MELBOURNE, Australia — Australia’s largest health insurer said Oct. 26 a cybercriminal had hacked the personal data of its 4 million customers. The thief has demanded a ransom and reportedly threatened to expose the diagnoses and treatments of Medibank’s high-profile customers.

The incident comes a month after Australia’s second-largest wireless telecommunications carrier, Optus, became aware that personal data of more than one-third of the country’s population of 26 million had been stolen.

But these hacks represent just a small portion of the cyberattacks that target Australia. “Throughout recent years, Australia has been targeted by a range of actors conducting cyber operations that pose a significant threat to our security,” Rachel Noble, who heads the Australian Signals Directorate, wrote in a document outlining Redspice, the government’s plan to bolster its cyber capabilities.

Redspice — which stands for Resilience, Effects, Defence, Space, Intelligence, Cyber, Enablers — is set to receive AU$9.9 billion (U.S. $6.3 billion) over the next decade, the government of then-Prime Minister Scott Morrison announced in March.

The funding represents the largest-ever investment in Australia’s national cyber and intelligence capabilities.

Where will the money come from?

Formed 75 years ago, the Australian Signals Directorate, or ASD, is part of the Defence Department and is entrusted to provide foreign signals intelligence, cybersecurity advice and offensive cyber operations to meet the needs of the department and the military.

The funding for Redspice is meant to triple Australia’s current offensive cyber capability, double its persistent digital hunting activities, develop advanced artificial intelligence and machine-learning capabilities, and quadruple the global footprint of ASD. It’s also meant to bring on 1,900 new employees and open offices in Brisbane, Perth and Melbourne.

The Australian Signals Directorate’s cyber and foreign intelligence facility in Canberra. (Australian Defence Department)

“This investment in ASD recognizes the deteriorating strategic circumstances in our region, characterized by rapid military expansion, growing coercive behavior and increased cyberattacks. It acknowledges the nature of conflict has changed, with cyberattacks now commonly preceding other forms of military intervention — most recently demonstrated by offensive cyber activity against Ukraine,” then-Defence Minister Peter Dutton said in March.

“Redspice ensures Australia keeps pace with the rapid growth of cyber capabilities of potential adversaries. It provides new intelligence capabilities, new cyber defence capabilities to protect our most critical systems, and is a real increase in the potency to strike back in cyberspace,” he added.

While the exact capabilities and activities of ASD are a closely guarded secret, Noble provided some details when she testified in April before a Senate panel on government spending.

“Our job in ASD is as an operational agency with particular regard to cybersecurity — so providing technical advice and assistance to all Australians,” Noble said. “That’s a very different role to the Office of National Intelligence, which is to essentially provide strategic intelligence assessment[s].”

The director general added that the “vast amount” of increased capability to be delivered will come from the increased workforce and the establishment of the new offices around the country.

Although the funding stretches over 10 years, Noble said, the workforce would triple by the 2026-2027 time frame — growing by 400 personnel in 2023-2024; 600 in 2024-2035; 500 in 2025-2026; and about 200 in 2026-2027.

According to the first budget released by the current government on Oct. 25, spending in the 2021-2022 financial year was AU$1.17 billion. Redspice will see funding for 2022-2023 rise to AU$1.7 billion, and then AU$2.32 billion for 2023-2024.

With Redspice funding at AU$9.9 billion over 10 years, AU$4.2 billion of that has to be found in the four-year forward estimates period. (Australia’s forward estimates include the level of expenses proposed by the government for future years, based on economic, demographic and forecasting assumptions.)

People walk past a Medibank branch in Sydney, Australia, on Oct. 26, 2022. The largest health insurer in the country said a cybercriminal had hacked the personal data of all its 4 million customers. (Rick Rycroft/AP)

Of the AU$4.2 billion, only AU$588.7 million will be new money, requiring AU$3.6 billion to come from the Defence Department’s Integrated Investment Program, a fully funded plan meant to set the course for defense acquisition over future years. In other words, if a project is listed as part of the program, funding is available for that project over the specified time frame. It is unusual — but not unheard of — for a project to be removed from the IIP.

It’s unclear where the remainder of the funding total will come from.

So far, this has resulted in the cancelation of the Royal Australian Air Force’s AU$1.3 billion MQ-9B SkyGuardian armed drone program. The direct link was confirmed before a Senate hearing by Matt Yannopoulous, in the acting role of defense secretary. Deliveries were expected to begin in the middle of this decade under Project Air 7003 Phase 1.

Australia chose to ax the SkyGuardian procurement effort because it had yet to reach Gate 2 approval, and was therefore easier to cancel. However, the new defense minister, Richard Marles, has promised to study the previous government’s decision as part of a Defence Strategic Review to be completed in the first half of 2023.

Australia’s SkyGuardian drone program was axed to provide more funding to Redspice. (Matt Cardy/Getty Images)

Another major defense acquisition effort yet to gain Gate 2 approval is the Army’s Land 400 Phase 3 Infantry Fighting Vehicle program, worth AU$18-$27 billion.

Up to 450 new IFVs — either Hanwha Defense’s AS21 Redback or Rheinmetall’s Lynx KF41 — are to replace the Army’s Vietnam-era M113 armored personnel carriers. However, both bidders have been told they must submit their respective bids based on an order of 300 vehicles, with options for three tranches of 50 vehicles each.

However, Defence Department officials have denied that vehicle quantity decrease is due to the need to fund Redspice, saying a government decision on Land 400 is yet to be made.

Still, a shortfall in funding remains in the forward estimates period. At least some of this funding shortfall will come from three existing ASD projects, which will now be subsumed under Redspice.

“None of [the three ASD projects] have been canceled. There was already funding in the IIP, and I’ll speak about them broadly because two of them in particular are highly classified,” Noble said at the Senate hearing. “One is for building our capability in signals intelligence mission systems; another is for offensive cyber; and one is for components of the CESAR [Cyber Enhanced Situational Awareness and Response] program.”

“The programs were funded in the IIP, but have now moved forward in time [and] are, in some respects, being subsumed and added [to Redspice]. Let’s take offensive cyber for example: We might have been on a pathway to deliver an offensive cyber capability, and now what Redspice is enabling is that, while we are on that pathway, we would do it sooner and have more money and capacity to do three times as much as what we were already,” she added.

No longer ‘business as usual’

Fergus Hanson, director of the International Cyber Policy Centre at the Australian Strategic Policy Institute, said Redspice is critical because of the massive increase in the Australian population’s digital footprint over the last decade.

“This has created major opportunities for both offense and defense, and there’s just no way a ‘business as usual’ approach could keep pace with the rate of change that we have in terms of digital uptake,” he told Defense News.

Hanson pointed to Australia’s membership in the intelligence-sharing alliance Five Eyes as also driving the financial investment.

“The urgency is partly geopolitical and partly just the pace of change in the digital world,” he said. “I don’t think there’s any world in which [Australia] can get close to the U.S. in cyber capability, but I think to remain a meaningful contributor in our areas of specialization is the ambition.”

He also cited the country’s deteriorating relationship with regional neighbor China, which has implemented trade sanctions against Australia, and the strategic defense agreement AUKUS, which will see Australia, the United Kingdom and the United States work together on nuclear-powered submarine technology.

“We used to believe that we didn’t have to choose between our largest trading partner and our most important ally, but with AUKUS we well and truly chose,” Hanson said. “China took a strategy of trying to push us to our limit and seeing if they could break us, and they ended up pushing us from one side to the other, so that to me adds up to Redspice.”

The Associated Press contributed to this report.

Nigel Pittaway is the Australia correspondent for Defense News.

Share:
More In Cyber