Cyber Security
- Australian Government Internet Gateway Reduction Program
- Agency assignments
- Cyber security requirements in Government policy proposals
- Cyber Security Education and skills
- Guidance for agencies transacting online with the public
- E-Security National Agenda (ESNA)
- Australian Government Requirements
Australian Government Internet Gateway Reduction Program
The Australian Government is reducing the number of its internet gateways to the minimum number for improved operational efficiency, reliability and security.
The Australian Government’s November 2009 Cyber Security Strategy (‘the Strategy’) [
] recognises that Australian Government computer networks are increasingly under threat from malicious cyber attacks.
The Australian Government Information Management Office is supporting the Strategy by reducing the number of Government internet gateways from 124 to eight. All Financial Management and Accountability Act 1997 (FMA Act) agencies are included in the program that will be implemented progressively over four years. The Australian Bureau of Statistics is exempted from the program to preserve its independence.
A reduced number of gateways will provide improved security through a more consistent approach to gateway management, accreditation, monitoring and incident response.
In October 2010, the Minister for Finance and Deregulation agreed eight lead agencies to deliver shared internet gateway services. Lead agencies are responsible for acquiring, establishing and managing the shared internet gateways.
The eight lead agencies for the program are:
- Australian Customs and Border Protection Service;
- Australian Federal Police;
- Australian Taxation Office;
- Department of Agriculture, Fisheries and Forestry;
- Department of Defence;
- Department of Education, Employment and Workplace Relations;
- Department of Human Services; and
- Department of the Prime Minister and Cabinet.
In February 2011, the Minister for Finance and Deregulation agreed the following assignment of client agencies to lead agencies.
Agency assignments
Agencies will progressively move to the new arrangements as their existing arrangements expire. This will minimise disruption for agencies and transition costs for agencies and service providers.
| Australian Customs and Border Protection Service |
|---|
| Attorney-General's Department |
| Australian Commission for Law Enforcement Integrity |
| Australian Fisheries Management Authority |
| Australian Security Intelligence Organisation |
| Department of Finance and Deregulation |
| Department of Immigration and Citizenship |
| Insolvency and Trustee Service Australia |
| Migration Review Tribunal and Refugee Review Tribunal |
| National Native Title Tribunal |
| Australian Institute of Criminology |
| Australian Law Reform Commission |
| Australian Federal Police |
|---|
| Australian Crime Commission |
| Australian Transaction Reports and Analysis Centre (AUSTRAC) |
| CrimTrac Agency |
| Office of the Director of Public Prosecutions |
| Australian Taxation Office |
|---|
| Australian Competition and Consumer Commission |
| Australian Electoral Commission |
| Australian Prudential Regulation Authority |
| Australian Securities and Investments Commission |
| Commonwealth Grants Commission |
| Corporations and Markets Advisory Committee |
| National Capital Authority |
| Royal Australian Mint |
| Department of Agriculture, Fisheries and Forestry | |
|---|---|
| Australian Centre for International Agricultural Research | Department of Sustainability, Environment, Water, Population and Communities |
| Australian Pesticides and Veterinary Medicines Authority | Fair Work Australia |
| Bureau of Meteorology | Geoscience Australia |
| Department of Innovation, Industry, Science; Research and Teritiary Education | Great Barrier Reef Marine Park Authority |
Department of Resources, Energy and Tourism |
Wheat Exports Australia |
| Department of Defence |
|---|
| Australian Trade Commission (AusTrade) |
| Australian Agency for International Development (AusAID) |
| Australian Communications and Media Authority |
| Australian Secret Intelligence Service |
| Australian Transport Safety Bureau |
| Defence Materiel Organisation |
| Department of Broadband, Communications and the Digital Economy |
| Department of Foreign Affairs and Trade |
| Department of Infrastructure and Transport |
| Department of Regional Australia, Local Government, Arts and Sport |
| Future Fund Management Agency |
