Parliament hack prompted mass govt cyber security uplift

Twenty-five government agencies had their cyber posture uplifted following the state-sponsored cyber attack against Parliament House in February, the Australian Signals Directorate has revealed.

In its first annual report since becoming a statutory agency, the agency said the “first national cyber crisis” spurred the Australian Cyber Security Centre to improve cyber resiliency across government.

“The cyber campaign against departments, agencies and political parties ... demonstrated hostile actors' capacity and intent to identify and exploit vulnerabilities in the Australian Government's internet-facing networks,” the 2018-19 annual report states.

“In response, the ACSC initiated a program to provide strategic technical assistance to Australian government agencies to support an increase – or 'uplift' – to their cyber security posture and implementation.”

Federal government agencies have struggled to comply with the ASD’s mandatory information security controls in recent years, largely due to resourcing and funding constraints.

At last count, almost forty percent of agencies were yet to fully-implement the top four strategies to mitigate cyber security incidents six years after they become mandatory.

Despite the existence of a dedicated cyber security minister between 2016 and 2018, there had been little resolve by the government to take action against these persistent cyber security concerns until this year.

The 2019 budget saw an undisclosed amount of funding for the creation of new teams within the ACSC to “mitigate potential cyber threats through enhanced monitoring and response capabilities”.

This saw the creation of cyber sprint teams under the ‘Essential Eight+Sprint Program’ in April, which ASD said has now helped 25 government “improve their Essential Eight maturity and overall cyber security posture”.

The “sprint engagement” was in addition to ongoing “strategic technical assistance to improve the cyber-hygiene of agencies within local, state and Commonwealth agencies, as well as academic institutions”.

One such agency was the Australian Electoral Commission, which ACSCworked with to secure the 2019 federal election from interference.

“The ACSC was focused on providing cyber security advice and assistance to the AEC, and supporting the AEC's efforts to increase their resilience to cyber security threats,” ASD said.

“The ACSC also provided 24 hour monitoring of the AEC network for malicious activity until June 2019, with ongoing monitoring support until the return of writs.

“The ACSC did not identify any cyber incidents that undermined the integrity of the election.”

The sprint engagement with government agencies also informed an update of the Essential Eight by ACSC during 2018-19.

Following the parliamentary computing network cyber attack, ASD also provided a “custom-built software tool” for federal, state and territory government agencies and critical infrastructure providers to scan their networks.

2164 cyber incidents, one cyber crisis

Although the security breach of the parliamentary computing network was considered “Australia’s first national cyber crisis”, monitoring of the network meant that the intrusion was “caught early”.

“While the intrusion was widespread, it was caught early,” ASD said.

“The Department of Parliament Services had implemented security practices that helped to identify and restrict the extent of the compromise, minimising the potential impact.”

However, it was just one of “2164 incidents of varying significance” that the ACSC responded to during 2018-19.

Forty percent of these were “low-level malicious attacks, including targeted reconnaissance, phishing emails and non-sensitive data loss”.