Share this article on:
REDSPICE is the most significant single investment in the Australian Signals Directorate’s 75 years, and it is designed to respond to the deteriorating strategic circumstances in the region, characterised by rapid military expansion, growing coercive behaviour and increased cyber attacks.
The acronym REDSPICE stands for Resilience, Effects, Defence, Space, Intelligence, Cyber, Enablers. Through this new project, the ASD is aiming to deliver forward-looking capabilities essential to maintaining Australia’s strategic advantage and capability edge over the coming decade and beyond.
Following the federal government’s announcement of a $9.9 billion investment in bolstering Australia’s cyber security and intelligence capabilities, key industry players welcomed the announcement that is set to encourage greater collaboration between the public and private sectors, aimed at sharing threat intelligence, technology and resources. With the significant investment serving as an urgent call to action for Australian businesses to get serious about cyber security.
The current conflict in Ukraine has heightened how cyber attacks have been brought forward as a key tactic of war according to Crispin Kerr, vice-president, ANZ at Proofpoint.
“It is encouraging to see the federal government taking the imminent threat of cyber attacks against Australia’s critical infrastructure seriously now that the battle lines are so clearly drawn.
“The $9.9 billion investment the federal government has announced it will budget for cyber security intelligence serves as an important reminder that Australian businesses too, must step up their cyber security defences in an increasingly volatile climate where cyber resilience is quickly becoming an organisation’s greatest asset.
“As we continue to see state-sponsored threat actors and cyber criminal gangs wreak havoc on governments and private enterprises, the risk to Australia’s critical infrastructure and services remains high. A significant cyber attack on critical sectors like healthcare, utilities, education and transport is no longer a question of if, but when,” Kerr said.
Pete Murray, MD, ANZ at Veritas added that while the significant investment in Australia’s offensive and defensive cyber capabilities initiative is a step in the right direction, the strategy of addressing cyber security holistically is missing from the equation.
“The pandemic has increased our reliance on technology and generated more opportunities for malicious ‘cyber actors’ to exploit Australian businesses; being hacked is now a matter of when, not if.
“What’s critical now is to ensure that commercial and public enterprises can recover and get back to business quickly, beyond front door security measures.
“Given that we have seen many instances in Australia where cyber security has failed, we’d like to see greater collaboration between the public and private sectors to increase the ability of businesses to protect their data and their applications once a hacker is in. In the current world of ‘when’ not ‘if’ an organisation is going to suffer from ransomware, protecting the front door simply isn’t enough,” Murray said.
The Australian government’s investment in offensive and defensive cyber security capabilities is the greatest indicator that cyber crime remains one of the most pervasive threats facing Australia, Matthew McWhirter, senior director at LastPass JAPAC further explained.
“Such an investment made to bolster the nation’s cyber security posture, prompts companies and individuals to also keep pace and strengthen their cyber defences.
“With our use of online environments rapidly expanding, it has left our sensitive information at greater risk than ever before.”
McWhirter added that the most recent LastPass Psychology of Passwords report found that 53 per cent of those surveyed haven’t changed their password in the past year, even after hearing about a breach in the news.
“With more unprecedented digital onslaughts expected to be faced not only for the government, but the average individual, it is more critical than ever to have multiple lines of defence to safely secure your online data and develop proactive over reactive cyber security strategies,” McWhirter said.
Skills shortage
With the pandemic pushing technology even deeper into daily life, skills packages such as the $3.6 billion national skills reform is critical in filling roles such as in tech, which are the foundation of our evolving digital economy, ensuring businesses get the skilled workers they need.
While the skills incentives will primarily boost young people re-skilling and entering tech, we are missing the opportunity to target an enormous untapped talent pool of people – those between 40 and 60 – who grew up when IT was really taking off and seen as an exciting career choice, according to Murray, but the potential talent in this age bracket may have been frightened away from the industry by the shadow of outsourcing.
“Our industry hasn’t done enough to educate and excite this group, or the younger technology students of tomorrow, about the value of being part of the IT industry.
“There’s often a misconception that a career in technology comes with a risk of becoming offshored, when in reality, the technology sector is an incredibly secure and flexible line of work.”
As an industry, Murray is an advocate for collaboration to “get closer to tertiary education institutions” in order to make IT an appealing career path for the youth of today.
“While a renewed investment in local tech infrastructure such as the $243 million in grants for manufacturing projects is strengthening Australia’s on the map in technology innovation, there’s no point if we don’t have a local talent pool to get these projects off the ground.
“The pandemic has been the biggest lesson on IT business agility since the turn of the millennium.
“Many businesses were unprepared for the sudden need to move employees and operations at the start of the pandemic and are now scrambling to play catch up as hybrid working is a much-required corporate infrastructure capability today,” Murray added.
For Graeme Pyper, APAC director, channel partner and alliances at BlackBerry, the federal government’s move is promising to see.
