The government will spend $10.7 million over four years to create a Cyber Security Advisory Office (CSAO).
The CSAO will sit within the Digital Transformation Agency and “provide strengthened central governance and assurance for cyber security and broader project vulnerability across government,” budget documents state.
The CSAO “will work with agencies to ensure they are appropriately managing the risks of cyber and other digital vulnerabilities on digital services.”
The government said that the creation of the new office is based on the review conducted by the Prime Minister’s Special Advisor on Cyber Security, Alastair MacGibbon, of the events surrounding the 2016 Census.
The Census website was pulled offline after a series of distributed denial of service attacks (DDoS). The security preparations of the Australian Bureau of Statistics and its lead contractor for the eCensus, IBM, were subject to a significant amount of criticism in the wake of the debacle.
MacGibbon’s report recommended that the DTA work in partnership with the Australian Signals Directorate and the Department of Finance to develop a proposal for a cyber security shared services “digital security consulting organisation”.
“This would ensure security is integral to all new online service delivery proposals and facilitate partnering between agencies to draw on cyber security expertise in larger agencies with more mature capabilities,” the report stated.
“There is no single, comprehensive source of truth to which agencies can turn to understand whole-of-government standards to which they or their vendors must or should comply, including procurement rules, technology requirements, and cyber- and data-security,” the report argued.
“For this reason, a central point of advice and governance should be established to assist agencies with the early stages of their digital initiatives.”
Security boost for Bureau of Meteorology, DVA
The budget allocated $166.6 million over four years for reform to veterans’ services, which the government said would include the “targeted redevelopment” of the Department of Veterans’ Affairs’ ICT systems — including boosting their security.
The government also said it would spend an undisclosed amount to improve the security and resilience Bureau of Meteorology’s IT systems and businesses processes.
Prime Minister Malcolm Turnbull in April last year confirmed reports that hackers had penetrated some of the bureau’s systems.
The bureau has refused to comment on the incident but last year said it was taking advantage of an infrastructure rebuild centred on its new supercomputer to boost its security posture.