Modernisation and upping cyber compliance on the agenda for Geoscience Australia

The government agency plans to make security upgrades that are in line with the Essential Eight and keep digital transformation a priority.
Written by Aimee Chanthadavong, Contributor

Geoscience Australia has gone to market as part of its plans to further modernise its IT environment by shifting off legacy platforms and making continued improvements toward more modern platforms through 2021.

In a request for tender, Geoscience Australia said it is seeking a service provider to act as the single point of contact for any IT-related incidents and requests; provide end user computing; and provision business and corporate applications.

Additionally, Geoscience Australia also plans to upgrade from Skype for Business to Microsoft Teams for enterprise voice, video conferencing, and collaboration tools; make networking enhancements around remote access/VPN and end of life elements; improve its record management system capabilities; and implement a customer relationship management system.

Geoscience added there are plans to make further IT security enhancements so that it is in line with the Essential Eight controls for mitigating cyber attacks, which entails reviewing all existing identity-related processes and automating "unnecessary manual steps" through single multifactor login.

"As we deal with more and more networks and endpoints, identity has become important as one of many factors that act as the new network boundary. Identity gives us a powerful common layer that we can control across many different networks and endpoints," Geoscience Australia said.

"Identity is a critical component of the new chain of trust that binds and protects our resources across various endpoints in a way that facilitates our mobile workforce."

In a previous ANAO audit on cyber resilience, Geoscience Australia was labelled as lacking where the Top Four mitigation strategies were concerned. 

Following the ANAO probe, Geoscience Australia agreed to up its security posture, telling the Joint Committee of Public Accounts and Audit in March last year that it would be compliant with the Top Four by 30 June 2019.

The Top Four are mandatory and the Essential Eight are recommended as best practice.  

See also: Industry report calls for ACSC to get offensive and smaller agencies to get cyber help

In its tender documents, Geoscience Australia also revealed how it is hoping to retire a "small number" of Window 7 devices, as well as upgrade the infrastructure of its existing Citrix-based remote desktop environment which is nearing the end of its life cycle.

Geoscience Australia's plans to carry out additional IT work follows work the agency has been undertaking over the last two years across its IT environment, specifically in end user computing, enterprise voice and collaboration, in-cloud compute, identity, database, and IT security.

The IT service provider will be charged with providing support for Geoscience Australia's headquarters based in the Australia Capital Territory and its remotes sites, such as its Alice Springs ground station and potentially Yarragadee in Western Australia, the tender documents said.

The initial contract will be for three years, with the option to extend it to a maximum term of five years.

Tender submissions close September 30, with an anticipated start date of April 2021.

Geoscience Australia had previously said it would fix its culture by immersing its staff in the world of government-owned enterprise by learning from others, such as Australia Post, that are "leading" the way.

"We ended up sending four staff down to Melbourne to go work for Australia Post for 100 days to learn their culture internally and flew another 30 or 40 people down on day trips to see how they worked with continuous delivery and cloud engineering," Geoscience Australia director of scientific computing Ole Nielson said at the time.

Related Coverage 

Editorial standards