Immigration works to boost cybersecurity


Thursday, 16 March, 2017

Immigration works to boost cybersecurity

The Department of Immigration and Border Protection does not comply with all cybersecurity mitigation strategies, an audit has found.

The Australian National Audit Office (ANAO) has identified non-compliance with a number of government mandated requirements, but there have been no successful attacks on the department’s ICT systems.

In addition, a number of incidents have been prevented from escalating through the organisation by the security controls in place.

The Cybersecurity Follow-up Audit released by the ANAO focuses on compliance, with recommendations from an earlier audit into cybersecurity conducted on the then Australian Customs and Border Protection Service (ACBPS) in 2013–14.

A self-assessment in 2016 of the department’s cybersecurity mitigation strategies found compliance with three of the four Australian Signals Directorate (ASD) Top 4 Mitigation Strategies. While the department acted in good faith and in accordance with its interpretation of the guidelines, it accepts the ANAO’s finding that it is compliant with only one of the ASD Top 4.

To address this, the secretary initiated several projects as part of a broader five-year program to enhance the department’s cyber resilience and to ensure compliance with the ASD Top 4.

These projects have already delivered a range of outcomes that have mitigated cybersecurity risks. For example, the department now has enhanced capability to detect indicators of cyber compromise, in addition to an improved ability to quickly contain and respond to cyber incidents. These measures will enhance the department’s protection against cyber attacks from external sources and further improve the department’s robust cybersecurity controls against internal threats.

The department has controls in place to prevent cybersecurity attacks, but accepts the findings and will implement the ANAO’s two recommendations to ensure that its cybersecurity capability aligns fully with the ASD Top 4 Mitigation Strategies and also its own cybersecurity objectives.

The audit was conducted following integration of the department and the former ACBPS, and the new department operates in a significantly more complex environment. Following the integration, the department now has more than 900 IT applications supported by more than $250 million of ICT infrastructure, located in 84 regional locations around Australia and 51 offshore posts.

Image credit: ©stock.adobe.com/au/bluebay2014

Follow us on Twitter and Facebook

Related News

APAC workers in need of phishing training: report

A report from workforce security company KnowBe4 indicates that 1 in 3 Australian employees is...

Critical vulnerabilities doubled in past year: report

Research published by Check Point indicates that critical vulnerabilities have doubled since last...

DigiCert launches Quantum Central tool

DigiCert's recently launched Quantum Central solution can help security and IT teams prepare...


  • All content Copyright © 2026 Westwick-Farrow Pty Ltd