Wednesday, January 06, 2021

I Wonder Why It Is The Department Of Health Is Not A Top Cyber Protection Performer?

This appeared last week:

Security lapse gives hackers a free pass

Richard Ferguson

Treasury and Defence are among a number of federal government departments that have failed to fully implement a cybersecurity system designed to protect them from ­malicious emails.

After a slew of attacks this year by state-based hackers against the government and ­Australian businesses, only Home Affairs, Services Australia and the Australian Signals Directorate have told the Senate they have fully ­integrated the Domain-based Message Authentication, Reporting and Conformance protocols, which prevent attackers from ­getting in through emails.

Questions on notice to Senate estimates and checks via domain name networks show Treasury, ­Defence, Health, Education, Industry, Parliamentary Services and ­Attorney-General have only partially implemented the cyber ­protections.

A Department of Home Affairs spokesman said the cyber uplift programs would help departments bolster cyber defences, and that Home Affairs was seeing an uptick in DMARC protocols in commonwealth offices.

“The use of DMARC is a recommended control in the Information Security Manual and is one component of the Australian Signals Directorate’s suggested mitigation strategies,” he said.

“ASD has observed increased adoption of DMARC across government networks.”

Labor’s cybersecurity spokesman Tim Watts said commonwealth departments had to improve their cybersecurity if Scott Morrison expected businesses to do the same.

“The lack of implementation of basic cyber security hygiene, such as DMARC, highlights the lack of real accountability within government on commonwealth entities’ cyber security,” he said.

“Unless the government lifts its game, it leaves itself open to ­accusations of telling businesses to do as I say, not as I do.”

More here:

https://www.theaustralian.com.au/nation/politics/security-lapse-gives-hackers-a-free-pass/news-story/9c4bc21cf1e984abaf6d895de1b3cdd7

What is even more worrying is that when asked, the Department was not even prepared to say just how well prepared they were as regards cyber-security.

This can hardly be seen as an ideal situation with all the threats that are apparently out there!

David.

 

1 comment:

  1. A classic case of “do as I say not as I do”

    ReplyDelete