iTnews
  • Home
  • News
  • Business
  • Strategy

Geoscience Australia takes action after cyber security fail

By Justin Hendry on Mar 15, 2019 3:47PM
Geoscience Australia takes action after cyber security fail

Moves to have all Essential Eight in place by June 2020.

Geoscience Australia has kicked off a program of work to implement all the government’s mandatory and non-mandatory cyber security requirements by 2020 after being labelled highly exposed to cyber-attack last year.

In June 2018 the Australian National Audit Office (ANAO) found the agency had failed to implement any of the top four cyber mitigation strategies set by the Australian Signals Directorate.

“Geoscience Australia was assessed as vulnerable, with a high level of exposure and opportunity for external attacks and internal breaches and unauthorised disclosures of information,” the 2018 audit report stated.

Application whitelisting was highlighted as particularly poor outcome, as was application patching with the agency in some instances taking up to 30 days to install critical patches – where the current requirement is 48 hours.

The audit called on Geoscience to establish a plan and timeframe to achieve compliance with the Top Four, to which they agreed.     

On Thursday, in a submission [pdf] to the cyber resilience inquiry, the agency said all of the Essential Eight - now considered the baseline for cyber security by ASD – would be implemented by the end of June 2020 as part of its newly established “Security Improvement Program (SIP)”.

It follows the creation of a security strategy developed in the wake of the audit as a guide for achieving cyber resilience across three focus areas: people and culture, technical controls and security governance.

The internally funded SIP will be used to harden essential business system “with respect to availability, recoverability and resilience to attack” and establish a standardised security architecture and control framework for ICT to enhance security and risk governance processes.

New education and awareness strategies around cyber security will similarly be established under the program to foster “a security aware culture”.

The agency has already successful trialled an application whitelisting solution that it plans to deploy by the end of June, with all “non-essential systems and services to be remediated by 30 June 2020”.

It has also increase visibility of managed services provider services, upgraded its endpoint security software and introduced enhanced threat detection capabilities.

But Geoscience also wants to push the bar further, including plans for additional projects to reduce its exposure to cyber-attack through vulnerability management.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
anaoasdauditcyber securityessential eightgeoscience australiagovernmentitprojectssecuritystrategy

Partner Content

How to turn digital complexity into competitive advantage
Promoted Content How to turn digital complexity into competitive advantage
Why rethinking your CMS is crucial for customer retention
Promoted Content Why rethinking your CMS is crucial for customer retention
Accenture and Google Cloud team up to create a loveable, Australian-first, renewable energy product
Promoted Content Accenture and Google Cloud team up to create a loveable, Australian-first, renewable energy product
Security: Understanding the fundamentals of governance, risk & compliance
Promoted Content Security: Understanding the fundamentals of governance, risk & compliance

Sponsored Whitepapers

Extracting the value of data using Unified Observability
Extracting the value of data using Unified Observability
Planning before the breach: You can’t protect what you can’t see
Planning before the breach: You can’t protect what you can’t see
Beyond FTP: Securing and Managing File Transfers
Beyond FTP: Securing and Managing File Transfers
NextGen Security Operations: A Roadmap for the Future
NextGen Security Operations: A Roadmap for the Future
Video: Watch Juniper talk about its Aston Martin partnership
Video: Watch Juniper talk about its Aston Martin partnership

Events

  • Micro Focus Information Management & Governance (IM&G) Forum 2022
  • CRN Channel Meets: CyberSecurity Live Event
  • IoT Insights: Secure By Design for manufacturing
  • Cyber Security for Government Summit
  • Forrester Technology & Innovation Asia Pacific 2022
By Justin Hendry
Mar 15 2019
3:47PM
0 Comments

Related Articles

  • Cyber basics still beyond fed gov as Essential Eight mandate looms
  • From zero to hero: Geoscience Australia nears cyber resiliency
  • Prime Minister's department among agencies to fail cyber security audit
  • Govt agencies face annual cyber security audits for next five years
Share on Twitter Share on Facebook Share on LinkedIn Share on Whatsapp Email A Friend

Most Read Articles

Qantas calls time on IBM, Fujitsu in tech modernisation

Qantas calls time on IBM, Fujitsu in tech modernisation

PayTo rollout kicks off

PayTo rollout kicks off

Researchers hacked Oracle servers to demo serious vulnerability

Researchers hacked Oracle servers to demo serious vulnerability

Neobank Volt exits the banking industry

Neobank Volt exits the banking industry

Digital Nation

COVER STORY: Operationalising net zero through the power of IoT
COVER STORY: Operationalising net zero through the power of IoT
IBM global chief data officer on the rise of the number crunchers
IBM global chief data officer on the rise of the number crunchers
Integrity, ethics and board decisions in the digital age
Integrity, ethics and board decisions in the digital age
The security threat of quantum computing
The security threat of quantum computing
Crypto experts optimistic about future of Bitcoin: Block
Crypto experts optimistic about future of Bitcoin: Block
All rights reserved. This material may not be published, broadcast, rewritten or redistributed in any form without prior authorisation.
Your use of this website constitutes acceptance of nextmedia's Privacy Policy and Terms & Conditions.