Project REDSPICE: Looking into Australia’s $10b Investment in Cyber Security

Many privacy and cyber security professionals across Australia were surprised by the $9.9 billion earmarked for investment in cyber security unveiled in the 2022 federal budget. Dubbed Project REDSPICE, an acronym for Resilience, Effects, Defence, Space, Intelligence, Cyber and Enablers, the investment seeks to increase Australians offensive cyber security capabilities. But what does that actually mean for cyber security in Australia?  

Project REDSPICE: What does it mean for cyber security in Australia? 

The role cyber security plays in national security has been increasingly visible over the past years. But the use of cyber warfare in the Russian invasion of Ukraine, particularly Ukraine’s disruption of the Russian government’s activities using cyber-attacks, has thrown cyber security into the limelight.  

Project REDSPICE is Australia’s response to the changing nature of warfare. The federal government hopes that the project will increase Australia’s cyber resiliency and responsiveness, while also stimulating offensive capabilities. 

REDSPICE is the most significant single investment in the Australian Signals Directorate’s 75 years. It responds to the deteriorating strategic circumstances in our region, characterised by rapid military expansion, growing coercive behaviour and increased cyber-attacks.”  

Investing in the Australian Signals Directorate 

The Australian Signals Directorate (ASD), Australia’s foreign signals intelligence and security agency, will be responsible for executing Project REDSPICE. The REDSPICE Blueprint outlines that the investment will: 

  • Triple the ASD’s cyber capabilities;  
  • Enhance signals intelligence; 
  • Grow defensive capabilities, enabling the hardening and defence of national systems and critical infrastructure.  
  • Promote the resilience of the ASD; 
  • Grow the ASD’s workforce; and  
  • Allow for investment in technology, tools, and communications.  

Job Growth During Project REDSPICE 

REDSPICE is set to create 1,900 new jobs, which will nearly double the size of the ASD over the coming decade. These new roles will include new analyst, technologist, corporate and enabling roles across Australia. This will be a big boost for the ACT and the rest of Australia as the ASD intends for 40% of its staff to be located outside of Canberra.  

Given the findings from our earlier Privacy Job Reports, we are very interested to see where these other roles will bePrivacy Job Report distributed. Historically, most privacy and security roles in Australia have been on the east coast – particularly in Melbourne and Sydney.  

See our recent job reports:

December 2021

September 2021

June 2021

Investing in AI and Other Advanced Technologies 

REDSPICE also seeks to increase Australia’s software and AI-enabled response capabilities to prevent network exploitation and deliver network effects. AI and machine-learning technology and data services, ICT hardware infrastructure, cloud-technologies, and new and hardened secure communications are also included in the REDSPICE Blueprint as areas for investment and improvement.  

Expanding Australia’s Global Footprint Through 5-Eyes 

A portion of the $9.9billion investment in REDSPICE will be dedicated to expanding Australia’s global footprint through the alliance, as well as increased collaboration on AI and cyber technologies and global initiatives through 5-Eyes. 5-Eyes is a key strategic intelligence alliance between Australia, Canada, New Zealand, the United Kingdom, and the United States. 

REDSPICE’s Role in Australia’s Cyber Security Response 

When considered alongside proposed and pending reforms to the SLACI Act and the Ransomware Action Plan, the significant investment in REDSPICE signals that cyber security will remain an issue that’s top-of-mind for Australian politicians and legislators.  But some questions remain: 

  • Where will the people come from for these important new jobs; 
  • How will this increase in the ASD workforce affect the increasingly strained cyber security skills market; 
  • What are the plans for greater engagement between ASD and the rest of Australia, with so much focus on the inter-connected eco system that supports the Australian economy; and 
  • Will there be any controls around how AI enables response capabilities are developed and used  


If you want to develop a future-focused privacy and security plan for your business, reach out. Our experienced team of privacy and security lawyers routinely provides guidance and internal training for Australian organisations. We would love to help.  

  • We collect and handle all personal information in accordance with our Privacy Policy.

  • This field is for validation purposes and should be left unchanged.

At Privacy 108, we are passionate about privacy and data protection. We work with organisations to ensure they collect, use and secure all information in a way that is both compliant and meets community expectations. Privacy 108 is a law firm. Our team of lawyers can provide specialist legal advice on privacy and security issues.