ACT govt sites repel 646,700 attacks

Australian Capital Territory government websites faced 646,700 attacks in 2009/2010, but managed to defend themselves against all of them, according to the territory's chief minister.

The attacks had been ranked in severity using the Common Vulnerability Scoring System standard as high, medium or low. Of the 646,700 attacks, 78,000 were rated as high, 565,000 as medium and 3700 as low.

"The fact that not one of the 646,700 cyber attacks on ACT Government-hosted websites was successful demonstrates the robust security procedures and tactics in place," Chief Minister and Minister for Territory and Municipal Services, Jon Stanhope said in a statement.

The government had implemented a "layered defence" against attacks on 98 ACT sites, according to Stanhope.

"[The ACT government shared services agency] InTACT continually improves its ICT infrastructure gateway by deploying well managed firewalls, intruder prevention systems and geographically dispersed websites. The vulnerability levels of the public-facing websites are continually being reviewed by both automated and manual testing," he said.

"Prior to allowing a new website to go live, InTACT's ICT security team tests the vulnerability of the site to cyber attacks using automated and manual tactics. The security team also conducts periodic audits across websites using an internal ethical hacker."

Stanhope said that the ACT Government worked with the Defence Signals Directorate and other federal government organisations, informing them of serious attacks on the territory. He said the government also received advice from security response team AusCERT.

"These relationships, allied with our own robust security measures, mean that we are well placed to deliver vigorous monitoring and testing of websites and to ensure we continue to meet cyber attacks head on."