Audit reveals cyber basics still beyond the federal government
by Alison Ryan
This seems to be a warning and a highlight to greater government woes in NSW and further afield. eg: Regarding the Federal Government last year, itnews reported the Prime Minister’s department was named amongst the agencies to fail the Australian National Audit Office’s (ANAO) cyber security audit. The national auditor revealed that some of the federal government’s most powerful departments were amongst those still failing to fully implement mandatory cyber security controls, leaving them “vulnerable” to attack. These agencies were the Attorney-General’s Department (AGD); Department of Prime Minister and Cabinet (PM&C); Department of Health; Department of Education, Skills and Employment (DESE); Future Fund Management Agency; IP Australia; and Austrade.
And this year’s Audit revealed that “cyber basics was still beyond the fed gov”. On Jun 10 2022, itnews reported that like the past ANAO audits, the 2022 review also found no significant improvement over time of entity compliance with the protective security policy framework (PSPF) cyber security requirements.
The ANAO noted that low compliance by entities with PSPF cyber security requirements risked compromise to information.
All the while, the NSW and Australian Governments are working closely together to explore the adoption of a national Digital Identity ecosystem. NSW Government chief information and digital officer Greg Wells voiced platitudes that “privacy and security were of the utmost importance to the NSW Government”, and that “ACIC has reported that oversharing of personal information and identity crime cost customers and the private sector more than $3.1 billion across Australia in 2018/19”.
Yet for those in NSW who are affected by the floods, the Australian Government Bureau of Meteorology (BOM) website cannot be accessed for information and warnings at http://www.bom.gov.au/akamai/https-redirect.html A search for BOM appears fruitless. Information under BOM links state:
“The Bureau of Meteorology website does not currently support connections via HTTPS. You will shortly be redirected to http://www.bom.gov.au”, and, “The Australian Bureau of Meteorology recognises the need for supporting international web standards. The content on the page you came from is accessible to all”, yet BOM does not redirect, and its links do not open.
Instead, weather news is delivered by the Australian Government Services Australia which is then directing readers to the online myGov and login PRODA (Provider Digital Access); or directing readers to the NSW State Emergency Service, or the SES facebook site, or even Elders weather.
BOM is stated to be an Executive agency of the Australian government, along with Australian Financial Security Authority, Digital Transformation Agency, Infrastructure and Project Financing Agency,
Under the previous Morrison Liberal/National government, The Commonwealth committed to establishing a new virtual climate and disaster risk information and services centre called ‘Resilience Services’ by 1 July 2021.
The ‘Resilience Services’ centre would collect and leverage the Commonwealth’s extensive data, information and capabilities from agencies such as Bureau of Meteorology, the CSIRO, Geoscience Australia and the Australian Bureau of Statistics, to aid the information needs of Emergency Management Australia and the new National Resilience, Relief and Recovery Agency [See Foreword by Scott Morrison MP in “A national approach to national disasters”, Commonwealth of Australia 2020, pdf]
Providing weather information to Australians will never be the same again. In the place of the BOM Morrison changed weather information and warning advice to the buzz words of long-term risk reduction and adaptation to natural disasters. There is something seriously troublesome here.