Skip to main content

The Future of Redspice and its $5 Billion for Australian industry

by Cameron Sinclair •
Subscriber preview

The $10 billion Project Redspice cyber security package, announced as part of the Coalition’s 2022-23 Budget includes $5 billion in opportunities for Australian companies, including small and medium enterprises, to deliver a range of goods and services.

The Australian Signals Directorate’s (ASD’s) ‘Redspice: A Blueprint for Growing ASD’s Capabilities’ indicates there will be strategic partnerships to deliver workforce planning, recruitment and training as well as program management, and change and transformation management.

In addition, ASD will be looking for the supply of:

  • Secure telecommunication and cloud computing components
  • Data services
  • Software
  • Hardware
  • AI and machine learning technology

The successful delivery of the Redspice program will require many of these suppliers having staff with the appropriate security clearances to work on ASD projects, and the current security vetting process is a major pinch point.

Labor welcomed the Redspice package, but noted that it will put pressure on an “already heavily contested talent pool”, referencing a November media report that describes a “massive skills shortage across the sector.”

Labor also drew attention to ongoing delays in the security vetting system, describing it as a ‘clogged process’, and spending on external vetting contractors has increased “with no commensurate improvement in [processing] times”.

Long delays in the vetting system have been an ongoing source of frustration for security and intelligence services, and for recruiters trying to place cyber security resources into public sector roles.

The Australian Government Security Vetting Agency (AGSVA), a branch within the Department of Defence, was established in 2010 to centrally administer personnel security vetting on behalf of most Australian Government agencies.

As an indication of the scale of the security vetting challenge, according to the Australian National Audit Office (ANAO), AGSVA completed 49,425 security clearances in 2019-20 and as at 1 July 2020, maintained 403,888 ‘active security clearances’.

AGSVA publishes a ‘general’ guide’ on the timeframe for each clearance level (see the table below), but there is extensive anecdotal evidence that processing takes much longer than the AGSVA estimates.

 

 

Baseline 

Negative 1 (NV1) 

Negative 2 (NV2) 

Positive Vetting (PV) 

Definition 

Classified resources up to and including PROTECTED 

Classified resources up and including SECRET 

Classified resources up to and including TOP SECRET 

TOP SECRET, including some caveated information 

Estimated time to complete vetting process 

20 business days 

(1 month) 

70 business days  

(3.5 months) 

100 business days  

(5 months) 

180 business days 

(9 months) 

The ANAO conducted a performance audit on the ‘Central Administration of Security Vetting’ in 2015, finding that expectations of “improved efficiency and cost savings have not been realised”.

A 2017 Independent Intelligence Review stated “that the time it currently takes to process a TS(PV) is unacceptably long” and the 2019 Independent Review of the Australian Public Service specifically reiterated the concerns from the intelligence reviews about the vetting process.

The ANAO and the Joint Committee of Public Accounts and Audit (JCPAA) then made recommendations in 2018 and 2019 to Defence to ‘improve the effectiveness of the Australian Government’s personnel security arrangements’.

The Inspector-General of Intelligence and Security (IGIS) noted in a December 2020 submission to the Parliamentary Joint Committee on Intelligence and Security (PJCIS) that it was “aware anecdotally and from briefings that some agencies are having difficulty meeting recruitment targets and that this is, at least in part, related to vetting delays”.

Under the ASD recruitment process applicants are put through interviews, technical assessments, and psychological testing before undergoing their AGSVA security vetting.

In April 2022, there were 35 vacancies on the ASD website. Applicants for paid internships require only baseline vetting. Entry level cyber security specialist roles require NV1; analysts require NV1, with some roles requiring PV. All EL1 roles require PV.

In February 2021, Accenture was announced as the successful bidder for Defence’s ‘vetting transformation project’ (ICT2270). Under a four-and-a-half year, $114.2 million contract, it will replace the current, highly criticised AGSVA systems with a digitised solution that among other things will allowing sponsoring entities (agencies) to log into a secure portal.

It is probably not until the new system is fully implemented in 2025 or 2026 that Redspice’s full ambition for the involvement of Australian industry can be realised unfettered of the hold ups created by delays in vetting procedures.

Already a subscriber? Sign in here to keep reading

Want more content like this? Contact our team for subscription options!

  • Stay up-to-date on the latest news in government
  • Navigate market uncertainty with executive-level reports
  • Gain a deeper understanding of public sector procurement trends
  • Know exactly where government is spending
Jurisdiction
  • Federal
Category
  • Hardware
  • IT Services
  • Labour Hire
  • Software
  • Telecommunications
Sector
  • Border Security
  • Defence