NSW govt looks to extend DMARC to all councils

All local councils across NSW look set to receive domain-based message authentication, reporting and conformance (DMARC) to verify the origin of emails and block suspicious messages.

The Department of Customer Services has revealed plans to extend DMARC email authentication protocols beyond NSW government domains in a bid to improve email risk management.

It follows adverse findings around cyber security in a series of local government audits over the past two years.

A 2019 audit report said 80 percent of councils were without a cyber security policy or framework, leading the government to begin developing an industry-specific cyber security policy.

Another audit earlier this year found that while the situation had improved slightly, more than one third of councils were still yet “to implement basic governance and internal controls to manage cyber security.”

DCS said DMARC protocols are an “important security measure”, but that only NSW government networks are currently protected.

“In 2018, a proof-of-concept was conducted to test the feasibility of implementing DMARC on the NSW government’s domains, across all NSW government clusters,” tender documents state.

“To complete the DMARC implementation it is necessary to include the NSW local councils and state-owned corporations in the scope of the DMARC project.”

The department is looking for one or more suppliers to provide a DMARC service for up to the next five years.

The approach to market comes almost a year after the peak body for councils criticised the NSW government for failing to provide adequate support to address cyber security threats.

Local Government NSW said there had been a “complete lack of NSW government support to local government in managing cyber security threats”, despite the vital role of the sector.

Following a funding injection last year, Cyber Security NSW has begun to provide cyber security support and training to local councils.

Last week, the government rejected calls to move Cyber Security NSW into the Department of Premier and Cabinet, arguing that DCS was its natural home.