From naval bases in Western Australia to training grounds in Queensland, the spread of Australia’s Defence infrastructure has introduced significant logistical challenges. But it’s not just about transporting people and materials. The increasingly common practice of using distributed workforce models – where infrastructure design teams are spread across cities, countries and continents – has created a new virtual environment.
At the core of this shift are two interrelated concerns: how to manage design teams that are rarely in the same room and how to protect the sensitive data that flows between them.
Global alliances and a borderless design environment
A growing number of defence contractors and consultancies now manage project teams that span not only state borders, but international alliances – including the nation’s AUKUS and Five Eyes partners. While this opens up access to global expertise, by enabling Defence to work with those companies that have delivered technology groundbreaking infrastructure for its overseas partners, it also increases risk.
The risks aren’t hypothetical. As teams work across national lines, exposure to threats continue to arise from unpatched or legacy software, endpoint vulnerabilities and inconsistencies in data governance. Even small differences in licensing, system versions or software compatibility can cascade into security weaknesses and operational delays.
However, global multidisciplinary design and engineering firm Stantec has a solution.
According to Louisa Bloomer, director of digital technology Asia-Pacific at Stantec, mitigating these risks begins not with software, but with structure and governance.
“You need a clear policy in place,” she says on a recent Defence Connect podcast. “Something written down that sets out how digital collaboration will be managed to keep the project, and Defence information, secure.”
This clarity, Bloomer says, must go beyond high-level statements. It needs to address the full spectrum of data management – from user permissions and access rights to formalised policies and cross-border standards.
“It becomes incredibly important when you have an engineer sitting in the UK, a specialist sitting in the US and designers in Australia,” she says. “How they interact and share information needs to be agreed right upfront in that project.”
Even for simple infrastructure projects, a governance framework – whether a data-sharing agreement or a detailed execution plan – can help prevent security breaches and regulatory missteps. But for more complex projects, particularly those involving classified information or capabilities tied to the AUKUS agreement, the risks are far more acute.
“Policies trigger a pause moment,” Bloomer says, “especially when aggregating data sets that take us into the realm of sensitive information.”
This pause is critical not only for compliance but for safeguarding Defence’s trust. Tony Rogers, market leader for Defence at Stantec, added that processes must flow from top-tier contractors down to the smallest sub-consultants.
“When we’re pulling together a design team for Defence, whether internal or working with sub-consultants, we go back to our data standard operating procedures,” he says.
One of the key enablers of this is DISP – the Defence Industry Security Program – accreditation. “If our sub-consultants are DISP-accredited, that makes it easier to integrate them into our processes,” Rogers says.
In a world where sensitive information could relate to submarine basing, joint operations or national security infrastructure, even minor errors can become major liabilities.
AI – a tool or a risk?
The conversation around distributed design teams also intersects with the rapid rise of artificial intelligence. For Bloomer and her team, the use of AI is not a question of if, but how, safely.
“Let’s step away from the Skynet Terminator thoughts some of us have when we think about AI,” she joked. “It isn’t just science fiction - it’s already in our day-to-day lives. Even a basic Google search uses AI.”
However, with the proliferation of generative AI models and their reliance on internet-scale data, Defence industry players face a serious challenge: how to leverage the efficiency and capability of AI without compromising security.
“They carry some substantial risks, especially with generative AI as they hallucinate a lot,” Bloomer says. “It’s not sensible to make decisions based on these tools without proper checks and human oversight”
Instead, Stantec has adopted a strategy of building closed data enclaves – curated libraries of verified data that dislocated design teams can work within, and if needed, AI systems can safely be added to. These enclaves are accessible only to authorised users and can be customised to different project teams based on a need-to-know model.
Defence-grade enclaves let us ring-fence projects when needed or enable multiple teams to work securely within the same environment.”
- Louisa Bloomer
“This is a restricted-access environment,” Bloomer says. “Defence-grade enclaves let us ring-fence projects when needed or enable multiple teams to work securely within the same environment.”
Is industry ready?
Despite Stantec’s rigorous approach, Bloomer admits that the rest of the industry hasn’t fully caught up.
“Because we are so strict with how we manage data, it’s sometimes met with surprise from our subcontractors,” she says. “They’re just not used to having frank conversations about data so early in a project. We give a boost of energy and a shock to the system.”
These challenges aren’t just about security – they also affect day-to-day operations. Something as simple as different software versions across international offices can create real obstacles.
“When you have staff and contractors in the UK, Australia, Canada etc. all working on a project – they’re typically going to have slightly different softwares,” Bloomer says. “This means that you have to actively reagree to contracts to streamline the licences in your enclave and conduct security checks.”
And in a company of 32,000 staff, it’s a good thing they have cyber security and software experts to support this.
Balancing innovation with risk
While Stantec continues to work across energy, resources, transport and water sectors, it continues to take these critical lessons to help Defence explore how to integrate emerging technology into infrastructure delivery.
One industry example cited by Bloomer, highlighting the advancements in robotics, was a cloud-enabled robotic “dog” used in North America to inspect stormwater systems – a potentially game-changing tool for predictive maintenance.
“When this is cloud enabled – you then open yourself up to risk as these robots map bases,” she says. “For Defence industry, we have to think about how we can support Defence in these innovative and unique ways – without creating more risks.”
Though, as the ADF prepares for a future defined by joint operations, sovereign capability and technological disruption, the question of how distributed teams are managed becomes central to mission success.
From data enclaves and DISP requirements to AI risk mitigation and global licence coordination, managing dislocated design teams is no longer a support function. It is a core part of delivering secure, reliable and forward-looking infrastructure for Defence.
For firms like Stantec – and for Defence itself – that means embedding digital security, governance and trust into every layer of the design process, from the first keystroke to the final blueprint.
