At the direction of the Ministry of the Interior, the Federal Government of Australia will conduct inventory of all their Internet systems and services until June next year.
According to the order signed by the Secretary of the Ministry of the Interior Stefani Foster on July 5, there is an urgent need to strengthen technology management practices in state structures.
State institutions should conduct an audit of any equipment, software, or information systems, platforms, mobile applications, or services that store, process, transmit, or transform official or secret information belonging to or used by the Australian government.
The purpose of the initiative is to develop departments and agencies plan to manage risk management in the field of technological security for all Internet systems or services that will be part of their general security system.
The plan should include methods for managing the life cycle of technologies, measures to reduce vulnerabilities in the field of cybersecurity and risks of the supply chain, as well as ways to ensure constant visibility and monitoring of the environment.
An additional order requires the government to control the risks associated with foreign ownership, influence, or control of technologies at the time of their purchase. This may be due to an increase in attention to the use of Chinese drones and surveillance chambers by agencies and critical infrastructure operators in recent years, where there is a tendency to replace local alternatives.
The third order obliges all 189 state institutions that fall under the framework of the defense policy (PSPF) to share information about cyberosis with the Australian signal control (ASD). In practice, this means that the ASD will have a national idea of all the possibilities of “cyberism hunting” used by government agencies, and all of them will be connected to the intelligence exchange platform about cyberosis (ctis).
Sarah Slan, the head of the government affairs department and the state policy of Palo Alto Networks, said that this is only the second case of using the Government of its obligatory directive powers. The first case was associated with the ban on the Tiktok application on devices issued by state departments and agencies.
Slan also added that the inventory focused on vulnerabilities is “great” to help the government to quickly find and protect vulnerable systems.