The role of Government cyber security
Cyber security is of critical importance to corporations and governments alike, and both must protect their IT infrastructure, systems and data from cyber-attacks. However, this is where the similarities between corporate and government cyber security end.
The scope and importance of Australian Government cyber security.
The Australian Government’s cyber security remit extends to safeguarding the nation, the Australian people and the economy from nefarious cyber actors and an attack impacting national security, law enforcement, health care or critical infrastructure could have catastrophic consequences.
The number and sophistication of cyber-attacks on Australian governments is alarming. In September, the Australian Cyber Security Centre reported 377 cyber-attacks on the Australian Government and critical infrastructure during the FY21 period. Incidents like the recent South Australian Government attack where the personal details of 80,000 employees were compromised underscores the critical nature of government cyber security.
Key Australian Government cyber security strategies.
In the face of increasing cyber threats, the Australian Government has developed a number of frameworks and strategies to improve Australia’s cyber resilience. Most recently the Australian Government’s Cyber Security Strategy was launched in August 2020. The strategy aims to promote a more secure online world for all Australians’ and is broad in its objectives:
- Improve defences of government networks and data.
- Bolster law enforcement capabilities to investigate and prosecute cybercriminals.
- Provide cyber-security advice and assistance to families and businesses.
- Support the growth of a skilled, cyber workforce.
- Partner with critical infrastructure owners to bolster critical systems’ security.
To bolster its own cyber defences, in 2019 the Australian Government released its Whole of Government Hosting Strategy. The hosting strategy provided policy direction and guidance to federal agencies and their hosting providers to better secure government data and systems held within provider data centres.
A crucial aspect of the hosting strategy was the launch of the Hosting Certification Framework in March last year. Through evaluating and certifying hosting providers against ownership and control standards, the Australian Government can mitigate data sovereignty, supply chain and data-centre ownership risks to its IT systems and data.
Another cornerstone government security framework that encompasses information security is the Protective Security Policy Framework (PSPF). The framework aims to protect government people, information and assets here and abroad and covers security governance, information, personnel and physical security. Government entities that are subject to the Public Governance, Performance and Accountability Act 2013 must apply the PSPF and report on their compliance.
To assist Australian organisations to strengthen their cyber security defences, in 2018 the Australian Government published the Information Security Manual. Updated frequently, the manual advocates a risk-based approach to cyber security and provides a comprehensive set of guidelines covering all aspects of an organisation’s IT systems and infrastructure.
Australian Government cybersecurity is challenging, and the dynamic co-evolution between attack and defence means Australian Government cyber security must continually evolve. With the inherent difficulties in attracting qualified staff, and the need for 7x24x365 threat monitoring by a Security Operations Centre, the Australian Government increasingly engages with cyber security contractors and service providers who are at the forefront of cyber defence.
Macquarie Government cybersecurity services.
At Macquarie Government we are uniquely positioned to offer cyber security and secure hosting services to Australian Government entities:
- Almost 20 years’ experience protecting government systems, networks and data.
- Protecting 42% of Australian Government agencies.
- Over 200 employees cleared by the Australian Government Security Vetting Agency.
- Macquarie Government Cyber Security Centre of Excellence – tightly integrated physical and virtual infrastructure, leading edge platforms and highly-trained cyber security engineers.