Government departments fail cyber resilience test

The Australian National Audit Office (ANAO) has assessed the cybersecurity credentials of several Federal Government agencies, with all but one department failing its review.
 

As part of the government agency’s fourth report on cyber resilience, the audit office assessed four federal departments, including the Department of the Treasury, the National Archives of Australia and Geoscience Australia, rating each agency’s compliance with Australian Signal Directorate’s (ASD) ‘Essential Eight’ cybersecurity guidelines.

These guidelines include mitigation strategies aimed at improving systems cyber resilience, including restricting administrative privileges, utilising multi-factor authentication, and patching operating systems.

ANAO’s ‘Top Four’ mandatory cyber mitigation strategies for government departments and agencies include application whitelisting, applying application and operating system patches, and effectively managing access provisions for privileged user accounts.

Of the three departments assessed by ANAO, only Treasury was compliant with the Top Four mitigation strategies and rated as “cyber resilient”.

While the National Archives were found to be non-compliant with the mitigation strategies, they nevertheless had sound ICT general controls, proving a level of cyber resilience without the essential internal resilience, the report stated. 

The harshest rebuke was left for Geoscience Australia, with the report finding it was “not compliant with the Top Four mitigation strategies and did not have sound ICT general controls”, leaving itself particularly vulnerable to cyber-attacks. 

“Until the National Archives and Geoscience Australia achieve compliance with the mandatory strategies, it is inappropriate to consider that a positive cyber resilience culture is in place,” the audit said.

Each of the surveyed departments has agreed to recommendations made by ANAO to improve respective department cyber resilience. 

 

Related Stories

Defence scientists announce facial recognition breakthrough, while NSW flags Opal Card alternative with face detection tech
Research conducted by the DST’s biometrics team sought a new method to enhance facial recognition... Read More
An Interview with Carolyn De Gois, Special Advisor, Office of One VPS
FST Government: One VPS is unique among the states, established as a dedicated team to foster and... Read More
Auditor-General slams Aus Post, lauds ASC over cyber resilience
By contrast, the ANAO commended ASC and the Reserve Bank of Australia (RBA) for their “effective”... Read More
Connected vehicle trial hits Victorian roads in Australian first
The project, known as Advanced Connected Vehicles Victoria (ACV2), will leverage artificial... Read More