“The creation of 1,900 critical jobs, such as data analysts, computer programmers and software engineers, under the REDSPICE initiative within the ASD.
“As the breadth of malicious cyber activity increases, public and private sectors must work together to rapidly up-skill the Australian workforce – and invest in complementary automation, including AI/ML-driven security technologies, to help security professionals protect the government and other enterprises.
“BlackBerry supports the $1 billion Technology Investment Boost incentivising small businesses to enhance their digital fluency and invest in cyber security systems and skills,” Pyper said.
In addition, augmenting in-house teams with external on-demand experts to address the challenge of cyber threat actors is essential, Pyper further explained, and added that threat intelligence experts, in combination with a security posture that leverages predictive AI-modelling, will significantly increase Australia’s cyber security capabilities.
“Indeed, malicious cyber actors are increasingly employing ransomware-as-a-service (RaaS) and malware-as-a-service (MaaS) tools to execute high-impact attacks.
“While every organisation runs the risk of a cyber security breach and/or ransomware attack, SMEs are facing upwards of 11 to 13 cyber attacks per device per day – a much higher rate than larger enterprises,” Pyper concluded.
Through REDSPICE, the ASD is aiming to expand the range and sophistication of our intelligence, offensive and defensive cyber capabilities, and build on the nation's already-strong enabling foundations:
Governments across the world have taken proactive steps to bolster national security and protect their critical assets. In July 2021, the UK’s National Cyber Security Centre (NCSC), the US Department of Homeland Security, and the Australian Cyber Security Centre (ACSC) issued a joint cyber advisory alerting organisations to the heightened risk of sophisticated ransomware attacks targeting critical assets. In March 2022 in the US, the Biden administration published a fact sheet calling on enterprises to take urgent steps to bolster their cyber security protections.
National capability
Rising global tensions have the potential to put Australian organisations in the crosshairs of a potential attack, placing their most valuable assets and data at risk, according to Murray, who believes a larger local talent and intellectual property pool is mandatory to protect critical infrastructure, ensure businesses have the resiliency to recover and restore operations in the right time frame, to continue servicing customers.
For organisations of all sizes and sectors, adopting a people-centric approach and leveraging technology will see Australian companies best-placed to stay alert and protected in the digital future, according to Kerr, who shares his view that no organisation is immune to attack, with high-profile cyber breaches and attacks continuing to prove this sentiment.
“In the hybrid working world, especially organisations must hone their defences and ensure enhancing their security posture remains a critical business focus.
“Creating a security-conscious culture and adopting best practice in cyber security awareness training – an area where our research shows Australia is falling behind its global counterparts, is essential to maintaining cyber resilience.
“As the potential attack surface broadens, risks inevitably also increase – from phishing and business email compromise attacks (BEC) to the large-scale ransomware and DDoS attacks we continue to see dominate the headlines.”
In the 21st century, national cyber security must be the fourth pillar of defence alongside air, land, and sea – as well as critical emergency management voice and messaging communications; Pyper commented, referring to the recent geopolitical developments that have sharpened the focus on measures necessary to protect Australian critical infrastructure from potential cyber security threats.
“The public relies on critical infrastructure for utilities such as power, gas, water, and waste treatment to operate without interruption.
“For this reason, critical infrastructure assets carry significant real-world risks and are high-impact, lucrative targets for ransom.
“Australian business and IT leaders recognise the need to adopt a prevention-first, proactive security posture across operational technology (OT) and IT environments as the threat landscape continues to evolve,” Pyper said.
To extend protections to offline devices running legacy operating systems, a “prevention-first” approach is a necessity, Pyper highlighted – both in terms of “lightweight” AI/ML driven cyber security solutions, which are installed on the endpoints themselves; and cyber security scanning tools to detect vulnerabilities during software design and development.
“Significant reform such as the Legislation Amendment (Critical Infrastructure) Act 2021, the updated Ransomware Action Plan, and the newly announced REDSPICE initiative are highly encouraging steps to strengthen national security and cyber resilience.
“BlackBerry applauds Australia’s 10-year, $9.9 billion investment in offensive and defensive cyber capabilities, including the new cyber and foreign intelligence facility in Canberra,” Pyper concluded.
[Related: FEDERAL BUDGET: Treasurer hands down nearly $10bn in cyber and intelligence funding]
Nastasha is a Journalist at Momentum Media, she reports extensively across veterans affairs, cyber security and geopolitics in the Indo-Pacific. She is a co-author of a book titled The Stories Women Journalists Tell, published by Penguin Random House. Previously, she was a Content Producer at Verizon Media, a Digital Producer for Yahoo! and Channel 7, a Digital Journalist at Sky News Australia, as well as a Website Manager and Digital Producer at SBS Australia. Nastasha started her career in media as a Video Producer and Digital News Presenter at News Corp Australia.