HomeTech PlusTECH & OTHER NEWSServices Australia reported 20 security incidents to the ACSC in 2019-20

Services Australia reported 20 security incidents to the ACSC in 2019-20

Services Australia has told Senate Estimates that it reported a total of 20 cybersecurity incidents to the Australian Cyber Security Centre (ACSC) in 2019-20, covering its responsibility across the Department of Social Services, the National Disability Insurance Agency, and the Department of Veteran’s Affairs, in addition to its own IT shop.

The ACSC reported receiving a total of 436 notifications from government entities.

Services Australia CEO Rebecca Skinner said while it wouldn’t be appropriate to discuss the nature of the incidents, her agency did not have breaches of Australian citizen data.

As one of the largest government entities, Services Australia has its own security operation centre (SOC) that, since 2017, has been responsible for protecting all of its systems, including the ones that hold Centrelink, Medicare, and child support information.

“We are always undertaking security reviews, upgrades, patches — those sorts of things to maintain our responsibilities against [the] ASD essential eight security arrangements,” she added.

Skinner said the agency’s cybersecurity division blocks about 14 million suspicious emails a month.

“If something looks strange, people do something,” she said, noting the division also detects multiple campaigns attempting to attack its systems. “We’re monitoring all of those.”

Services Australia chief information officer Michael McNamara said the SOC also “runs its own testing, in terms of the dark web”.

See also: Cops are the only ones being lawful on the dark web, AFP declares

“We have our own internal capability … that routinely works through that and identifies issues in that domain,” he told Senators. “We can’t discuss any individual cases, But we do work very, very closely with the AFP and the ACSC and ASD.”

McNamara said that while a lot of its data is not classified with a national security classification, it is all treated the same as the agency’s most sensitive and important datasets.

“They reside, if you like, in physical security centres that are equivalent to the sorts that you would protect national security information in, it’s just technically, they don’t have a national security classification,” he explained.

“We have a very robust data security framework inside the agency … [including] a data integrity framework, which looks at training our staff on the use of data on the inappropriate and appropriate use of data, distribution of data. We do that on a regular basis.”

He said there are also a number of access controls in place, such as monitoring tools, in addition to multifactor authentication across the agency and the systems it controls.

“Our systems, as you can imagine, are secure by their very nature and design, and the data is encrypted at rest,” he added. “As that data is moved, we will use our monitoring tools to control the movement, the distribution of that data, particularly if it leaves the agency.”

He said the same requirements are placed on its biggest contractors — Telstra, Microsoft, and IBM.

MORE FROM SERVICES AUSTRALIA

By ZDNet Source Link

Technology For You
Technology For Youhttps://www.technologyforyou.org
Technology For You - One of the Leading Online TECHNOLOGY NEWS Media providing the Latest & Real-time news on Technology, Cyber Security, Smartphones/Gadgets, Apps, Startups, Careers, Tech Skills, Web Updates, Tech Industry News, Product Reviews and TechKnowledge...etc. Technology For You has always brought technology to the doorstep of the Industry through its exclusive content, updates, and expertise from industry leaders through its Online Tech News Website. Technology For You Provides Advertisers with a strong Digital Platform to reach lakhs of people in India as well as abroad.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

spot_img

CYBER SECURITY NEWS

TECH NEWS

TOP NEWS