When our information is compromised, it can damage Australia’s international security reputation and put the lives of Australians at risk. Australian information is a high-value target because of our:
- strategic position and alliances
- leadership in science and technology
- industrial capability, workforce and resources.
A key priority for Defence security is to prevent the unauthorised disclosure of information. Hostile activity against the Australian Government, defence industry and private sector systems continues to increase.
You must assess your information appropriately, to ensure it is properly protected and easily accessible by the people who need it. Unauthorised access or release of Official Information must be reported to your Security Officer. A Security Report will also be required.
The Commonwealth’s Protective Security Policy Framework (PSPF) updated Australia’s protective markers and classifications in October 2018. These changes simplify the assessment and protection of Official Information. They also align with the Australian Government Information Security Manual (ISM).
Defence is working to update all ICT systems, applications and infrastructure platforms to implement the new updates by October 2020.
The updated classification system now has six* levels:
- UNOFFICIAL – no change
- OFFICIAL – replaces UNCLASSIFIED
- OFFICIAL: Sensitive – replaces FOR OFFICIAL USE ONLY (FOUO)
- PROTECTED – no change
- SECRET – no change
- TOP SECRET – no change.
*Note: Use of the CONFIDENTIAL classification has been discontinued.
When you are assessing information, you are thinking about how much damage the information could cause Defence, if it was compromised.
Ask yourself the following questions:
- How sensitive is the information?
- Who is going to receive or access this information?
- What damage will it do if it is compromised?
- If you over-classify the information, could a military operation fail if the information is needed urgently?
Appropriate access to Official Information enables Defence to operate effectively and efficiently. This can be significant when information sharing is required with other countries or agencies.
You must assess the information each and every time before applying a protective marker.
Information security markers and classifications allow Defence to share and exchange information with confidence. It is a well-known system, which enables the consistent application of protective security measures.
When you mark information with a protective marker or classification, you are identifying how sensitive or important the information is. You are indicating who should have access and how the information must be handled.