[ISN] Cyber security alarm in Canberra

From: InfoSec News (isnat_private)
Date: Fri Sep 21 2001 - 00:47:22 PDT

  • Next message: InfoSec News: "[ISN] Y2K plans aided in recovery, but more planning needed"

    Selina Mitchell
    21 September 2001 
    INSECURE and vulnerable government websites have been fortified
    against cyber attacks after an Auditor-General's security review.
    But the security levels were still insufficient in the majority of
    cases, acting Auditor-General Ian McPhee reported.
    In the midst of the crippling Nimda computer virus attacks, Mr McPhee
    said audited federal government agencies had not properly secured
    their internet services and had been forced to fix a number of
    vulnerabilities during the process of the audit.
    The vulnerabilities threatened the confidentiality, availability and
    integrity of crucial government information systems and data holdings,
    Mr McPhee said.
    The report was released on the same day the federal parliamentary
    network was among those struck by Nimda, which has affected government
    and business websites, and internet traffic worldwide.
    Network services, which provide access to the internet for all
    parliament house staff and their 250 electorate offices, were expected
    to be fully functional again this morning.
    Access to the network was disrupted from about 8.30pm on Wednesday.
    Ten agencies' internet, email and website services were scrutinised by
    the audit office and the Defence Signals Directorate.
    Six were found to have significant vulnerabilities, potentially
    exploitable by a malicious user over the internet. Security issues
    were identified in all sites tested.
    The agencies were advised to fix the problems and conduct a thorough
    risk assessment and review of security policy.
    "For the majority of agency websites in the audit, the current level
    of internet security is insufficient, given the threat environment and
    vulnerabilities identified within a number of agency sites," Mr McPhee
    The increasing reliance on electronic government to deliver programs
    and services created additional security risks, Mr McPhee said.
    Security levels across the audited agencies varied significantly from
    very good to very poor, he concluded.
    All agencies audited had prepared an IT security policy but they
    varied in quality. Only the larger agencies, particularly those that
    managed IT resources in-house, had developed comprehensive security
    and disaster recovery plans.
    The audited agencies included the Bureau of Statistics, Treasury and
    the tax office.
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
    of the mail.

    This archive was generated by hypermail 2b30 : Fri Sep 21 2001 - 03:26:34 PDT