The Australian Signals Directorate is beginning a major IT upgrade in support of its service-wide information security role and the recently updated Australian Cyber Security Strategy.
The massive expansion is expected to begin in October 2017 at this stage. When complete three years later, it will have significantly expanded the agency’s systems to 15 separate IT environments for both PROTECTED and UNCLASSIFIED workers featuring “a mixture of private, public, hybrid cloud and on-premise infrastructure”.
The ASD estimates its storage will jump from 200 terabytes to 10 petabytes — 50 times more — over the three-year project. The number of physical servers will multiply from 20 to 150, there will be five times as many user accounts and ten times as many virtual machines, according to details of the agency’s requirements released on AusTender.
Driven by the new federal cyber strategy, the upgrade aims to beef up the agency’s capability as the national authority on information security, and in achieveing its other more secretive “business outcomes” in the collection, analysis and distribution of foreign signals intelligence.
It will increase ASD’s capacity to counter emerging cyber threats, help it assess the vulnerabilities of other federal agencies and provide technical security advice, allow it to serve a wider range of organisations and improve collaboration with the private sector, according to the requirements document.
The new systems should be adaptable, easy to use and scalable, allowing users to “rapidly spin-up and deploy new capabilities to meet operational requirements in short time frames” and enable the ASD to offer new services to its “cyber security customers” which include agencies in all tiers of government. The big project will be undertaken iteratively so the plans can adapt as new technology emerges and as user requirements evolve.
It is being undertaken in recognition that “the internet is where the world now conducts its business” and cyber attacks are a serious threat to national security and the national interest:
“The internet has become an essential tool for all government officials. It helps all levels of government in Australia to deliver services and conduct business flexibly and efficiently. Online has become the primary means of interaction.
“Australia’s reliance on information and communications technology also makes us vulnerable to cyber intrusions that could disrupt the business of government. This reliance means that the security of electronic information is increasingly important.
“To counter the threat, Australia needs to develop a strong information security capability. The effectiveness of Australia’s cyber and information security rests on laws, policy, organisation, education and awareness, as much as it does on technology.”
The complex long-term procurement process also aims to build capability in the IT industry to assist the ASD with its various information security roles and electronic spying missions. The agency wants a long term working relationship with a service provider “to assist in supporting, building, and fielding capabilities” and is looking to the solve skills shortages in the future:
“Current standing offer, procurement and service support mechanisms adopted by the [Defence Strategic Policy and Intelligence] Group are not seen as being scalable to meet projected Cyber Program requirements. This procurement process is intended to address appropriate security cleared personnel, ICT service support and ICT development limitations currently being experienced by the Cyber Program within ASD.”
The service provider must be ready and willing to work with ASD but also its partners in the federal Cyber Program, including other government agencies, industry and academia. It must also help transfer related skills, knowledge and expertise to Commonwealth public servants in ASD or other agencies.