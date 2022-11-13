Home Affairs Minister Clare O'Neil says Australia is waking from a slumber when it comes to cyber security, as it grapples with a series of attacks on companies and the shocking release of private customer information to the dark web.
Her comments ring true, drawing attention to the complacency of Australian companies that made them vulnerable to the sort of breaches that are now wreaking havoc. Hackers spied the weaknesses in the systems where they broke and entered, and now customers of those companies are paying.
While it's accurate of Minister O'Neil to describe this naivety and ignorance, it's only helpful if it prompts other sectors to learn from the cyber breaches. For years, the risks to cybersecurity have seemed largely abstract and far away for Australians, and many organisations deferred serious action. That era has ended with the hacks targeting Optus, Medibank and others.
The government is making a lot of noise in response to the hacks, condemning hackers in Russia and announcing crack teams to disrupt their activity.
Its actions so far, such as moving to increase penalties for companies hit by breaches, and reviewing privacy laws, are welcome. There is still a lot to do if Australia is to shield itself from more attacks. Until it does, the nation appears poised to sustain more disruptive hack attacks, in one form or another.
The federal government would do well to start by getting its own house in order. For years, audits have found serious shortcomings in the public service's own cybersecurity measures. That's inexcusable for federal agencies, and it does nothing to bolster the government's credibility when it criticises private industry for its own failures and weaknesses.
READ MORE:
The catalogue of shortcomings is long. The Auditor-General in March last year reported a number of government departments had "ad hoc" cyber security systems, despite malicious cyber activity being a "significant" government threat.
Its report revealed the concerning state of cyber security management by 14 government entities, including federal departments, which had left them exposed to serious threats and data breaches.
Among the worst offenders were the education and health departments along with the Australian Trade and Investment Commission. The Auditor-General also admonished agencies involved in national security, such as the Home Affairs and Attorney-General's departments, and the Australian Signals Directorate, for failing to support the entities in strengthening their cyber security.
These problems stretch far back in the public service. The audit office in 2018 found the Tax Office, and the then-Immigration Department (now Home Affairs), which hold national security data and personal information including bank account details, had failed to make crucial cybersecurity reforms they had promised.
As recently as August, the Auditor-General said the deficiencies it observed in the public service's approach to cybersecurity were "disappointing". In short, it detected much complacency, describing "optimism bias" in reporting from agencies, and little analysis of the success or otherwise of their cybersecurity mechanisms.
It's hard to fathom how such disregard for the government's own cyber defences was tolerated, but that is the situation Labor has inherited. It can only point fingers overseas and trash its predecessors for so long, though, and must move swiftly to make cybersecurity a greater priority within the bureaucracy.
There were some positive developments, before Labor came to power. As the cyber threats mounted, the Attorney-General's Department in March mandated the most effective cyber security protections for all non-corporate Commonwealth entities.
For a long time, there hasn't been much in the way of consequences for the agencies that fail to comply. The government could show it's serious about the issue by making the bureaucracy more accountable for such failures. Otherwise, as recent events show, it's the Australian public that suffers.
Sign up for our newsletter to stay up to date.
We care about the protection of your data. Read our Privacy Policy.