Share this article on:
The Australian government has announced that it will be bolstering the protection of Centrelink, ATO and health data.
Spurred on by the recent Optus and Medibank attacks, the Department of Finance is looking to boost the security of its GovCMS, which covers content and services for agencies such as the ATO.
“The services must protect against a large variety of types of cyber security attacks, including all cyber security attacks which a sophisticated service would be expected to protect against,” states a contract, which is being offered to third-party suppliers.
The document, titled “Request for Proposal for the Provision of Web Application Protection Services (CDN, DDoS, WAF and Bot Management)”, requires that the upgrades and services “are operational and ready to respond automatically to any malicious attack traffic on or before 27 April 2023”.
This deadline is a big ask considering the requirements, which require that protection for 370 individual sites with 120 terabytes of traffic and 1.5 billion hits monthly be protected.
In addition, the security company that secures the contract will be banned from mining the customer data.
Unless written approval is provided, any “customer material, user material or information uploaded, accessed or manipulated in the services by the customer” is not to be mined by the supplier, even if customers click and accept set terms and conditions.
On top of this, the contract, which will span two years with a one-year potential extension, fails to outline the cost of the project.
The move to up the protection of government agency data comes as MyGov, ATO and National Disability Insurance Scheme details were found circulating online.
The data has raised concerns among cyber security experts, as it is found not on the dark web, but on the clear web, meaning it is only a Google search away.
“There’s a criminal’s cornucopia of information available on the clear web, which is the web that’s indexed by Google, as well as in the dark web,” said CyberCX director of cyber intelligence Katherine Mansted.
“There’s a very low barrier of entry for criminals … and often what we see with foreign government espionage or cyber programs — they’re not above buying tools or buying information from criminals either.”