http://australianit.news.com.au/common/storyPage/0,3811,2904111%255E442,00.html Selina Mitchell 21 September 2001 INSECURE and vulnerable government websites have been fortified against cyber attacks after an Auditor-General's security review. But the security levels were still insufficient in the majority of cases, acting Auditor-General Ian McPhee reported. In the midst of the crippling Nimda computer virus attacks, Mr McPhee said audited federal government agencies had not properly secured their internet services and had been forced to fix a number of vulnerabilities during the process of the audit. The vulnerabilities threatened the confidentiality, availability and integrity of crucial government information systems and data holdings, Mr McPhee said. The report was released on the same day the federal parliamentary network was among those struck by Nimda, which has affected government and business websites, and internet traffic worldwide. Network services, which provide access to the internet for all parliament house staff and their 250 electorate offices, were expected to be fully functional again this morning. Access to the network was disrupted from about 8.30pm on Wednesday. Ten agencies' internet, email and website services were scrutinised by the audit office and the Defence Signals Directorate. Six were found to have significant vulnerabilities, potentially exploitable by a malicious user over the internet. Security issues were identified in all sites tested. The agencies were advised to fix the problems and conduct a thorough risk assessment and review of security policy. "For the majority of agency websites in the audit, the current level of internet security is insufficient, given the threat environment and vulnerabilities identified within a number of agency sites," Mr McPhee said. The increasing reliance on electronic government to deliver programs and services created additional security risks, Mr McPhee said. Security levels across the audited agencies varied significantly from very good to very poor, he concluded. All agencies audited had prepared an IT security policy but they varied in quality. Only the larger agencies, particularly those that managed IT resources in-house, had developed comprehensive security and disaster recovery plans. The audited agencies included the Bureau of Statistics, Treasury and the tax office. - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Fri Sep 21 2001 - 03:26:34 PDT