Budget 2022: $9.9 billion for cybersecurity aims to make Australia a key ‘offensive’ cyber player
In the 2022 Federal Budget, Treasurer Josh Frydenberg launched a series of award-winning initiatives, one of which included a staggering A$9.9 billion for cybersecurity over ten years. Grouped under the acronym REDSPICE (which stands for Resilience, Effects, Defence, Space, Intelligence, Cyber and Enablers), the program is expected to help build Australia’s intelligence and defense (and offensive) capabilities. But what does it mean, where does the money come from and how offensive are we planning to be?
REDSPICE is a program to develop and improve the intelligence and cyber capabilities of the Australian Signals Directorate (ASD) – the lead agency responsible for foreign signals intelligence, cyber warfare and information security.
Key figures include 1,900 new signings and three times the attacking capacity within the ASD.
A key rationale given for the program is, according to Defense Minister Peter Dutton, the “deteriorating strategic circumstances in our region” and “rapid military expansion, increasing coercive behavior and increased cyberattacks” by adversaries of Australia.
This was also reinforced in a pre-budget commentary by Dutton, who warned of China’s cyber warfare capability to launch “an unprecedented digital attack” on Australia.
The plans for the program will have effects beyond Canberra. They could see more Australian technology made available to our intelligence and defense partners overseas, as well as opportunities for increased data sharing (which is critical to countering cyber threats).
Additional investments in advanced artificial intelligence and machine learning will likely be used to detect attacks earlier than currently possible – potentially enabling automated responses to cyber incidents.
Identifying previously “invisible” attacks is another significant challenge, and using advanced technologies to detect such incidents is essential for a strong defense.
Likewise, a doubling of “cyberhunting activities” will lead to an increase in the number of analysts and automated systems actively searching for vulnerabilities in critical infrastructure. This is essential to protect the services we depend on every day.
A major attack on our water, electricity, communication, health or financial services could have devastating consequences – first for the most vulnerable among us, then for everyone.
All of these technologies will be useful in reducing the large number of threats and incidents observed daily, and prioritizing certain threats so that they can be better managed by the agencies’ limited human resources.
The program will ensure a distribution of key functions both nationally and internationally, with a focus on building the resilience of the “critical capacities” of ASD operations.
New money, but mostly old
$10 billion seems like a big windfall for our defense and intelligence agencies. However, closer examination indicates that the “new” money may only be worth around A$589 million in the first four years.
The majority of the balance comes from redirecting existing defense funding to DSA.
In addition, since the funding is spread over a ten-year period, it will only achieve part of the expected results during the government’s next mandate. In fact, only AU$4.2 billion will fall over the next four years.
Future governments can always review these funding commitments and decide to make changes.
Is Australia ready to be an offensive cyber player?
Offensive cybercrime is perhaps the inevitable consequence of the growing levels of cyber threats around the world.
Not only have we seen global cybercrime increase, but there is growing evidence that nations are ready to engage in cyberwarfare. This was recently illustrated by Russia’s cyberattacks on Ukraine.
Australia has had a publicly recognized cyber offensive capability for some time. This was even outlined in the government’s cybersecurity strategy of April 2016 (and this was only the first official acknowledgment). It is likely that Australia has had this capability for even longer.
The cyber offensive represents a significantly different approach from a purely defensive or reactive approach. Launching an attack (or retaliating) is a dangerous business that can have unpredictable consequences.
Launching a highly targeted attack from Australia is certainly possible, but with such attacks we often see consequential damage that affects individuals and systems beyond the target. For example, the NotPetya malware, first identified in 2017, quickly moved out of the target country (Ukraine) and had a significant financial impact worldwide.
In the 2016 strategy, there was specific reference to the importance of legislative compliance: any measures Australia uses to deter and respond to malicious cyber activity would be consistent with our support for the rules-based international order and our obligations under international law.
But that is largely absent from the (brief) REDSPICE plan. Additionally, due to the covert nature of the operations conducted by the ASD, we are effectively being asked to accept that Australia is operating ethically in the absence of any recorded or published data on the operations to date.
Although there have been limited reports of legitimate cyber engagements, a 2016 address to Parliament by then-Prime Minister Malcolm Turnbull referenced offensive attacks by Australia in relation to operations against the Islamic State (in partnership with British and American allies): t go into the details of these operations […] they are used […] they make a real difference in military conflict […] all offensive cyber activities in support of the ADF and our allies are subject to the same rules of engagement that govern the use of our other military capabilities in Iraq and Syria […]
Will it make a difference?
We all want Australia to be a safe place, so any investment in intelligence and cybersecurity will be welcomed by most people. That said, it’s worth remembering that this battle can never truly be won.
Cyber defense is a constant game of cat and mouse. One side builds a better weapon, the other builds a better defense, and so on. As long as our adversaries are willing to invest in technologies to infiltrate and damage our critical infrastructure, we will have a continued need to invest in our defenses.
The increased emphasis on offensive initiatives may give us (and our allies) the upper hand for a while, but the cyberworld does not stand still. And the pockets of some of our cyber adversaries are also very deep.
Paul Haskell-Dowland is a professor of cybersecurity practices at Edith Cowan University. This article is republished from The Conversation under a Creative Commons license. Read the original article.
Comments are closed.