In an era of escalating strategic competition, the effectiveness of Australia’s government and national security apparatus hinges on its ability to use information with precision and agility. Yet, the very systems designed to protect sensitive information are at risk of becoming cumbersome impediments. Australia’s approach to the management of security classifications creates an environment that accumulates inefficiency and risk.

This is not just about over-classifying material. It is a symptom of a deeper challenge: a default to secrecy, often without a clear understanding of an information asset’s purpose or true sensitivity. This manifests as a drag on national capability, hindering the collaboration and agility required to navigate a deteriorating security environment.

The consequences are profound, paradoxically creating new security risks while trying to mitigate old ones. When everything is treated as a secret, it becomes difficult to protect what really must be kept hidden. Classifying too much information at high levels can dilute focus, creating noise that obscures genuinely critical intelligence and stretches resources thin.

This problem directly impacts the usability of information, a key theme in the 2024 Independent Intelligence Review.

Over-classification and the proliferation of complex caveats restrict the flow of information between agencies, stifling the analysis and innovation needed to tackle complex threats. This is particularly acute at the seams between the core intelligence agencies, which often operate at Top Secret by default, and the rest of the National Intelligence Community and broader government, which must use this intelligence to act.

In addition, the demand for higher security clearances than necessary creates a costly and inefficient human resources bottleneck. It not only exacerbates vetting backlogs but, more crucially, it shrinks the talent pool. Relying on a tiny fraction of the population makes finding the most skilled candidates less likely: it forces a choice from a group that may be less skilled and diverse than the broader workforce and is always more costly.

And an organisation that does not actively manage its classifications creates a culture where the workforce loses the ability to discern between what is genuinely sensitive and what is not, leading to risk aversion and a default to over-classification.

Addressing this issue is not straightforward. The challenge has been magnified in the digital age by the problem of aggregation, whereby collections of lower-sensitivity material become highly sensitive when combined. This makes broad access to electronic holdings a significant risk, as demonstrated by the Snowden affair.

Furthermore, a significant proportion of Australia’s most sensitive intelligence is provided by allies. Its classification is not ours to change, placing a hard limit on any unilateral declassification efforts.

These complexities do not, however, excuse inaction. Instead, they demand a more sophisticated approach. For example, the strategic declassification of intelligence by the United States and Britain regarding Russia’s invasion of Ukraine provides a powerful lesson. The information was not initially over-classified; rather, its purpose evolved. It was made usable to counter disinformation and shape the strategic environment. This highlights that information management must be dynamic and driven by purpose.

Australia needs to shift its thinking from a static, paper-era approach to a dynamic one of digital-age risk management. The goal is not reckless declassification but achieving a more effective balance through superior management.

In rethinking its approach, Australia should consider the use of information, the balance of security and agility, governance and new technologies, and cultural understandings of classifications.

Firstly, the guiding principle for managing information should be its intended use. Australian government agencies must build in a disposition towards sanitisation by default, consciously creating versions of intelligence products suitable for various users and purposes from the outset. Intelligence must inform a decision maker.

Secondly, the current framework needs to be balanced against a net-security approach that weighs the operational benefits of sharing information against the risks of compromise. Our worsening strategic environment demands both enhanced security and greater agility; these drivers are in tension, and a rigid, peacetime framework cannot effectively manage that tension.

As it is impossible to manually review the vast holdings of classified material, the government should focus on strengthening governance for newly created information and using technology, such as AI-driven tools, to assist in triaging and reviewing high-value legacy data. The forthcoming Top-Secret cloud will be a critical test of this, offering opportunities for better segmentation but also new risks if not managed carefully.

Finally, intelligence leaders must drive a cultural shift that sees accurate, risk-managed classification not as a compliance exercise but as a direct contributor to enhanced organisational performance and security outcomes. This means rewarding appropriate information sharing and usability, not just the avoidance of security breaches.

By moving beyond ingrained habits and embracing a more dynamic and purpose-driven approach to information management, we can ensure our security framework protects what truly matters while enabling the agility and collective effort needed to secure Australia’s interests. The government’s $2 billion investment into the Australian Signals Directorate and Amazon Web Services to create a Top-Secret cloud presents an opportunity to rethink how and why we classify material.