Immigration works to boost cybersecurity


Thursday, 16 March, 2017
Immigration works to boost cybersecurity

The Department of Immigration and Border Protection does not comply with all cybersecurity mitigation strategies, an audit has found.

The Australian National Audit Office (ANAO) has identified non-compliance with a number of government mandated requirements, but there have been no successful attacks on the department’s ICT systems.

In addition, a number of incidents have been prevented from escalating through the organisation by the security controls in place.

The Cybersecurity Follow-up Audit released by the ANAO focuses on compliance, with recommendations from an earlier audit into cybersecurity conducted on the then Australian Customs and Border Protection Service (ACBPS) in 2013–14.

A self-assessment in 2016 of the department’s cybersecurity mitigation strategies found compliance with three of the four Australian Signals Directorate (ASD) Top 4 Mitigation Strategies. While the department acted in good faith and in accordance with its interpretation of the guidelines, it accepts the ANAO’s finding that it is compliant with only one of the ASD Top 4.

To address this, the secretary initiated several projects as part of a broader five-year program to enhance the department’s cyber resilience and to ensure compliance with the ASD Top 4.

These projects have already delivered a range of outcomes that have mitigated cybersecurity risks. For example, the department now has enhanced capability to detect indicators of cyber compromise, in addition to an improved ability to quickly contain and respond to cyber incidents. These measures will enhance the department’s protection against cyber attacks from external sources and further improve the department’s robust cybersecurity controls against internal threats.

The department has controls in place to prevent cybersecurity attacks, but accepts the findings and will implement the ANAO’s two recommendations to ensure that its cybersecurity capability aligns fully with the ASD Top 4 Mitigation Strategies and also its own cybersecurity objectives.

The audit was conducted following integration of the department and the former ACBPS, and the new department operates in a significantly more complex environment. Following the integration, the department now has more than 900 IT applications supported by more than $250 million of ICT infrastructure, located in 84 regional locations around Australia and 51 offshore posts.

Image credit: ©stock.adobe.com/au/bluebay2014

Follow us on Twitter and Facebook

Related News

Commvault arranges to buy Appranix

Cyber resilience provider Commvault plans to leverage its acquisition of Appranix to help...

Fujitsu establishes security consulting division

Fujitsu's new digital security consulting division will help organisations prepare for and...

Unstoppable Domains joins GlobalBlock initiative

Web3 domain name service provider Unstoppable Domains has joined the GlobalBlock initiative to...

Content from other channels on our network

Machine learning used to create fabric-based touch sensor

Hybrid sodium-ion battery can be charged in a few minutes

Researchers develop energy-efficient probabilistic computer

Wearable sensor measures real skin feel

Monash University home to three electron microscopes

Smart technologies: helping councils improve community services and sustainability

Infrastructure projects a funding black hole without asset management

Gartner announces top government technology trends

Fujitsu establishes security consulting division

Macquarie Government selected for Australian Defence procurement panel

EV future for Monash Uni

Shell Cove battery launched on NSW South Coast

Million-dollar rooftop solar for Kimberley hospital

Protecting wildlife from electrical assets — and vice versa

Immersive VR training for electricians

  • All content Copyright © 2024 Westwick-Farrow Pty Ltd