澳洲安全策略透露,联邦政府机构去年遭遇400多起网

在澳大利亚澳洲新闻






国家最新安全战略显示,联邦网络安全机构去年应对了近450起针对联邦级实体的攻击。

澳大利亚公共服务机构将集中管理其信息技术,因为政府试图加强其数字网络的防御,以防止来自国家支持的行为者和国家的攻击。

周四发布的新网络安全战略显示,在2019-2020年澳大利亚网络安全中心应对的事件中,联邦、州和领地政府机构是35.4%的目标。

该中心的新数据显示,它应对了约450起涉及联邦实体的事件,以及超过350起针对州和领地级政府机构的攻击。

该战略标识出在网络安全方面的主要支出,并详细说明了加强防御措施以应对日益增长的攻击风险的长期努力。

(该战略的)首要任务将是集中管理和运营联邦机构运行的大量IT网络。

"集中化可以减少民族国家或国家支持的对手等敌对行为者可利用的目标数量,并允许澳大利亚政府将其网络安全投资集中在数量较少的更安全的网络上,"该战略说。

它还表示,联邦机构将通过采用澳大利亚信号局推荐的、被称为 "基本八项 "的安全措施来提高政府的网络防御能力。

"澳大利亚政府机构还将重新重视管理网络安全风险的政策和程序,"该战略说。

新南威尔士大学教授、网络安全专家格雷格-奥斯汀表示,在集中管理政府IT网络的过程中,公共服务机构可以保留对其IT系统的控制权,但安全安排和审计可能会被集中管理。

"这个细节必须要弄清楚,它有一定的吸引力,但需要仔细弄清楚,"他说。

奥斯汀教授说,新南威尔士州政府提供了一种模式,要求部门负责人承担网络安全责任。他说,类似的方法可以让APS(Australian Public Service)受益。

"需要给部门主管施加更多压力,让他们承担责任。"奥斯汀教授说。

近年来的一系列报告显示,联邦机构在采取网络安全措施方面已经落后了。

在2019年的一份报告中,澳大利亚信号局发现整个政府的网络安全水平参差不齐,一些实体仍然容易受到威胁。它说,一些机构对 "基本八项 "战略存在误解、误读和不一致的应用。

新的网络安全战略表示超过三分之一的事件影响到提供医疗、教育、银行、水、通信、交通和能源的关键基础设施提供商。

"针对这些服务之一的成功网络攻击可能会对更广泛的经济和澳大利亚的生活方式产生重大影响,"该战略说。

它说,这种情况在海外发生过,2015年乌克兰电力设施的中断,2017年沙特石化设施的Triton攻击,以及2017年NotPetya和WannaCry攻击,这些攻击冲击了全球金融、运输和医疗服务。

https://www.canberratimes.com.au ... uxggj4-AfCsW5rkAQAA


评论
英文原文如下:
Federal government entities hit with more than 400 cyber attacks last year, security strategy reveals

The federal cyber security agency responded to nearly 450 attacks on Commonwealth-level entities last year, the nation's latest security strategy reveals.

Australian Public Service agencies will centralise their IT as the government tries to strengthen the defences of its digital networks against attacks from state-sponsored actors and nation states.

The new cyber security strategy, released on Thursday, shows Commonwealth, state and territory government bodies were the target in 35.4 per cent of incidents the Australian Cyber Security Centre responded to in 2019-2020.

New figures from the centre show it responded to about 450 incidents involving Commonwealth entities, and more than 350 attacks on state and territory level government bodies.

The strategy flagged major spending on cyber security, and detailed long-term efforts to bolster defences in response to the growing risk of attacks.

It said the first priority would be centralising the management and operations of the large number of IT networks run by federal agencies.

"Centralisation could reduce the number of targets available to hostile actors such as nation states or state-sponsored adversaries, and allow the Australian government to focus its cyber security investment on a smaller number of more secure networks," the strategy said.

It also said federal agencies would improve the government's cyber defences by adopting safety measures recommended by the Australian Signals Directorate and known as the "Essential Eight".

"Australian government agencies will also put a renewed focus on policies and procedures to manage cyber security risks," the strategy said.

