Govt agencies urged to adopt a 'culture of security'


By Dylan Bushell-Embling
Monday, 27 March, 2017
Govt agencies urged to adopt a 'culture of security'

The Prime Minister’s top cybersecurity advisor has urged the ATO and other government agencies to draw lessons from the bungled 2016 online census and take steps to build a ‘culture of security’ into the organisation.

In a submission to a parliamentary inquiry into the tax system, Alastair MacGibbon said a key lesson from the eCensus incident is that security must be “baked in” to the design and delivery of digital government services.

“Government can develop a more ‘shared service’ consultancy approach to cybersecurity to boost agency capacity and allow resources to be reallocated to service delivery,” MacGibbon said.

He criticised government agencies for all too often displaying a “‘tick box’ compliance culture”, which means that “agencies will consider themselves secure if they get their internal ICT area and their subcontractors to put in place and uncritically follow prescribed security procedures. But compliance does not equal security.”

He instead urged agencies including the ATO to develop a culture of security allowing them to adapt to changing threats and educate their staff on good cyber hygiene.

In the wake of the incident, government agencies must also think critically about how they manage their relationships with vendors. Currently, outsourcing of technical capabilities is the norm, which makes managing cybersecurity risks more challenging, MacGibbon said.

“Trust is good, but trust without verification is dangerous,” he said. “Agencies need to verify the security capabilities of their vendors through regular testing and exercises. Agencies should also be cognisant that their ICT contractors also have downstream subcontractors involved in the service delivery who need to be trusted and verified as well.”

Finally, agencies need to learn from the eCensus event and improve the way governments engage with the public in the wake of a disruptive event or crisis, which should involve actively communicating with the public through social media channels.

“Agencies that do their business online with the public online need to speak to the public online too. Social media skills need to be raised across the Commonwealth,” MacGibbon said.

Image credit: ©duncanandison/Dollar Photo Club

Related News

BlueVoyant launches security ops platform

BlueVoyant's Cyber Defence Platform leverages AI to enable security operations that span an...

CrowdStrike launches next-gen MDR solution

The Crowdstrike Falcon Next-Gen MDR solution expands MDR operations beyond native endpoint,...

Cysurance to offer cyber insurance to Sophos customers

Australian Sophos customers will be able to take advantage of discounted cyber insurance provided...

Content from other channels on our network

Smart solutions for sustainable urban energy

Coles trials next-gen cooling system

Auroras could threaten electrical infrastructure

Clean energy startups boosted in Aust market

How hydrogen is firming up critical communications

The crucial role of contacts in connector functionality

Silicon photonics for large-scale quantum information applications

Researchers advance recycling for solid-state lithium batteries

Creating artificial 'muscles' for safer, softer robots

Single-crystal cathodes make lithium batteries more durable

Victorian OPP implements new case management system

The need to cap the ATO's access to personal data

Supporting sustainable employment for neurodivergent individuals

Indonesian hackers apologise, ask for donations

Armis completes IRAP assessment

  • All content Copyright © 2024 Westwick-Farrow Pty Ltd