Federal cyber skills lacking
The Immigration Department and the ATO are failing to meet government cyber-security standards, according to a new report.
A parliamentary committee report released this week shows MPs are “most concerned” that Immigration and the Tax Office have not met mandatory ‘top four’ threat mitigation strategies, leaving their systems at risk.
The Australian Signals Directorate says implementing the strategies in full would prevent up to 85 per cent of targeted cyber intrusions.
However, only about 65 per cent of non-corporate Commonwealth entities said they complied in 2015-16.
The ATO now says it will be fully compliant by next month.
Immigration officials say they do not know when full compliance will be achieved.
The department had previously intended to meet the standards by the end of 2016.
The weaknesses have been revealed amid a massive merger that will see Immigration become part of the new Home Affairs portfolio from next year, alongside ASIO, the Australian Federal Police, Austrac and the Australian Criminal Intelligence Commission.
The report from the cyber security survey made 10 recommendations, including a call for the government to require the ASD’s security strategies be in place by June 2018.
Those strategies include daily backups of important data, multi-factor authentication and application hardening.
The report also calls for more input next time around, with only 30 to 40 per cent of entities having completed the survey.