Tax and social security records and national security information remains vulnerable to cyber attacks, a new report shows.
An auditor-general review of seven major government agencies found that none complied with the required cyber security measures which were due to be in place by mid-2014.
The agencies included the Australian Tax Office, Department of Foreign Affairs and Trade, Australian Bureau of Statistics, Customs, Australian Financial Security Authority, the Department of Human Services and IP Australia.
The agencies hold a wide range of personal, national security, and economic information.
The report said that in 2012 there were more than 1790 security incidents against Australian government agencies, of which 685 were considered serious.
While the audited agencies had put in place internal security safeguards to protect their information ‘the selected agencies had not yet achieved full compliance with the top four mitigation strategies” mandated by the government in 2013.
And none was on track to meet the mid-2014 compliance date.
The agencies were found to have a ‘reasonable’ level of protection from breaches from internal sources, but ‘vulnerabilities remain against attacks from external sources to agency systems’.
‘In essence, agency processes and practices have not been sufficiently responsive to the ever-present and ever-changing risks that government systems are exposed to,’ the report concluded.
The four strategies agencies have been asked to put in place include protections against malicious programs, security ‘patching’ of applications, devices and operating systems and keeping administrative privileges to a small group of users.
