What the federal budget means for cyber: 2022 Budget explained

Cyber security played a prominent role in the 2021 budget and in the last 12 months, the federal government has been focusing on amendments to laws and policies to increase Australia’s cyber resilience.  The federal budget is a time to reflect on the 2020 Cyber Security Strategy and its $1.6 billion pledge to strengthen Australia’s cyber resilience.  The aim – to increase the expectations of Australian businesses to put cyber security as a top priority as a risk management strategy.

The Budget 2022-23 aims to bolster the Australian Signals Directorate (ASD)’s offensive cyber capabilities and strengthen its detection and response network in line with the increased expectations of the industry.  It will address our national workforce shortage, grow and protect critical technologies and uplift cyber security within the government and among businesses.

• $9.9 Billion:   ASD to double in size adding 1900 staff
• $1 billion:  Small businesses can tax deduct up to $100K each year in cyber security, cloud and other digital enhancements
• $18.6 million:  Regional Australia digital and data training
• $30.2 million:  Cyber Hubs pilot expanded to secure commonwealth data
• $3.9 million:  Support to women to reskill and pursue careers in technology

$9.9 billion has been earmarked to support enhanced cyber and intelligence capabilities.  The package includes additional investment into the Australian Signals Directorate under an initiative dubbed Project REDSPICE (Resilience, Effects, Defence, Space, Intelligence, Cyber and Enablers), which is expected to nearly double the size of the intelligence agency over the coming decade, adding 1900 new staff. (1)

At a glance, the measures include:

1. Bolstering national cyber defence and offence:  ASD double staff and triple its offensive capabilities over 10  years.
2. Secure federal government networks:  Expansion of ‘Cyber Hubs’ pilot program to help federal government departments detect and respond to rapidly increasing cyber threats.
3. Investing and protecting in critical technologies:  Investment in global standards for quantum computing and telco infrastructure.
4. Tackling cyber skills shortage: more funding for digital skills and education such as data science, AI, cyber security and ICT engineering.
5. Support for women in IT:  funding for women in tech to pursue careers, including mentoring provision for mid-career transition into the technology workforce.
6. Cyber security & tech support for small businesses:  Extra tax deductions are immediately available for cyber security, cloud services and other digitalisation up to 100k per year.

To date, small businesses have been inconsistent in their efforts toward cyber security.  With competing priorities, the need for cyber strategies often gets put on the back burner.  Small businesses often lacks the budget and resourcing to improve their cyber security postures.  As an important part of the supply chain for essential services and critical infrastructure, this is becoming an urgent issue and weakness in Australian cyber resilience.

The budget has announced tax incentives for small businesses in cyber security and other digital investments.  Businesses with an annual turnover of less than $50 million can now deduct $120% of these expenses up to $100k per year until June 2023.

This measure can be used for major investments such as:

• cloud migrations
• cyber security mitigation strategies
• e-invoicing
• accounting software
• web design
• expenses of staff training courses (delivered by Australian entities)

REDSPICE stands for Resilience, Effects, Defence, Space, Intelligence, Cyber and Enablers and is intended to:

1. Triple ASD’s offensive cyber capabilities
2. Double ASD’s cyber hunt and responsive activities.

The investment of $9.9 billion is the largest cyber spend in Australia’s history reflects our deteriorating strategic circumstances in our region and cyber threat landscape.  REDSPICE will let Australia keep track of adversary capabilities, deter attacs and protect our critical systems.  It will back the governments intent to cooperate with Five Eyes Intellgence partners including the AUKUS agreement with the US and UK.

As part of the committment, the government also announced the creation of several new government-led cyber security outlets to oversee the nation’s cyber security infrastructure, a new multi-agency centre hosted by the Officer of National Intelligence, dubbed the Cyber and Critical Technology Intelligence Centre and the ASD also flagged the opening of a new cyber and foreign intelligence facility in Majura Park, Canberra, built to foster security partnerships across the intelligence community, law enforcement, Australian industry and international partners.  The new centre is expected to house agents and personnel from the Australian Defence Force, the Australian Federal Police, the Australian Criminal Intelligence Commission, Home Affairs and representatives from industry. The Majura Park facility is also tipped to create new employment opportunities for intelligence analysts, cyber operators, technology researchers, and corporate enablers.

