Two state government agencies and one of the country’s leading universities are in the running to win the inaugural iTnews prize for best cyber security project in this year’s Benchmark Awards.
After announcing finalists in the education, health, mass-market, sustainability and local government categories over the last week, we are delighted to showcase the three resilience finalists for 2020.
One of three new categories for 2020, the resilience award will be presented to the project that was best able to improve an organisation’s ability to withstand service disruptions and cyber-attacks, or reduce data exposure.
Stay tuned this week as we announce finalists in the remaining 9 categories, including finance, federal government, diversity, young leader and IoT.
We’ll also be publishing case studies on the finalists in the run up to the awards gala dinner on March 5, where we will reveal the winning projects, so keep your eyes peeled.
iTnews Benchmark Awards 2020 Resilience Finalists
Deakin University: ‘Deakin Shield’
After several internal review exercises found a significant number of cyber security risks across the university, Deakin decided to take action.
The result was Deakin Shield, an enterprise-wide cyber security program design to mitigate the risk of compromise against the university’s data.
Through a series of sub-projects, the program has introduced a number of new technologies to counter cyber threats.
This includes multi-factor authentication for all staff to reduce the risk of compromised user credentials by asking staff to prove their identity with more than just a password.
Other new capabilities include a new virtual private network, improved email security tools such as a new ‘Phish Alert’ reporting function in outlook and new operating systems for all Deakin computers.
As a result of the changes, the amount of staff clicking on malicious emails has reduced, with phishing simulation tests helping to bring reduce this number further.
SA Water: ‘SCADA system’
When it comes to critical infrastructure, few services are more important than the supply of water.
Like other critical infrastructure such as electricity and telecommunications, control systems for water are increasingly exposed to cyber security threats.
In South Australia, the government agency in charge of providing water services to 1.7 million customers recognised this threat, and decided to overhaul its SCADA system.
The system is used by SA Water to monitor and control the assets that provide water to customers’ taps, and is used to transport and treat sewage safely.
The resilient, cost effective system now allows the agency to monitor and control its water assets in any situation, be it a state-wide power interruption or targeted cyber-attack.
Under the new SCADA system, which is a central, virtual solution in a single secure data centre,a full system rollback can occur in hours instead of days.
Victorian Electoral Commission
If there was anything that focused the minds of IT security experts working to secure the country’s voting systems in 2019, it was the state-sponsored cyber-attack against Parliament House.
While the incident, thankfully, was found not to extend to the country’s ageing voting systems, it did highlight the need to keep vigilant in a rapid changing security environment.
But it is not always a high-profile event that leads an agency to reinforce its resilience.
For the Victorian Electoral Commission, a highly-critical internal audit report highlighted a need to improve compliance with the state’s protective data security standards.
It also revealed a poor level of maturity under the Australian Signals Directorate’s Essential Eight model – now considered the baseline for cyber security.
To address the findings, the VEC partnered with Microsoft to build a platform that would rapid improve its cyber security posture, including compliance with four of the Essential Eight strategies.