Standing up for Canberra

Prime Minister Needs to Tend His Own Cyber Security Patch

Given reports that 90 percent of companies and government agencies have been the targets of cyber threats in the last 12 months, Labor welcomes news of the Prime Minister's cyber security forum with the private sector today.

But if the Prime Minister is serious about cyber security, he should be having a forum with his own non-resilient and non-compliant government agencies, as a matter of urgency.

The Australian National Audit Office recently found that two of the three agencies covered in its cyber resilience follow up review had “insufficient protections against cyber attacks from external sources.” 

Two of the three had not effectively implemented application whitelists, which meant users could install and run applications and bypass the whitelist completely.

And only one of the three agencies complied with the mandated Top Four Mitigation Strategies and was found to be “cyber resilient”.

The ANAO’s review makes sobering reading, given the three government agencies assured the Joint Committee of Public Accounts and Audit they would achieve compliance during 2016 after the first damning audit in 2014.

Cyber security is everyone's responsibility, so discussions with the private sector are important.

But equally important is the cyber security of government agencies, particularly following #censusfail and the Bureau of Meteorology cyber intrusion.

So what’s the Prime Minister doing to improve the cyber resilience, compliance and governance of his own government agencies - apart from writing a stern letter?