Home Affairs boss orders government-wide sweep for foreign cyber threats inside vulnerable technology
A comprehensive audit will be conducted into all internet-facing technology used by Commonwealth agencies, in a series of formal directions quietly issued by Home Affairs Secretary Stephanie Foster.
The instructions come over rising concerns about foreign interference and influence threats.
Details of how the threat mitigation activity will be funded have not been outlined, but the directives have been welcomed by leading cyber security figures.
A comprehensive audit will be conducted into all internet-facing technology used by Commonwealth agencies over rising concerns about foreign interference and influence threats.
In a series of formal directions quietly issued late last week, Home Affairs Secretary Stephanie Foster has instructed each federal government body to identify and mitigate potential risks.
Under the formal instructions it will now also be mandatory for the Commonwealth's almost 200 entities and companies to share cyber threat information with the Australian Signals Directorate.
The three Protective Service Policy Framework (PSPF) directives are believed to be only the second time the binding powers have been used, with the first involving last year's ban of Chinese-owned application TikTok from Commonwealth devices.
On the same day the secretary's directions were issued, Home Affairs Minister Clare O'Neil also unveiled a series of new measures to counter foreign interference threats in the wider Australian community.
Under PSPF Direction 001-2024, government entities are told "to identify indicators of Foreign Ownership, Control or Influence (FOCI) risk as they relate to procurement and maintenance of technology assets and appropriately manage and report those risks".
"Foreign interference occurs when activity carried out by, or on behalf of, a foreign power, is coercive, corrupting, deceptive or clandestine, and contrary to Australia's sovereignty, values and national interests," the directive explains.
Government entities are told to "implement a process when undertaking procurement of technology assets to identify and manage potential FOCI risks" before June next year.
In the second directive Ms Foster orders "a technology asset stocktake on all internet-facing systems or services to identify all technology assets managed by, or on behalf of, the entity".
Additionally, Commonwealth entities are directed to "develop a technology security risk management plan for all internet-facing systems or services, as part of the entity's overall security plan".
According to the third directive it will now also be mandatory for all "Australian government entities using threat intelligence sharing platforms to share cyber threat information with the Australian Signals Directorate".
Details of how the threat mitigation activity will be funded have not been outlined and the Department of Home Affairs has so far not responded to questions from the ABC, but the directives have been welcomed by leading cyber security figures.
https://www.abc.net.au/news/2024-07-09/home-affairs-boss-orders-sweep-for-foreign-cyber-threats/104072418