In the 2022 federal budget, Treasurer Josh Frydenberg launched a variety of vote-winning initiatives – one among which included a wide ranging A$9.9 billion for cyber security over ten years.

Bundled under the acronym REDSPICE (which stands for resilience, effects, defence, space, intelligence, cyber and enablers), this system is anticipated to assist construct Australia’s intelligence and defensive (and offensive) capabilities.

But what does this mean, where is the cash coming from and just how are we planning to be?


REDSPICE is a program to grow and enhance the intelligence and cyber capabilities of the Australian Signals Directorate (ASD) — the chief agency chargeable for foreign signals intelligence, cyber warfare and knowledge security.

Headline figures include 1,900 recent recruits and delivering 3 times more offensive capability inside the ASD.

The REDSPICE program goals to bolster cyber capabilities across a variety of areas.
ASD website

A key justification given for this system is, based on Defence Minister Peter Dutton, the “deteriorating strategic circumstances in our region” and “rapid military expansion, growing coercive behaviour and increased cyber attacks” from Australia’s adversaries.

This was also reinforced in a pre-budget comment from Dutton, who warned of China’s cyber warfare capability to launch “an unprecedented digital onslaught” against Australia.

Potential outcomes

The plans for this system can have effects beyond Canberra. They could see more Australian technologies being made available to our intelligence and defence partners overseas, in addition to opportunities for increased data sharing (which is essential to fighting against cyber threats).

Further investment in advanced artificial intelligence and machine learning will likely be used to detect attacks sooner than currently possible – potentially allowing automated responses to cyber incidents.

Identifying previously “unseen” attacks is one other significant challenge, and using advanced technologies to detect such incidents is important for a powerful defence.

Similarly, a doubling of “cyber-hunt activities” will see a rise within the analysts and automatic systems actively on the lookout for vulnerabilities in critical infrastructure. This is important in protecting the services we depend upon day-to-day.

A major attack against our water, electricity, communications, health care or finance services could have devastating consequences – first for probably the most vulnerable amongst us, and subsequently for everybody.

All of those technologies will probably be of value in reducing the massive variety of threats and incidents seen each day, and prioritising certain threats so that they could also be higher handled by limited human resources in agencies.

The program will reportedly ensure a distribution of key functions each nationally and internationally, with a concentrate on constructing resilience within the “critical capabilities” of the ASD’s operations.

Some recent money, but mostly old money

A$10 billion feels like a big windfall for our defence and intelligence agencies. However, a better look indicates the “recent” money is probably only value around A$589 million in the primary 4 years.

The majority of the balance comes from redirecting existing defence funding to the ASD.

Also, for the reason that funding is spread over a ten-year period, it can only realise a proportion of the intended outcomes in the subsequent government’s term. In fact, only A$4.2 billion falls inside the subsequent 4 years.

Future governments can all the time revisit these funding commitments and judge to make changes.

Is Australia able to be an offensive cyber player?

Offensive cyber is probably the inevitable consequence of the increasing levels of cyber threats across the globe.

Not only have we seen global cyber crime increasing, but there’s growing evidence of countries being willing to interact in cyber warfare. Recently this has been illustrated through Russia’s cyber attacks against Ukraine.

Australia has had a publicly acknowledged cyber offensive capability for a while. This was even outlined in the federal government’s April 2016 cyber security strategy (and this was just the primary official acknowledgement). It’s likely Australia has had this capability for even longer.

Offensive cyber represents a significantly different approach to a purely defensive or reactive approach. Initiating an attack (or retaliating) is a dangerous endeavour which might have unpredictable consequences.

Launching a highly targeted attack from Australia is definitely possible, but with such attacks we frequently see consequential damage that affects individuals and systems beyond the goal. For example, the NotPetya malware, first identified in 2017, rapidly moved outside of the goal country (Ukraine) and had significant financial impact world wide.

In the 2016 strategy there was specific reference to the importance of legislative compliance:

Any measure utilized by Australia in deterring and responding to malicious cyber activities could be consistent with our support for the international rules-based order and our obligations under international law.

But this is basically absent within the (temporary) REDSPICE blueprint. Also, resulting from the covert nature of operations conducted by the ASD, we’re effectively being asked to simply accept Australia operates ethically within the absence of any recorded or published data on operations to this point.

Although there have been limited reports of legitimate cyber engagements, a 2016 Address to Parliament by then Prime Minister Malcolm Turnbull referred to offensive attacks conducted by Australia in relation to operations against Islamic State (in partnership with UK and US allies):

While I won’t go into the main points of those operations […] they’re getting used […] they’re making an actual difference within the military conflict […] all offensive cyber activities in support of the ADF and our allies are subject to the identical Rules of Engagement which govern using our other military capabilities in Iraq and Syria […]

Will it make a difference?

We all want Australia to be a secure place, so any investment in intelligence and cyber security will probably be welcomed by most individuals. That said, it’s value remembering this battle can never really be won.

Cyber defence is a continuing game of cat-and-mouse. One side builds a greater weapon, the opposite builds a greater defence, and so it goes. As long as our adversaries are prepared to take a position in technologies to infiltrate and damage our critical infrastructure, we can have a continued need to take a position in our defences.

The increased concentrate on offensive initiatives may give us (and our allies) the upper hand for some time, however the cyber world doesn’t stand still. And the pockets of a few of our cyber adversaries are also very deep.

This article was originally published at