Govt agencies urged to adopt a 'culture of security'


By Dylan Bushell-Embling
Monday, 27 March, 2017
Govt agencies urged to adopt a 'culture of security'

The Prime Minister’s top cybersecurity advisor has urged the ATO and other government agencies to draw lessons from the bungled 2016 online census and take steps to build a ‘culture of security’ into the organisation.

In a submission to a parliamentary inquiry into the tax system, Alastair MacGibbon said a key lesson from the eCensus incident is that security must be “baked in” to the design and delivery of digital government services.

“Government can develop a more ‘shared service’ consultancy approach to cybersecurity to boost agency capacity and allow resources to be reallocated to service delivery,” MacGibbon said.

He criticised government agencies for all too often displaying a “‘tick box’ compliance culture”, which means that “agencies will consider themselves secure if they get their internal ICT area and their subcontractors to put in place and uncritically follow prescribed security procedures. But compliance does not equal security.”

He instead urged agencies including the ATO to develop a culture of security allowing them to adapt to changing threats and educate their staff on good cyber hygiene.

In the wake of the incident, government agencies must also think critically about how they manage their relationships with vendors. Currently, outsourcing of technical capabilities is the norm, which makes managing cybersecurity risks more challenging, MacGibbon said.

“Trust is good, but trust without verification is dangerous,” he said. “Agencies need to verify the security capabilities of their vendors through regular testing and exercises. Agencies should also be cognisant that their ICT contractors also have downstream subcontractors involved in the service delivery who need to be trusted and verified as well.”

Finally, agencies need to learn from the eCensus event and improve the way governments engage with the public in the wake of a disruptive event or crisis, which should involve actively communicating with the public through social media channels.

“Agencies that do their business online with the public online need to speak to the public online too. Social media skills need to be raised across the Commonwealth,” MacGibbon said.

Image credit: ©duncanandison/Dollar Photo Club

Related News

Fujitsu establishes security consulting division

Fujitsu's new digital security consulting division will help organisations prepare for and...

Unstoppable Domains joins GlobalBlock initiative

Web3 domain name service provider Unstoppable Domains has joined the GlobalBlock initiative to...

AI adoption surging in the enterprise

The use of generative AI and other tools within the enterprise is rapidly increasing, which is...

Content from other channels on our network

The fire on Marley's Hill

Sanctions on Hytera halted by appeals court

MXene-based compound to enable 3D-printed antennas

Long-range drones used to surveil bushfires in NSW

Luxembourg DoD adds satcom ground infrastructure

Department of Agriculture modernises TAMS system

SA Water revamping spend management platform

Cobalt Iron nabs EU patents for security techniques

New online resource to support employment of ex-service people

Good evidence confuses ChatGPT when used for health information: study

Monash University home to three electron microscopes

Hidden semiconductor activity spotted by researchers

Researchers develop programmable photonic processor

UV broadband spectrometer enhances air pollutant analysis

Novel material improves stability, efficiency of PSCs

  • All content Copyright © 2024 Westwick-Farrow Pty Ltd