In late March this year the government announced a $9.9 billion project named “REDSPICE.” Though REDSPICE is ambitious, it is also a much needed step forward in Australian cybersecurity investment.
REDSPICE (Resilience, Effects, Defence, Space, Intelligence, Cyber, Enablers) is a new Australian Signals Directorate (ASD) mission to enhance and transform Australia’s ability to respond to the dangerous issues of offensive cyber operations and grey zone warfare which affect many aspects of our society and our National Security. It is an investment in people, the application of modern and developing AI and Big Data techniques, and innovative intelligence and analysis practice. It also displays a refocusing of the way we as a country deal with offensive cyber operations and secure communications, drawing on the use of new technologies and bold and innovative thinking to do so.
Supporting the Process
I am a massive supporter of this transformation of the ASD and see the announcement of REDSPICE as a restatement, and affirmation, of the organisation’s long-term role in leading cyber security operations and initiatives. It focuses very much on growing the work force and will broaden the traditionally Canberra-centric operation by locating 40 percent of staff outside of the Australian capital.
Moving ASD employees outside of Canberra is really important. In recent years we have seen a move towards Joint Cyber Security Centres located in various capital cities, but it is unclear whether the program has been well-received. I would guess not, though I am not sure why. Perhaps we are not all aware of their function and purpose, but I wonder if we should have just called them “ASD offices.” The urgent issue is that with the development of interstate Defence and research initiatives (such as the development of the space and cyber industry in Lot 14 in Adelaide) more and more ASD security and resilience advice is needed across Australia. Secure communications without a trip to Canberra must be streamlined for all.
Recruiting 1900 new staff across both technological and corporate roles may prove challenging for the ASD, and they will need support from academia and industry to facilitate such an expansion. The complexities of this situation, as we in the profession know, are that most organisations who deal with more difficult cyber security and resilience research and practice need to employ citizens of Australia. Even with a large number of international students and other migrants taking up permanent residency opportunities and citizenship, providing the basic and fundamental skills to fill up the cyber security (and AI and Big Data) skilled worker pipeline is a slow process for all of us involved.
In my own work as a Professor, I often suggest to my best students and junior researchers that the best place to start a cyber security career is with the ASD. This is obviously in the national interest, but I also see an organisation that has lived up to the claims it makes in its own literature. The ASD has a structured way of the training and developing its staff and is able to provide the best available tools, which are major advantages to an ambitious entry-level cyber security or big data person. It is able to engage with some of the best thinkers in academia and industry as it seeks to make Australia more resilient and responsive to the global nature of the cyber security and intelligence challenges that we will always and constantly face as a nation.
The ASD has also, in my experience, striven very hard in the last few years to create an inclusive working environment. For instance, its recent work with the Australian Women in Security Network (AWSN), has sponsored hands-on security training for women wishing to enter the cyber security profession, or who have entry level and mostly non-technical roles.
Many in our industry have grown familiar with the changes made to the UK approach to National Security from a cyber and resilience perspective and have heard leaders such as Dr Ian Levy talk about making the UK the safest country to live and work in online. I have been concerned about the Australian response to the same National Security issues identified in the UK which have certainly been discussed at great length. It is unclear to me whether the new REDSPICE initiative will cover the whole agenda that we see taken on by the UK National Cyber Security Centre (NCSC), but the new REDSPICE investment, plus new legislative initiatives to define and protect critical infrastructure, will allow us a far greater measure of engagement with issues that are critical to our society.
My hope is that there will be bipartisan support for the REDSPICE initiative and also, in the light of this mission, a focus on truly making the ASD the centre of cyber security and resilience activity in Australia. In my experience as a researcher and teacher, Australia has not achieved the same recognition of where our cyber “centre” is in the way that USA has done with the National Security Agency or the UK with its NCSC. This to my mind has hampered the development of relationships between industry, academia and government that exist in the UK (such as the Academic Centres of Excellence in Cyber Security Research) and the USA (with Centres of Academic Excellence in Cyber Security).
We will need to work hard as a nation to supply the 1900 new employees required by the ASD without denuding the banks, law enforcement and academic of all our expertise. I hope the ASD is given freedom to help develop the skills pathways that our allies have been committed to for many years so as to achieve the bold vision that they have committed themselves to.
Professor Jill Slay is the University of South Australia SmartSat CRC Professorial Chair in Cybersecurity. Her work focuses on the context of developing the national technical agenda in satellite cybersecurity and resilience with the Australian academic community, Defence and Defence Industry.
This article is published under a Creative Commons Licence and may be republished with attribution.