iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
The Australian Department of Defence has automated the process of removing network and system access for leaving staff and non-compliant accounts.
Following an inquiry by the Australian National Audit Office (ANAO) that highlighted 1,451 users “whose access to the Defence Network was not removed in accordance with requirements” between the 2022 and 2023 financial years, Defence has announced the Defence Account Retirement Service (DARS).
The new service will automatically disable systems access for accounts of staff members who leave Defence, leaving contractors, and “assist in automatically remediating accounts that are non-compliant with Defence policies, such as the [ISM] and the Defence Security Principles Framework (DSPF),” Defence told iTnews.
Additionally, workers who no longer hold clearance, valid sponsorship, or other DSPF and Information Security Manual (ISM) requirements will also be removed.
The changes follow the ANAO’s audit as part of the inquiry into Commonwealth financial statements 2022–2023, which was concerned with the high amount of unauthorised access to IT systems.
“Committee chair Linda Burney stated that poor IT governance, particularly user access issues, continue to be among the significant findings of the Auditor-General’s report into the financial statements,” said a statement by the joint committee of public accounts and audit.
“Ms Burney stated ‘unauthorised user access to IT systems across the Commonwealth remains a problem as in previous years. The risks this poses are potentially significant as some of the agencies involved hold highly sensitive information.”
Defence also said that in response to this, it had bolstered its ability to “prevent and detect unauthorised access” and introduced better governance controls for its systems.
The audit also claimed that there were 2,000 instances where former Defence contractors and employees accessed its network.
However, in a submission seen by iTnews, Defence said the “vast majority were false positives” and that these were largely instances where “an individual has finished one engagement and commenced another engagement within Defence”.
Be the first to hear the latest developments in the cyber industry.
