The consolidation of online services in the Department of Human Services (DHS) will help stop cyber attacks on its agencies, according to outgoing head of IT John Wadeson.
John Wadeson (Credit: Josh Taylor/ZDNet Australia)
As part of over half a billion dollars invested in consolidating the ICT infrastructure of Medicare, Centrelink and the Child Support Agency in the last budget, $157.6 million will be spent over the next four years to develop a single online portal. This portal can be used by customers of the agencies, in order to manage their information and conduct transactions online, all using a single log-in.
At a budget estimates hearing earlier this month, Wadeson was asked whether Centrelink would be susceptible to brute force attacks in a similar method used against other government agencies found to be vulnerable in a recent auditor-general's report. According to Wadeson, the single DHS online portal will help reduce the number of attacks.
"The reduction in the number of internet gateways, and those sorts of projects, are generally aimed at improving the resilience against these sorts of possibilities," he said. "In human services, we will be hosting something like 16 or 17 agencies all on one gateway. That way, you have much more control over what is coming in and out of networks, and so on. There are a whole lot of these sorts of things that go on that are just generally aimed at stopping these sorts of attacks."
Wadeson said that the department is also working closely with Defence Signals Directorate (DSD) to improve security in DHS.
"We are always upgrading and working on ways of countermeasures to these sorts of attacks. DSD has the view that we do everything that is appropriate for the security threats that we face," he said.
That includes running brute force tests, Wadeson added.
"We have done a number of exercises with DSD against these sorts of threats. We will have to keep moving, because these threats keep moving and improving. I have found that generally the advice we get enables us to keep ahead of what generally is regarded as the current state of that sort of malpractice," he said. "It is a very complex and technical area, but the way in which it is organised through government is quite strong."
The Western Australian government also came under criticism by its auditor-general last week, for failing a number of penetration tests across a number of government agencies that allowed access to credit card information and confidential government documents.