REDSPICE reflects the critical role the ASD will play in Australia’s cyber defence and has been empowered to direct Australian crtitical infrastructure owners and operators in the event of a cyber crisis.

REDSPICE is the most significant single investment in the Australian Signals Directorate’s 75 years. Through REDSPICE, ASD will deliver forward-looking capabilities essential to maintaining Australia’s strategic advantage and capability edge over the coming decade and beyond.  The REDSPICE Blueprint (PDF) offers some further insights into what REDSPICE will deliver and a vision of what ASD will look like in the future.  Through REDSPICE, we will expand the range and sophistication of our intelligence, offensive and defensive cyber capabilities, and build on our already-strong enabling foundations.

• 3x current offensive cyber capability
• 2x persistent cyber-hunt activities
• Advanced AI, machine learning and cloud technology
• 4x global footprint
• 1900 new analyst, technologist, corporate and enabling roles across Australia and the world
• 40% of staff located outside Canberra (2)

A widely recognised fact is Australia’s shortage in technology talent and lack of women within the technology industry.  The budget has recognised this and has made provisions to mitigatet this risk:

1. Talent:  REDSPICE requires an additional 1900 ASD staff when the industry already is facing a critical cyber workforce shortage.  The funding will encourage the training and education of more data scientists, AI, ICT engineers and cyber security professionals.
2. STEM Development:  $45.4 million has been pledged over 5 years to support STEM development in Australia.  In addition, $6.7 million of STEM will be used to extend support for the Women in STEM Ambassador and Superstars of STEM initiatives, both are focused on raising the profile of women in STEM.
3. Diversity:  Women make up less than 25% of the cyber workforce.   The government is allocating $3.9 million over 2 years to support women in to technology roles.  This is not just school leavers, but they are offering pathways to help mid-career women transition over to the technology industry.
4. Regional:  $18.6 million over 3 years will be allocated to a pilot program providing digital data training and employment opportunities for regional Australians.
5. Attracting global talent: Global Australia Taskforce will be continued for an additional 2 years to attract investment and individuals to Australia.

The budget also continues to invest in the federal government’s own cyber security.  In 2021, the government set up Cyber Hubs in the Department of Defence, Home Affairs and Services Australia. Now, a further $30.2 million will be spent to support these Hubs and to establish a fourth pilot in the Australian Taxation Office.

These Cyber Hubs will perform cyber threat monitoring, detection and response.

In 2021, the government has recognised that technological advancement is essential to our economic growth and national security.  They have idnetified that investment in security starts with the right hardware, tehcnical standards and supply chaain and that investment in telecommunications, advanced computing and biotech is essential.

The budget measures include:

• $18.6 million to shape global critical and emerging technology standards
• Investment in a sovereign quantum computing industry
• Financing package to Telstra for its acquisition of Digicel Pacific
• Support for AUKUS by lifting the staff cap in the Department of defence.

Australian companies provide some of the most advanced and threat-resistant cyber security solutions. They include protection of the most sensitive data and critical IT infrastructure used in government, defence, enterprise and national infrastructures such as energy and telecommunications.

Kaine Mathrick Tech strongly supports the $9.9 billion investment into cyber security and the technology industry as a whole. Bolstering our cyber security capabilities is not only critical to Australia’s defence and economic strengths but provides a major opportunity to leverage Australian world-leading cyber security technologies.

If you need assistance in aligning your cyber security measures with the ACSC Essential Eight or would like to discuss your technology needs, please contact us today.

1. FEDERAL BUDGET: TREASURER HANDS DOWN NEARLY $10BN IN CYBER AND INTELLIGENCE FUNDING:  Source:  https://www.cybersecurityconnect.com.au/policy/7688-federal-budget-treasurer-hands-down-nearly-10-billion-in-cyber-and-intelligence-funding
2. About REDSPICE.  Source:  https://www.asd.gov.au/about/redspice