| Department of Education, Employment & Workplace Relations | |
|---|---|
| Australian Public Service Commission | National Offshore Petroleum Safety and Environmental Management Authority |
| Australian Research Council | Office of the Australian Building and Construction Commissioner |
| IP Australia | Office of the Fair Work Ombudsman |
| Seafarers Safety, Rehabilitation & Compensation Authority | Safe Work Australia |
| Australian Skills Quality (National Vocational Education and Training Regulator) Authority | Tertiary Education Quality and Standards Agency |
| Department of Human Services | |
|---|---|
| Organ Tissue Authority (Australian Organ & Tissue Donation & Transplantation Authority) | Department of Veteran's Affairs |
| Australian Radiation Protection and Nuclear Safety Agency | Murray-Darling Basin Authority |
| Australian Sports Anti-Doping Authority | National Blood Authority |
| Cancer Australia | National Health and Medical Research Council |
| Department of Families, Housing, Community Services and Indigenous Affairs | Private Health Insurance Ombudsman |
| Department of Health and Ageing (including the Therapeutic Goods Administration) |
Professional Services Review Scheme |
| Equal Opportunity for Women in the Workplace Agency | Independent Hospital Pricing Authority |
| Australian National Preventative Health Agency | |
| Department of the Prime Minister and Cabinet | ||
|---|---|---|
| Administrative Appeals Tribunal | Department of the Senate | Office of National Assessments |
| Australian Human Rights Commission | Department of the Treasury | Office of Parliamentary Counsel |
| Australian Institute of Family Studies | Family Court of Australia | Office of the Auditing & Assurance Standards Board |
| Australian National Audit Office | Federal Court of Australia | Office of the Australian Accounting Standards Board |
| Australian Office of Financial Management | Federal Magistrates Court of Australia | Office of the Commonwealth Ombudsman |
| ComSuper | Inspector-General of Taxation | Office of the Inspector-General of Intelligence and Security |
| Department of Climate Change and Energy Efficiency | Old Parliament House | Office of the Official Secretary to the Governor-General |
| Department of Parliamentary Services | National Archives of Australia | Office of the Australian Information Commissioner |
| Department of the House of Representatives | National Competition Council | Office of the Renewable Energy Regulator |
| National Water Commission | Productivity Commission | |
Contact information
Cyber Security Branch
Australian Government Information Management Office (AGIMO)
Ph: (02) 6215 1543
Email: e-securityreview@finance.gov.au
Cyber security requirements in Government policy proposals
Australian Government departments and agencies are responsible for protecting their assets and information from cyber attacks. Agency business cases for ICT-enabled proposals to Government must identify how cyber security risks will be managed and how the proposal will comply with relevant Government cyber security policies.
The Australian Government Information Management Office (AGIMO) provides guidance to agencies on cyber security requirements for business cases. To assist agencies, it has released more detailed advice to each agency’s Chief Financial Officer.
Contact information
Cyber Security Branch
Australian Government Information Management Office (AGIMO)
Ph: (02) 6215 1525
Email: cybersecurity@finance.gov.au
Links
- ICT Business Case Guide
http://www.finance.gov.au/budget/ict-investment-framework/docs/ICT_Business_Case_Guide.pdf - ICT Two Pass Review
http://www.finance.gov.au/budget/ict-investment-framework/two-pass-review.html - Australian Government Cyber Security Strategy http://www.ag.gov.au/www/agd/rwpattach.nsf/VAP/(4CA02151F94FFB778ADAEC2E6EA8653D)~AG+Cyber+Security+Strategy+-+for+website.pdf/$file/AG+Cyber+Security+Strategy+-+for+website.pdf []
- Protective Security Policy Framework (PSPF)http://www.ag.gov.au/Protectivesecuritypolicyframework/Pages/default.aspx []
- Information Security Manual (ISM)
http://www.dsd.gov.au/infosec/ism/index.htm []
Cyber Security Education and skills
AGIMO develops and promotes cyber security education strategies across Government. It works with a range of Government agencies to ensure that Australian Public Service (APS) cyber security professionals are proficient in maintaining the security and resilience of Government ICT systems.
