Powered by MOMENTUM MEDIA
cyber daily logo
Breaking news and updates daily. Subscribe to our Newsletter

Government boosts security of ATO, Centrelink data

The Australian government has announced that it will be bolstering the protection of Centrelink, ATO and health data.

user icon Daniel Croft
Tue, 06 Dec 2022
Government boosts security of ATO, Centrelink data
expand image

Spurred on by the recent Optus and Medibank attacks, the Department of Finance is looking to boost the security of its GovCMS, which covers content and services for agencies such as the ATO.

“The services must protect against a large variety of types of cyber security attacks, including all cyber security attacks which a sophisticated service would be expected to protect against,” states a contract, which is being offered to third-party suppliers.

The document, titled “Request for Proposal for the Provision of Web Application Protection Services (CDN, DDoS, WAF and Bot Management)”, requires that the upgrades and services “are operational and ready to respond automatically to any malicious attack traffic on or before 27 April 2023”.

============
============

This deadline is a big ask considering the requirements, which require that protection for 370 individual sites with 120 terabytes of traffic and 1.5 billion hits monthly be protected.

In addition, the security company that secures the contract will be banned from mining the customer data.

Unless written approval is provided, any customer material, user material or information uploaded, accessed or manipulated in the services by the customer” is not to be mined by the supplier, even if customers click and accept set terms and conditions.

On top of this, the contract, which will span two years with a one-year potential extension, fails to outline the cost of the project.

The move to up the protection of government agency data comes as MyGov, ATO and National Disability Insurance Scheme details were found circulating online.

The data has raised concerns among cyber security experts, as it is found not on the dark web, but on the clear web, meaning it is only a Google search away.

“There’s a criminal’s cornucopia of information available on the clear web, which is the web that’s indexed by Google, as well as in the dark web,” said CyberCX director of cyber intelligence Katherine Mansted.

“There’s a very low barrier of entry for criminals … and often what we see with foreign government espionage or cyber programs — they’re not above buying tools or buying information from criminals either.”

Daniel Croft

Daniel Croft

Born in the heart of Western Sydney, Daniel Croft is a passionate journalist with an understanding for and experience writing in the technology space. Having studied at Macquarie University, he joined Momentum Media in 2022, writing across a number of publications including Australian Aviation, Cyber Security Connect and Defence Connect. Outside of writing, Daniel has a keen interest in music, and spends his time playing in bands around Sydney.

newsletter
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.