The federal government will identify critical systems and boost the skills of public servants as part of a strategy to upgrade its defences against cyber attack.
Little more than a week after the nation's biggest port operator DP World was forced to shut down its operations after its systems were hacked, Cyber Security Minister Clare O'Neil has detailed plans to strengthen the government's "digital armour".
Ms O'Neil said a recent assessment by the Australia Signals Directorate showed that some agencies had "a way to go" to improve their defences.
According to the Commonwealth Cyber Security Posture in 2023 report, tabled in Parliament last week, only one in four agencies reviewed had achieved a level two score against the Essential Eight mitigation strategies recommended by the ASD to protect against cyber attack.
While the number of entities applying effective email domain security and website encryption increased, the proportion with effective email encryption declined.
Even more worrying, only 42 per cent said they reported at least half of cyber security incidents they experienced to the ASD, down from 51 per cent in 2022.
Concerns about the level of preparedness of government departments and agencies comes as the number of cyber attacks is escalating rapidly.
The number of businesses experiencing a cyber security incident more than doubled between 2019-20 and 2021-22 to reach 22 per cent, according to the Australian Bureau of Statistics.
In total, almost 94,000 incidents were reported to law enforcement agencies last financial year, a 23 per cent increase.
And ASD said it was notified of 143 cyber attacks on critical infrastructure last financial year, up from 95 in 2021-22.
Aside from the DP World hack, Optus and Medibank Private reported extensive data breaches in 2022-23, and China has been identified as a major source of cyber incidents affecting business and critical infrastructure.
Ms O'Neil said that, "we need every department and agency to lift their game so that we can have ironclad cyber security across the Commonwealth".
"We need to fortify every government network to keep intruders out."
READ MORE:
The minister said the government will scale up its support to departments and agencies to upgrade their cyber defences and designate and prioritise investment in systems considered to be of government significance.
"We will focus our cyber investment on the most critical government systems - the ones Australia can't afford to lose," Ms O'Neil said.
"Systems of government significance are the digital lifeblood of our nation and we need to lock them down with top-tier security."
The list of systems designated as critical will be confidential but is likely to include air traffic control, biosecurity and passport control and financial systems.
As part of its APS cyber strategy, the government said it will ensure that cyber security is "baked in" to the design of digital and ICT projects at their inception and conduct regular reviews to assess the strength of agency cyber defences.
The implementation of the cyber security "uplift" will be overseen by the National Cyber Security Co-ordinator.
"We must embed cyber security in every layer of government with ongoing checks and balances," Ms O'Neil said.
"We need to fortify every government network to keep intruders out".
Adrian Rollins
Adrian Rollins is economics correspondent for the Canberra Times
Adrian Rollins is economics correspondent for the Canberra Times
