The Federal Government has formally launched its Protective Security Policy Framework in order to simplify the government security processes as part of a wider movement to improve Australia’s national security.
Speaking in Canberra at the Security In Government Conference, Federal Attorney-General, Robert McClelland, said the framework would better address the challenges posed by the increased presence of ICT in government and society.
“It is fair to say, however, that the current framework was developed in a previous time where the business of government wasn’t as diverse as it is currently and didn’t need to contend with an online environment,” he said.
“In today’s security climate, government and private sector partnership is essential. We therefore need a more sensible system that can be tailored to the nature of the task, the identity of the parties and the security issues concerned.”
In light of this, McClelland said the government was making “significant changes” to Australia’s current protective security policies and the Protective Security Manual (PSM) to better address, among other things, the uptake of desktop computing.
“Previous efforts to reform protective security policy have been piecemeal and hampered by the inability of individual agencies to agree on reforms,” he said.
“The current PSM contains some 400 mandatory requirements. The new framework contains just 33. No longer will agencies have to wade through up to 250 pages of policy to find out exactly what it is they need to do to comply with protective security.”
McClelland said a key benefit of the new framework would be that governance would be separated from process, and a greater emphasis would be placed on the role of risk management in protective security. It would also take into account the increasing dependency on information and communications technology, which was often provided by private sector contractors.
In addition, the government was also moving to consolidate its Internet gateways from more than 100 to less than ten, resulting in the better management of email, websites and web-based transactions.
“This will help enhance the security and reliability of government networks,” McClelland said. “This represents a key initiative aimed at increasing Australia’s cyber security.”
An automated system to improve personnel security vetting when staff transfer between agencies, would also be introduced, eliminating the current intensive paper-based clearance system.