Published on the 01/03/2023 | Written by Heather Wright

Starting with not putting your security clearance on LinkedIn…

Never mind about TikTok.

The head of Australia’s national security service/spy agency, really, really wants people to stop putting their security clearance on their LinkedIn profile.

Delivering his fourth Annual Threat Assessment recently, Mike Burgess, Director-General of Security for the Australian Security Intelligence Organisation (ASIO), warned that the country is facing ‘an unprecedented challenge from espionage and foreign interference’ and said he wasn’t convinced Australian’s as a nation fully appreciated the damage to security, democracy, sovereignty, economic and social fabric.

“These people may as well add ‘high-value target’ to their profiles.”

He outlined a ‘complex, challenging and changing’ security environment with threats emerging from new places – including foreign powers simultaneously interfering, spying and setting up for sabotage – increasingly sophisticated adversaries and shifting geopolitics, emerging technologies and social trends including online radicalisation and growth in extreme views, conspiracies and grievances.

And while he got in a quick job recruitment push for the ASIO (should you be interested he says there’s a diversity of roles available with the agency ‘always on the lookout for creative thinkers who want to make a difference’), putting your security clearance on your LinkedIn profile won’t win any fans at ASIO.

In fact, he used it as an example of how Australians need to lift their game in taking security seriously.

“For some time I’ve been warning that foreign spies are targeting Australians on social media,” he says.

So Burgess had his team run a check to see if that message was getting through. Apparently, it has – to a small degree only though.

“I asked my team to quickly scan the best known professional networking sites.

“They identified nearly 16,000 Australians publicly declaring they have a security clearance, and one thousand more revealing they worked in the intelligence community,” he says.

While the figures are down on 2021, when more than 22,000 Australians were announcing their access to classified information via their profiles, Burgess isn’t impressed.

“I appreciate people want to sell themselves to prospective employers, and may need to mention they have a security clearance, but doing it on a professional networking site is reckless.

“These people may as well add ‘high-value target’ to their profiles.”

Burgess was scathing in his assessment of those broadcasting their security clearances, saying he didn’t know what was more disappointing ‘that people who presumably understand the threat don’t seem to care about it, or that individuals trying to promote themselves as security professionals are so unprofessional about security’.

And it’s not just the employees themselves Burgess is unhappy with.

“Security managers and clearance sponsors have obligations as well,” he notes.

He says since the announcement of AUKUS there has been a ‘distinct uptick’ in the online targeting of those working in Australia’s defence industry, with spies also turning their attention increasingly to non-government employees and former clearance holders, who don’t have the same security support and reporting obligations, leaving them more vulnerable.

Burgess also touched on the issue of insider threats, saying ASIO is stepping up its work with government, business and industry to counter such threats.

“For someone in the human intelligence business, a well-placed, compliant insider is the ultimate prize – like the defence employees approached in a Canberra bar by two women who wanted to know everything there is to know about [satellite surveillance base] Pine Gap.”

In that case the employees ‘resisted’ and reported the contact, he says.

It’s not just defence employees Burgess says are being targeted. He says in the last year multiple spies from multiple countries have been identified developing and trying to leverage relationships with government officials, bank workers, doctors, police employees and other professionals to obtain the personal details of perceived dissidents, in an effort to enable foreign interference.

Insiders can also unintentionally disclose information. Burgess cited the example of an Australian businessperson travelling overseas who connected their work laptop to a hotel wi-fi only to have company IP stolen and used to make cheap imitations of the company’s products –costing the business millions of dollars in lost revenue.

“The threat environment I’m describing means that Australian individuals, governments, business and industries must take security seriously,” Burgess says.

He says while the national security culture is ‘relatively mature’ evolving threats mean defences too must evolve.

Security of physical environments is done well, and there’s been an increase in focus on cyber security.

“What is often overlooked is the third pillar of security: People.

“The best physical security in the world is useless if an employee turns off the camera or fails to lock the gate. A-grade cyber security can be undone if an employee uses ‘password’ as their password or allows remote access to a system,” Burgess notes.

“Security is a shared responsibility. We need all our stakeholders to help make Australia a more difficult and expensive place for spies to operate in.”

And that includes removing your security clearance details from your social profiles.