MORE PUBLIC SERVICE NEWS:

ATO flags interest in COVID-19 vaccine for staff
Centrelink delays cause millions in unpaid compensation to sit idle
Time for govt to get with the program, new style guide released
UNSW professor and cyber security expert Greg Austin said in centralising government IT networks, public service agencies could retain control over their IT systems but that security arrangements and auditing may be centralised.

"That detail has to be worked out and it has some appeal, but it needs to be worked out carefully," he said.

Professor Austin said one model was provided by the NSW government, which required department heads to take responsibility for cyber security. A similar approach could benefit the APS, he said.

"More pressure needs to be put on department heads to take responsibility," Professor Austin said.

A series of reports in recent years have shown federal agencies have fallen behind in adopting cyber security measures.

In a 2019 report, the Australian Signals Directorate found levels of cyber security varied across the government and that some entities remained vulnerable to threats. It said some agencies had misunderstood, misinterpreted and inconsistently applied the "Essential Eight" strategies.


The new cyber security strategy said more than a third of incidents affected critical infrastructure providers delivering healthcare, education, banking, water, communications, transport and energy.

"A successful cyber attack against one of these services could have significant ramifications for the broader economy and Australian way of life," the strategy said.

It said this had happened overseas in the 2015 disruptions to power facilities in Ukraine, the 2017 Triton attacks on Saudi petrochemical facilities, and the NotPetya and WannaCry attacks in 2017 that hit financial, transport and healthcare services globally.
澳洲中文论坛热点
悉尼部份城铁将封闭一年,华人区受影响!只能乘巴士(组图)
据《逐日电讯报》报导,从明年年中开始,因为从Bankstown和Sydenham的城铁将因Metro South West革新名目而
联邦政客们具有多少房产?
据本月早些时分报导,绿党副首领、参议员Mehreen Faruqi已获准在Port Macquarie联系其房产并建造三栋投资联

中文新闻,澳洲经济,时事,华人论坛动态,悉尼本地消息,墨尔本,珀斯,布里斯班,澳洲新闻,澳大利亚华人网,澳洲华人论坛

澳洲新闻

突发:Westfield Marion 因持枪人员被封锁

澳大利亚正如标题所示,新闻内容将会更新 南澳大利亚警方敦促阿德莱德南部居民避开 Westfield Marion 购物中心,因为有报道称一名武装罪犯在逃。 当局在一份声明中表示,警方正在对下午 3:3 ...

澳洲新闻

“亲华”达顿是否从鹰派变成了鸽派?

澳大利亚在所有用来形容达顿的词语中,“亲华”不会排在首位。然而,在中国总理李强准备对澳大利亚进行高调访问之际,这位反对派领导人正是如此评价自己的。 但当被问及他是否像阿尔巴 ...

澳洲新闻

北群枪击案凶手瑞恩·科尔有藏毒前科

澳大利亚被指控的杀人犯瑞安·科尔在本周生日前的几个月里,一直在他昆士兰州北部家的前院翻新一艘旧渔船。 附近的居民经过他位于南麦凯罗布广场的家时向他挥手打招呼,并对他的修复工 ...

澳洲新闻

今天中午全国最冷的首都是悉尼

澳大利亚今天中午悉尼很冷,天气预报说这是全国最冷的首府城市。 Weatherzone 报告称,悉尼正午气温为 10.9 摄氏度。 新南威尔士州海岸正在下雨,悉尼部分地区的气温为 7.2 度。 中午墨尔本气温 ...

澳洲新闻

加拿大准备向澳大利亚出售核技术

澳大利亚加拿大创新部长弗朗索瓦·菲利普·商鹏飞告诉天空新闻,加拿大已准备好向澳大利亚出售核技术,作为一种安全、具有成本效益的电力来源。 加拿大于 20 世纪 60 年代开始安全运营核能 ...

澳洲新闻

南澳女子背部中弹,可能是意外

澳大利亚在阿德莱德以北,一名妇女背部中弹,被送往医院。 这起事件于昨天下午 4:30 发生在 Hornsdale。 警方表示,初步调查表明这可能是一起事故。 所有相关各方都互相认识,对公众不构成威 ...