Australian Cyber Security Centre stands up government flying squad

The Australian Cyber Security Centre is beefing up its newly established government cyber security flying squad to hasten the pace of fortifying the Commonwealth’s cyber posture.

Armed with an undisclosed amount of funding to uplift federal government system, the agency is appealing for cyber security professions to build out its ‘government uplift team’.

The existence of the small crack team, located in ACSC’s 'protect and assure' branch, emerged earlier this year following the high-profile malicious attack against Parliament House in February.

It is tasked with assisting agencies tackle persistent threats across government by converting their stated IT security policies into “practical, effective controls, processes and technical implementations”.

Or, to put it simply, making sure cyber actually happens.

The field is not short of conspicuous challenges.

Over recent months, agencies have questioned the effectiveness of the government’s approach to cyber security, particularly the Australian Signals Directorate’s (ASD) so-called mandated rules.

The last full count of compliance with the mandatory cyber controls showed that almost almost forty percent of agencies were struggling to fully-implement the top four six years after they become mandatory.

Better access to external, specialised cyber security advice has been billed by some as an answer to uplifting cyber resilience, especially for small and micro sized agencies.

As many as ten cyber security technical professionals with a minimum baseline security clearance will be brought into the government uplift team between now and July.

ACSC said this would involve “provid[ing] expert technical advice/assistance to a wide variety of situations and scenarios, helping agencies raise their cyber posture”.

The recruitment drive follows a national security shielded kitty of funding in the federal budget to uplift cyber security arrangements for whole-of-government systems, as well as “mitigate potential cyber threats through enhanced monitoring and response capabilities”.

These capabilities will take the form of "cyber sprint teams" within the Australian Cyber Security Centre, as well as the creation of a “cyber security response fund”.

An ACSC spokesperson declined to answer questions about the government uplift team, saying only that its remit included helping “agencies improve their cyber resilience and ensure their IT systems are as safe as possible against malicious activity”

“The Budget contained funding to allow our expert teams to continue their work of providing cyber security advice to Australian Government Departments and Agencies,” the spokesperson said