In the 2022 federal budget, Treasurer Josh Frydenberg launched a series of vote-winning initiatives, including a breathtaking A$9.9 billion for cybersecurity over ten years.
Bundled under the acronym REDSPICE (which stands for Resilience, Effects, Defense, Space, Intelligence, Cyber and Enablers), the program is expected to help build Australia’s intelligence and defensive (and offensive) capabilities.
But what does this mean, where does the money come from and how? offensive do we intend to be?
What is REDSPICE?
REDSPICE is a program to improve the intelligence and cyber capabilities of the Australian Signals Directorate (ASD) — the main body responsible for foreign intelligence, cyber warfare and information security.
Headline figures include 1,900 new recruits and delivering three times more offensive capability within the ASD.
A key motivation given for the programme is, according to Defense Secretary Peter Dutton, the “deteriorating strategic conditions in our region” and “rapid military expansion, increasing coercive behavior and increased cyber-attacks” from Australian adversaries.
This was also reinforced in a pre-budget note van Dutton, who warned of China’s cyberwarfare capability to launch “an unprecedented digital attack” on Australia.
Plans for the program will have implications beyond Canberra. They could see more Australian technologies be made available to our intelligence and defense partners abroad, as well as opportunities for increased data sharing (essential in the fight against cyber threats).
Further investments in advanced artificial intelligence and machine learning will likely be used to detect attacks earlier than is currently possible – possibly possible automated responses to cyber incidents.
Identifying previously “unseen” attacks is another major challenge, and using advanced technologies to detect such incidents is essential for strong defenses.
Likewise, a doubling of “cyber-hunt activity” will lead to an increase in analysts and automated systems actively looking for vulnerabilities in critical infrastructure. This is essential for protecting the services we depend on every day.
A big attack against our water, electricity, communications, healthcare or financial services can have devastating consequences – first for the most vulnerable among us, then for everyone else.
All of these technologies will be of value in reducing the sheer number of threats and incidents seen on a daily basis, and in prioritizing certain threats so that they can be better addressed by limited human resources in agencies.
The program will reportedly ensure a division of key functions, both nationally and internationally, with a focus on building resilience in the “critical capabilities” of the ASD’s operations.
Some new money, but especially old money
A $10 billion sounds like a significant windfall for our defense and intelligence agencies. However, a closer look reveals that the “new” money may only be worth about A$589 million in the first four years.
Most of the balance comes from redirect existing defense funding to the ASD†
Moreover, because the financing is spread over a period of ten years, only part of the intended results will be achieved in the coming cabinet term. In fact, only A$4.2 billion will fall in the next four years.
Future governments can always review these funding commitments and decide to make changes.
Is Australia ready to be an attacking cyber player?
Offensive cyber may well be the inevitable consequence of the increasing cyber threats around the world†
Not only have we seen an increase in global cybercrime, but there is also growing evidence that countries are willing to cooperate Cyber war† Recently, this was illustrated by the Russian cyber attacks on Ukraine.
Australia has had a publicly recognized cyber offensive capability for some time now. This was even set out in the April 2016 government cybersecurity strategy (and this was only the first official one recognition† It is likely that Australia has had this option for some time.
Offensive cyber represents a significantly different approach than a purely defensive or reactive approach. Initiating an attack (or retaliation) is a dangerous undertaking that can have unpredictable consequences.
Launching a highly targeted attack from Australia is certainly possible, but in such attacks we often see consequential damage that affects individuals and systems off target. The NotPetya malware, first identified in 2017, quickly moved outside the target country (Ukraine) and had significant financial impact worldwide.
The 2016 strategy specifically referred to the importance of legal compliance:
Any measure used by Australia to deter and respond to malicious cyber activity would be consistent with our support for the international rules-based order and our obligations under international law.
But this is largely missing from the (short) REDSPICE blueprint. In effect, due to the covert nature of the operations conducted by the ASD, we are being asked to accept that Australia is operating ethically in the absence of recorded or published data on operations to date.
Although there are limited reports of legitimate cyber activitiesa 2016 Address to Parliament then Prime Minister Malcolm Turnbull referred to Australia’s offensive attacks linked to operations against Islamic State (in conjunction with UK and US allies):
Although I will not go into the details of these operations […] they are used […] they really make a difference in the military conflict […] all offensive cyber activities in support of the ADF and our allies are subject to the same Rules of Engagement that govern the use of our other military capabilities in Iraq and Syria […]
Will it make a difference?
We all want Australia to be a safe place, so any investment in intelligence and cybersecurity will be welcomed by most people. That said, it’s worth remembering that this battle can never really be won.
Cyber defense is a constant cat and mouse game. One side builds a better weapon, the other builds a better defense, and so it goes. As long as our adversaries are willing to invest in technologies to infiltrate and damage our critical infrastructure, we will have to continue investing in our defenses.
The increased focus on offensive initiatives may give us (and our allies) the upper hand for a while, but the cyber world is not standing still. And the pockets of some of our cyber attackers are also very deep.
- 1 What is REDSPICE?
- 2 possible outcomes
- 3 Some new money, but especially old money
- 4 Is Australia ready to be an attacking cyber player?
- 5 Will it make a difference?