AGIMO is addressing cyber security skills shortages in the APS through the following activities:
- Fostering opportunities in the education sector to expand cyber security curricula and increase student enrolment;
- Providing entry-level opportunities for students to pursue an APS career in ICT;
- Providing increased education and development opportunities for APS cyber security practitioners; and
- Leveraging APS-wide ICT workforce strategic planning to make better use of APS cyber security expertise.
As part of this work, AGIMO developed a Cyber Security Capability Framework. The Framework provides a comprehensive set of cyber security capabilities that map and align with the Australian Public Service Commission (APSC’s) high-level ICT capabilities.
- Cyber Security Capability Framework & Mapping of ISM Roles [
- 278 KB] - Cyber Security Capability Framework & Mapping of ISM Roles [
- 80 KB]
Contact information
Cyber Security Branch
Australian Government Information Management Office (AGIMO)
Email: cybersecurity@finance.gov.au
Links:
- ICT skills
http://www.finance.gov.au/e-government/strategy-and-governance/ict-skills.html - Whole-of-government ICT strategic workforce plan 2010-2013
http://www.apsc.gov.au/publications10/ictworkforceplan.htm []
Guidance for agencies transacting online with the public
Online services offer the public a convenient and accessible way to access government services. However, as the use of online government services continue to grow, so too does the scale, sophistication and frequency of hacking, malicious cyber attacks and cyber crime. AGIMO, in conjunction with the Defence Signals Directorate (DSD) and the Attorney-General's Department has developed guidance to support Australian Government agencies in minimising the risk of harm to the public when they transact online with the Australian Government. The Guidance is titled Agency cyber security responsibilities when transacting online with the public [] .
Contact information
Cyber Security Branch
Australian Government Information Management Office (AGIMO)
Email: cybersecurity@finance.gov.au
E-Security National Agenda (ESNA)
In 2006, the then Attorney-General, Minister for Communications, Information Technology and the Arts, Minister for Defence and Special Minister of State announced a review of the E-Security National Agenda (ESNA) to ensure that Australia's policy and operational framework continues to be responsive to the changing e-security environment.
The review found that e-security threats to different segments of the Australian economy cannot be addressed in isolation. This key finding saw the development of three new priorities to address concerns and to assist in achieving the original objective of ESNA, to:
- Reduce the e-security risk to Australian Government information and communications systems
- Reduce the e-security risk to Australia's national critical infrastructure
- Enhance the protection of home users and small to medium enterprises from electronic attacks and fraud.
In May 2007, the Government announced funding over four years for new measures to address these three priorities.
As part of the first priority, AGIMO will establish a single framework for the continued delivery of government services in the event of disruption and/or failure of government operated ICT.
AGIMO is a member agency of the whole of government interdepartmental committee, the E-Security Policy and Coordination (ESPaC) committee, chaired by the Attorney-General's Department. The ESPaC committee coordinates e-security policy throughout the Australian Government.
For more information:
Department of Broadband, Communications and the Digital Economy E-Security page [
].
Australian Government Requirements
Australian Government Protective Security Policy Framework (PSPF)
The PSPF is issued by the Attorney-General’s Department on behalf of the Protective Security Policy Committee (PSPC).
It is the principal means for disseminating Australian Government protective security policies, principles, standards and procedures, to be followed by all Australian Government agencies for the protection of official resources. The PSPF is official information and its availability is restricted to Australian Government agencies. Contractors working for Australian Government agencies may be provided with the sections of the PSPF required to meet contractual obligations by the contracting agency.
For more information:
The Australian Government Information Security Manual
The ISM has been developed by DSD to provide policies and guidance to Australian Government agencies on how to protect their ICT systems.
Australian Government agencies are required by the PSPF to comply with the ISM. Agencies must consider the security implications of their IT systems and devise policy and plans to ensure the systems are appropriately protected.
For more information:
Contact for information on this page: AGIMO.Feedback@finance.gov.au