Immigration works to boost cybersecurity

The Department of Immigration and Border Protection does not comply with all cybersecurity mitigation strategies, an audit has found.

The Australian National Audit Office (ANAO) has identified non-compliance with a number of government mandated requirements, but there have been no successful attacks on the department’s ICT systems.

In addition, a number of incidents have been prevented from escalating through the organisation by the security controls in place.

The Cybersecurity Follow-up Audit released by the ANAO focuses on compliance, with recommendations from an earlier audit into cybersecurity conducted on the then Australian Customs and Border Protection Service (ACBPS) in 2013–14.

A self-assessment in 2016 of the department’s cybersecurity mitigation strategies found compliance with three of the four Australian Signals Directorate (ASD) Top 4 Mitigation Strategies. While the department acted in good faith and in accordance with its interpretation of the guidelines, it accepts the ANAO’s finding that it is compliant with only one of the ASD Top 4.

To address this, the secretary initiated several projects as part of a broader five-year program to enhance the department’s cyber resilience and to ensure compliance with the ASD Top 4.

These projects have already delivered a range of outcomes that have mitigated cybersecurity risks. For example, the department now has enhanced capability to detect indicators of cyber compromise, in addition to an improved ability to quickly contain and respond to cyber incidents. These measures will enhance the department’s protection against cyber attacks from external sources and further improve the department’s robust cybersecurity controls against internal threats.

The department has controls in place to prevent cybersecurity attacks, but accepts the findings and will implement the ANAO’s two recommendations to ensure that its cybersecurity capability aligns fully with the ASD Top 4 Mitigation Strategies and also its own cybersecurity objectives.

The audit was conducted following integration of the department and the former ACBPS, and the new department operates in a significantly more complex environment. Following the integration, the department now has more than 900 IT applications supported by more than $250 million of ICT infrastructure, located in 84 regional locations around Australia and 51 offshore posts.

Image credit: ©stock.adobe.com/au/bluebay2014

Follow us on Twitter and Facebook