CANBERRA, AAP – Officials responded to more than one cyber incident impacting government departments each day last year, as concerns remain about gaps in security.
A new report by the Australian Signals Directorate shows its Australian Cyber Security Centre responded to 434 cyber security incidents affecting Commonwealth entities in 2020.
Just under half were self-reported to the ACSC while the remainder were identified through investigations, reporting from international partners and third parties, and analysis of classified and open-source material.
“Throughout 2020, Australia was targeted by a range of adversaries who conducted persistent cyber operations that posed significant threats to Australia’s security, stability and prosperity,” the ASD reported.
The ASD said the COVID-19 pandemic had presented a number of challenges to security, including public servants working from home.
“With the urgent need to enable continuity of government through remote working, new cyber threats from state actors and criminals emerged that required new vigilance as a considerable surge in government work was conducted online and often remotely, away from the added security of corporate firewalls and virtual private networks,” it said.
Over the year 150,000 threat events were prevented through what is known as the protective domain name system program.
The domain name system is essentially the phone book of the internet.
The PDNS – which will be offered to government departments this financial year – seeks to prevent access to domains identified as malicious by blocking access to sites that host malware, ransomware, phishing attacks and other malicious content.
In a bid to toughen government department cyber security, they are now required to self-assess how they are rolling out a suite of protections known as the “essential eight” and report annually to both ASD and the attorney-general’s department.
Departments were getting better at cyber security, but the ASD warned further improvement was needed especially as cyber threats became more sophisticated.
The agency found 11 per cent of government agencies had an ad hoc level of cyber security maturity, while 55 per cent were described as having a developing level.
The government is investing $1.67 billion over 10 years to identify cyber threats, disrupt foreign cyber criminals and protect Australians.