Home Governance Cybersecurity Posture of Commonwealth Entities Continues to Improve: Report

Cybersecurity Posture of Commonwealth Entities Continues to Improve: Report

To counter the evolving threats, the Commonwealth entities need to further build resilience and mature faster than the threat actors.

Remote Access Scams

Last year, owing to the rapid surge in cybercriminal activities in Australia, Prime Minister Scott Morrison announced that the country had allocated a budget (also known as the CESAR package) of AUD 1.66 billion (approximately $ 1.19 billion)  to bolster the cybersecurity defenses of Australian enterprises and governmental bodies. Thanks to this budget allocation, Australia invested and initiated several campaigns to raise its cyber resilience. To name a few:

  • AustCyber invested $1.22 million in the Aushield Defend cyberthreat intelligence platform. Part of these funds was directed towards a TAFE cybersecurity education project, which is a University of Adelaide initiative to provide schools with cyber resources, and a cybersecurity job platform.
  • The government introduced a basic cybersecurity standard for all IoT devices in the country called the “Code of Practice.”
  • The ACSC allied with the country’s leading telecommunication giant, Telstra, to eradicate phishing texts spoofing.
  • The Australian government entered into a bilateral agreement with the U.S. for jointly developing a cyber training platform.
  • Also, with the help of industry experts, the federal government defined guidelines to thwart ransomware attacks aimed at the country’s businesses and public domain entities.
  • Apart from this, the ACSC undertook other programs like the Cyber Maturity Measurement Program (CMMP), the ACSC Cyber Security Uplift Services for Government (ACSUSG), and the Cyber Security Aftercare Program (CSAP) in 2020, to uplift the cyber defense posture.

All these efforts have led to the growth in the Australian government’s cybersecurity maturity and the overall resilience of all commonwealth entities in the past year, and the Commonwealth Cyber Security Posture Report for 2020,” concurs with this.

Commonwealth Cyber Security Report 2020

The said report, which informed the Australian parliament of the overall cybersecurity posture of all Commonwealth entities, highlighted that there has been a significant improvement in the cybersecurity posture across the board. However, to counter the evolving threats, it suggested that Commonwealth entities should further build resilience and mature faster than the threat actors.

While the report says, “no single mitigation strategy can comprehensively prevent cybersecurity incidents, the implementation of the ‘Essential Eight’ mitigation steps can help the entities protect from a range of cyberattacks”. For example, 12% of the entities who improved application hardening got better, and similarly, 10.5% who did application control, and 9.5% who restricted admin privileges properly, improved their overall cybersecurity stance.

The Plan Ahead

In line with its Cyber Security Strategy 2020, the ACSC said, “In 2021, the Australian government will focus on a range of additional areas of effort to continue to increase the cybersecurity posture of Commonwealth entities. The CESAR package will maintain and enhance the cybersecurity capabilities of the ACSC, and the assistance provided to Australians over the next decade.”

To pave the road for added cyber resilience, the Australian government will additionally focus on the following initiatives:

  • Harden Government IT (HGIT)
  • Cyber Threat Intelligence (CTI) sharing
  • Host-based sensors program
  • Cyber Toolbox pilot program
  • Protection of COVID-19 vaccine
  • Commonwealth Cybersecurity Posture Reporting