The Treasury and 30 other federal government departments and agencies have automatically received an information security classification upgrade after commonwealth enterprise cloud provider TechnologyOne passed a rigorous cyber security assessment.
Following the assessment TechnologyOne’s cyber security rating was elevated from “Official: Sensitive” to “PROTECTED” under the Australian Signals Directorate’s Information Security Registered Assessors Program better known by its shorter name “IRAP”.
The more stringent IRAP assessment means that data the 31 departments and agencies handle using TechnologyOne’s platform and applications will automatically receive the higher security level.
TechnologyOne chief executive officer Ed Chung said that change would spare agencies that handle data carrying both classifications, Sensitive and PROTECTED, the need to duplicate network operations.
“Almost all Commonwealth agencies have data that is classified as PROTECTED. Often, agencies run entirely separate networks to keep data classified as PROTECTED separate from data classified as less sensitive. They have done this because PROTECTED systems are more expensive to maintain, however running separate networks adds complication and expense,” Chung said.
“We will absorb the additional cost so they can put all data into the more secure environment, and at the same time remove the friction between the separate networks,” he added.
TechnologyOne’s improved security assessment follows a steady stream of federal government cyber security spending announcements, including a $1.35 billion package to improve the ASD’s cyber security capabilities unveiled in June and a $680 million funding injection for its digital identity system revealed this week.
The announcements reflected concerns in Australia’s and its allies’ intelligence communities over increasing cyber offensive activity globally and its growing role in international conflict.
In February 2019, suspected state sponsored hackers attempted to penetrate the Australian parliament’s computer network in an apparent bid to steal politicians’ passwords. Later in the year the Australian National University revealed that state actor was behind data breach which compromised student records dating back over 19 years.
In neither case were authorities prepared to name the state behind the attacks.