A parliamentary inquiry is underway into the Australian Taxation Office and Department of Immigration and Border Protection after they were criticised for lax cybersecurity.
The Australian National Audit Office last month published the results of its cybersecurity audit at the department of immigration, department of human services, and the ATO. The report found that only Human Services was “cyber resilient”, while the other two departments were vulnerable to attack.
“To progress to being cyber resilient, the Australian Taxation Office and the Department of Immigration and Border Protection need to improve their governance arrangements and prioritise cybersecurity,” the audit concluded.
ATO suffered the wrath of taxpayers last year when online lodgements were interrupted during the end-of-October peak. The MyGov website, run by human services, had reportedly suffered from denial-of-service attacks, which had flooded its systems with useless, disruptive traffic. The tax office also suffered a series of outages over December and January, although that was attributed to a hardware fault.
The ANAO audit found that immigration had a strategy for application “whitelisting”, a protective scheme in which only sanctioned software can run on its computers, but didn’t actually execute it. The ATO only formed a whitelisting strategy while the audit was in progress.
The two organisations also failed to apply applications and operating systems updates (‘patching’) properly, and had “insufficient protection” against cyberattacks from external sources.
In response, the joint committee of public accounts and audit launched an inquiry into cybersecurity compliance last Friday to keep an eye on all three organisations.
Committee chair senator Dean Smith said cybersecurity is “integral” to protecting both the government and citizens.
“Government entities are required to implement mitigation strategies to reduce the risk of cyber intrusions. The committee is continuing its oversight of entities’ compliance with the mandated strategies with the launch of this inquiry,” the senator said.
The three agencies are considered major users of technology in the public sector, with the ATO collecting electronic lodgements worth more than $440 billion in gross tax revenue each year and the immigration department processing seven million visas and two million pieces of import and export cargo.