The federal government is expected to spend more than $20 billion strengthening the Department of Defence's IT and cyber security capabilities over the coming decade.
The funding, outlined in the 2020 strategic update [pdf] released on Wednesday, forms part of a $270 billion package for new and upgraded Defence capabilities over the next 10 years.
The strategy, which replaces the 2016 white paper, will see Defence capability investment climb by $75 billion over the next decade to $270 billion, or around 2 percent Australia’s GDP.
The $20 billion will be split between two operational domains: information and cyber, which will receive $15 billion, and enterprise ICT, which will receive $5 billion.
A ‘space domain’ will also receive $7 billion over the next decade - or three percent of total spending.
By comparison, the 2016 white paper allocated around $15 billion into an intelligence, surveillance, electronic warfare, reconnaissance and space and cyber stream.
A total of $575 billion will be provided to Defence, including for the Australian Signals Directorate, by the government over the next decade to provide long-term funding certainty.
Worth $15 billion over the next decade, the investment in Defence's information and cyber domain reveals the increasing importance of cyber security in Australia's strategic environment.
While highlighted as a driver for the department in 2016, the new strategy indicates this has only “accelerated” as Defence - and other organisations - have become more reliant on internet-based communications.
“Expanding cyber capabilities and [the] willingness of some countries and non-state actors to use cyber capabilities maliciously are further complicating Australia’s environment,” the strategy states.
“Cyber attacks can directly compromise military capability and operations. Cyber-enabled activities can also drive disinformation and destabilising interference in economies, political and social systems and infrastructure.
“These activities are often conducted in ways designed to facilitate deniability and complicate attribution.”
The remarks follow a busy fortnight for cyber security, in which the Prime Minister warned of a surge in malicious activity before outlining a $1.35 billion funding package, which represents only a fraction of the total Defence cyber spend over the next decade.
In response to this changing environment and the growing threat from malicious actors, Defence plans to have “secure and resilient information systems” as well as an ability to defend information and systems against cyber attack.
“Investments are planned in joint command, control and communications systems, joint electronic warfare and defensive cyberspace operations,” the strategy states.
“The investment in systems will be complemented by the establishment of a new counter-intelligence capability, including infrastructure and training equipment.
“Defence will also invest in offensive cyber and operational cyberspace capabilities for deployed forces, as well as systems to integrate intelligence, surveillance and reconnaissance programs and data.
“Intelligence capability will be further bolstered by continued investment in signals intelligence and the expansion and upgrading of secure communication systems.”
The government also plans to “expand and upgrade systems for delivering top secret information and communications within Defence and across the broader national security community”.
These investments are considered “critical to ensure information can be securely and reliably shared across Defence, with other government agencies, and with international partners”.
Defence has also hinted at plans to use its cyber capabilities to Australia’s strategic advantage and “grow its self-reliant ability to deliver deterrent effects” to adversaries.
“Given Australia’s limited resource base, we must improve our ability to deliver these effects without seeking to match the capability of major powers,” the strategy states.
“This includes developing capabilities to hold adversary forces and infrastructure at risk further from Australia, such as longer-range strike weapons, cyber capabilities and area denial systems.”
Robotics, AI and quantum
While the department has improved its IT since the 2016 white paper and the first principles review by modernising desktop computing and infrastructure, Defence is now looking ahead.
The strategy indicates Defence will need to plan for “next generation secure wireless networks, artificial intelligence and augmented analytics” over the next five years.
Over the next six to ten years, Defence capability is also likely to encompass the use of “robotics, blockchain immersive technologies, artificial intelligence and quantum computing”.
“Defence will continue to focus investments on ensuring it is able to seize the opportunities and meet the challenges posed by such developments,” the strategy states.
“In particular, investments aligned to security, information access and management, connectivity, and processing and storage are planned.
“They include upgrades to secure networks and to systems that support sharing information with domestic and international partners.
“In addition to its investments, Defence will continue to deliver enterprise-wide information and communications technology business transformation projects.”
In order to maintain these existing IT capabilities, Defence will establish an ‘ICT capability assurance program’.
The program will “ensure systems and applications [are] continuously updated and patched”, as well as “extend life-of-type and upgrade capacity”.
“It will reduce the requirement for concurrent complex, disruptive and expensive technology transformations across the enterprise, and provide a continuous program to ensure ICT capabilities remain modern and secure,” the strategy’s adjoining force structure plan states.
The department will also continue to upgrade core enterprise management systems such as its massive enterprise resource planning (ERP) system modernisation, which it recently selected Microsoft to host.