Defence examines breaches of on-printer, unaudited, and misdelivered matters

An unnamed Australian Defence Force official printed off secret images of asylum seeker boat operations, not to leak to the media, but to show friends what interesting work he or she did each day.

Then there was the stash of around 5,000 confidential and secret defence documents inadvertently delivered to a Canberra commercial waste recycling facility in 2014.

A series of reports on Defence Security Agency (DSA) investigations of security breaches, released under Freedom of Information, show that the Australian Defence Force has had its share of incidents.

The most concerning incident appears to relate to a modification of a computer at the joint operations headquarters in 2013, resulting in an omission of most audit events from the audit log for a period of around six months.

In theory, that could conceal other activities on the computer, though the DSA reports give no indication that anything improper occurred. The DSA could not say how this happened.

Speaking earlier this month at Check Point's Cyber Security Symposium, Major General Stephen Day, head of cyber and information security at the Australian Signals Directorate, said the ASD had "some pretty ordinary years" when it comes to defending Australian government networks.

"Things started to turn for the better in 2012 as the awareness campaign started to get traction."

Day said that the speed with which security issues are identified has dropped from months to weeks.

"Our recent experience is that it's measured more in weeks than months. So I have reasonable confidence, but I wouldn't be surprised -- though I would be disappointed -- were there to be more problems than we've identified in 2013 and 2014," he said.

The ASD publishes its Top 4 Strategies to Mitigate Targeted Cyber Intrusions, which is mandatory across the networks of the Australian government.

The fourth strategy is to minimise administrative privileges.

"Administrative credentials are primary targets of malicious intruders looking to propagate and persist in a network," the ADS recommends. "Good centralised logging, monitoring, and auditing of these credentials can provide early warning that such activity might be occurring in an organisation's network."

The DSA said the settings on the compromised computer have now been restored, and the number of senior staff members with the ability to make such changes has been reduced.

With AAP