When asked this morning whether Australia’s government agencies were protected against the cyber threats experienced last Friday, the Minister Assisting the Prime Minister for Cyber Security said, “I would hope so”.
Labor hopes the Minister’s faith is justified, given a recent Australian National Audit Office report found that two of the three agencies covered in its cyber resilience follow up review had “insufficient protections against cyber attacks from external sources.”
Two of the three had not effectively implemented application whitelists, which meant users could install and run applications and bypass the whitelist completely.
And only one of the three agencies complied with the mandated mitigation strategies and was found to be “cyber resilient” – despite all three agencies assuring the Joint Committee of Public Accounts and Audit they would achieve compliance during 2016 after the first damning audit in 2014.
The Minister went on to say “all departmental heads and agency heads know their responsibilities in this area.”
Well do they Minister?
And do you think a stern letter made them sit up and take notice?
What is the Turnbull Government doing to improve the cyber resilience, compliance and governance of its own government agencies?
And where are the regular, transparent assurance and reporting measures that show they are compliant?
Here’s hoping the forthcoming Joint Committee of Public Accounts and Audit’s inquiry into the cyber resilience of government agencies proves the Minister is right to have faith.
And that he’s just not crossing every finger and toe.
MONDAY, 15 MAY 2017