Standing up for Canberra

Government Entity Cyber Security is not an Optional Extra

The latest Australian National Audit Office report on the cyber resilience of government entities is a damning indictment of the Turnbull Government’s management of our nation’s cyber security in an environment where cyber attacks are becoming increasingly prevalent, sophisticated and malicious.

This fourth audit in the series shows that of 14 government entities reviewed, just four have been found to comply with mandatory cyber security standards - the Department of Human Services, Treasury, AUSTRAC and the Department of Agriculture and Water Resources.
Those that haven’t complied in the past include the:

  • Australian Federal Police
  • Former Department of Immigration and Border Protection
  • Australian Bureau of Statistics
  • Australian Taxation Office
  • Australian Financial Security Authority, and
  • Department of Foreign Affairs and Trade.

Labor has been sounding the alarm bells on the lack of compliance and cyber resilience of government entities for years.
But the response from the Turnbull Government has been a deafening silence - apart from a letter to Cabinet Ministers asking them to tell their agency heads to take cyber security ‘very seriously’!
In 2014, not one of the seven government entities investigated by the ANAO complied with mandatory cyber security standards.
Four years on, and a review of 14 government entities later, and only four - or 28 percent - have been found to comply.
At a time when significant data breaches and cyber-attacks are an almost daily occurrence, the revelation our own government entities continue to fail to meet mandatory standards should be a cause of great and immediate concern for the Turnbull Government.
These are government entities that collect and store the information of Australians, protect our borders and run our national security operations.
Continuing to ignore these warnings means the Turnbull Government is continuing to put this data at risk, with potentially significant consequences for Australians.
Cyber security is everyone’s responsibility and government entities must be the standard by which others in the community measure themselves.
What part of mandatory does the Turnbull Government not understand?
Where are the deadlines for these government entities to become compliant?
And when will the Turnbull Government stop treating the cyber security of government entities as an optional extra?