Introduction into Security Threats

Security vulnerabilities (and associated risks) cannot exist in the absence of a threat. Identification, examination, and assessment of Threat Sources (also known as Threat Actors), and threat acts is, therefore, key to managing security risk. Further, understanding security threats involves a process of analysing and defining the capability and intent to carry out specific acts.

A security threat is anything that has the potential to hinder or prevent the achievement of objectives or disrupt the process that supports them. Threat capability is a combination of knowledge and resources, and intent is a function of desire and expectation of success. Common examples of personal or altruistic threat act motivation include:

1. Seeking vengeance;
2. Furthering interests;
3. Gaining attention or facilitating a cause or ideal (including terrorism and environmental/political issues);
4. In the current threat environment – extremism and radicalisation;
5. Pecuniary advantage and prevention of loss or harm (self and close associates);
6. Pathological or psychopathic disorders (including fixated persons); or
7. Influencing third-party decisions.

Generally speaking, security threats, as distinct from safety hazards, tend to be derived from human sources, rather than those arising from the natural environment and depending on the context and scope of security risk assessments, can be categorised into six types. The Threat Acts are outlined in more detail below.

1. Serious and Organised Crime

The essential components of an organised crime group are defined by the Australian Institute of Criminology as “a structured group of three or more persons, existing for a period of time, acting in concert with the aim of committing serious criminal offences in order to obtain some financial or material benefit. As such, organised crime requires three or more persons to come together for the execution of their common purpose.”

Organised crime impacts the lives of Australians in many ways. It is a national security threat that is destructive, pervasive, and sinister, costing Australia up to $47 billion each year (ATO estimates). Statistics attributed to organised crime are detailed within the enclosed crime statistics. Approximately 70 per cent of Australia’s serious and organised crime threats are based offshore or have offshore links.

Serious and Organised Crime is transnational in nature, technology-enabled and increasingly functions as a business relying on professionals to help launder ill-gotten gains by setting up structures to place, layer and integrate funds. Organised crime harms the Australian community, economy, government, and way of life. One of the distinguishing characteristics of organised crime is the extent to which it intermingles with non-criminal domains of society.

The Australian Federal Police characterise serious crime by one or more of the following factors: serious offences against persons, property, or government; organised criminal activity; significant political or public interest crimes which are multi-jurisdictional and/or transnational in nature; investigations that involve a large number of documents or exhibits; and investigations which require the commitment of substantial funding or resources.

2. Violent Crime

Violent crime is generally defined as including the offence categories of homicide, assault, sexual assault, and robbery (both armed and unarmed). Politically motivated violence also falls within this threat source category, as well as non-terrorism related attacks with a firearm, improvised weapon – such as a knife – or vehicle attacks. Organised crime is also widely linked to violent acts. Assault is the most common form of violent crime, with rates of recorded assault across Australia increasing steadily over the past 10 or more years.

Violence is a key factor in competition between organised criminal groups operating in the same criminal markets. This means the levels of violence among criminals tend to and flow depending on the number, size and ‘strength’ of the groups in any market, as well as the size and profitability of any given crime market. The frequency and the type of violence used depends on ethos and the crime market involved.

3. Trusted Insiders

For companies and other organisations, sometimes the greatest threat comes from within. Anyone who understands the inner workings of a certain corporate entity or government organisation can feasibly cause harm. Malicious insiders are those who have privileged access to information, technology, or assets, and who deliberately exploit their access in ways that compromise commercial or national interests. Insider threat actors can include current employees, former employees, contractors, service providers or someone working for a business partner.

Essentially, trusted insiders are categorised into two distinct types:

1. Malicious. There are two types of malicious insiders:
   (i) Self-motivated. Individuals whose actions are undertaken of their own violation.
   (ii) Recruited. Individuals co-opted by a third party to specifically exploit their potential, current or former privileged access.
2. Unintentional. Trusted employees or contractors who inadvertently expose or make vulnerable to loss or exploitation, privileged information, assets or premises. Terrorism and Violent Extremism

Violent extremism involves individuals or groups seeking to change society or a government’s policies by threatening or using violence to achieve an ideological, religious, or political goal. Similar to terrorism, Violent extremism involves individuals or groups seeking to change society or a government’s policies by threatening or using violence to achieve an ideological, religious, or political goal. Generally, the phenomenon of violent extremism is regarded as being broader than that of terrorism.

