Government departments fail cyber resilience test

The Australian National Audit Office (ANAO) has assessed the cybersecurity credentials of several Federal Government agencies, with all but one department failing its review.
 

As part of the government agency’s fourth report on cyber resilience, the audit office assessed four federal departments, including the Department of the Treasury, the National Archives of Australia and Geoscience Australia, rating each agency’s compliance with Australian Signal Directorate’s (ASD) ‘Essential Eight’ cybersecurity guidelines.

These guidelines include mitigation strategies aimed at improving systems cyber resilience, including restricting administrative privileges, utilising multi-factor authentication, and patching operating systems.

ANAO’s ‘Top Four’ mandatory cyber mitigation strategies for government departments and agencies include application whitelisting, applying application and operating system patches, and effectively managing access provisions for privileged user accounts.

Of the three departments assessed by ANAO, only Treasury was compliant with the Top Four mitigation strategies and rated as “cyber resilient”.

While the National Archives were found to be non-compliant with the mitigation strategies, they nevertheless had sound ICT general controls, proving a level of cyber resilience without the essential internal resilience, the report stated. 

The harshest rebuke was left for Geoscience Australia, with the report finding it was “not compliant with the Top Four mitigation strategies and did not have sound ICT general controls”, leaving itself particularly vulnerable to cyber-attacks. 

“Until the National Archives and Geoscience Australia achieve compliance with the mandatory strategies, it is inappropriate to consider that a positive cyber resilience culture is in place,” the audit said.

Each of the surveyed departments has agreed to recommendations made by ANAO to improve respective department cyber resilience. 

 

Related Stories

MAS to mandate six cyber resilience measures for FSIs
While still under public consultation, MAS has proposed to elevate these criteria as "legally... Read More
WA Rail strikes 4G telecommunications deal with China’s Huawei
The single "end-to-end digital radio solution" will provide both voice and data services, expanding... Read More
Australia to be a ‘top three digital government’ by 2025 – Keenan
In an address to the Australian Information Industry Association, Keenan proposed the... Read More
Going local: Defence Innovation Hub awards key contracts to Australian businesses
  Three local manufacturers will be contracted to deliver specialist military hardware to the... Read More

Comments