Extremist groups claim to offer ideological alternatives to the narrative of free markets, democracy, and multicultural diversity, namely ones that offer empowerment, order and security, with violence as a tool for imposing this view on wider society. Therefore, violent extremism encompasses a wider category of manifestations than terrorism since it includes forms of ideologically motivated violence that falls short of constituting terrorist acts.

In early 2021, ASIO adopted new terminology to describe terrorism and violent extremism to ensure it remains fit for purpose in an evolving threat environment. The framework uses two overarching descriptors for violent extremism – ideologically motivated violent extremism (IMVE) and religiously motivated violent extremism (RMVE).

4. Petty Crime

The threat of petty theft – types of crime not considered serious when compared with some other crimes – is an ongoing concern for most organisations in Australia. Generally, crime associated with petty criminals varies significantly from location to location, with many incidents being a result of offenders transiting from suburbs within the vicinity of specific areas using public transport or personal/stolen vehicles. Illicit drug use and associate crime including theft, robbery, break and enter and abuse/low-level assault, are key aspects of petty crime.

However, it should also be noted that petty criminals may well be elevated into the violent crime or serious and organised crime threat type categories where they perpetrate a crime that crosses the threshold between irritating, low level acts, and those that are more serious.

5. State Sponsored Espionage

Espionage is the theft of Australian information by someone either acting on behalf of a foreign power or intending to provide information to a foreign power that is seeking advantage. Espionage can target defence, political, industrial, foreign relations, commercial or other information that is usually otherwise unavailable to the foreign power. Any privileged information not usually found in the public domain can be of interest to foreign intelligence services. Aggregating information on a state’s economic position and decision making is a core task of foreign intelligence services; foreign powers have an interest and desire to coerce and manipulate Australian Government, business, and individual decision-making to benefit their political, economic, and commercial interests.

One of the most insidious features of both espionage and foreign interference is that even a small level of activity can have severe consequences which take years to be realised.

Regardless of the methods employed by hostile services and nation-states, Australia is currently the target of sophisticated and persistent espionage and foreign interference activities from a range of nations. Intelligence agencies recently described the level of threat currently faced within Australia from foreign espionage and interference activities as unprecedented; and higher now, than it was at the height of the cold war.

6. Cyber Crime

Cyber-related offences present a significant threat to Australians. The nation’s relative wealth and high use of technology such as social media, online banking and government services make it an attractive target for serious and organised criminal syndicates. Lucrative financial gains by serious and organised crime syndicates ensure the persistence of the cyber crime threat.

There is no universally accepted definition of cyber crime; however, in Australia, the term ‘cybercrime’ is used to describe crimes directed at computers or other information communications technologies (ICTs) (such as computer intrusions and denial of service attacks), and crimes where computers or ICTs are an integral part of an offence (such as online fraud).

A key element of cyber crime is what is widely referred to as a “Hacker”. Hackers are individuals or groups who attempt to gain unauthorised access to a computer system. Some cybercriminals are organised, use advanced techniques and are highly technically skilled. Others are novice hackers such as “Script kiddies” who are young individuals who are learning to hack; they may work alone or with others and are primarily involved in code injections and distributed denial-of-service attacks.

Understanding and considering Security Threats

Identifying, rating and reducing security risk is dependent on understanding the nature of relevant security-based threats (the source of the risk), and how they interact with important elements such as the community, organisational critical assets, control measures, and policies and procedures etc. By considering the types of threat and motivation, a range of credible threat scenarios can be developed, and by additionally examining the threat sources’ capability and intent, an estimate of the likelihood of current and emerging threat can be made; thus informing associated risk assessments and encompassed mitigation strategies.