Queensland reports 37 attempted denial of service attacks against government

The Department of Science, Information Technology and Innovation said it successfully mitigated the 'major' attacks against the government.

During the 2016-17 financial year the Queensland government said it successfully mitigated 37 "major" denial of service attacks against government infrastructure.

The state's Department of Science, Information Technology and Innovation also provided security intelligence by collecting and analysing an average of 8 million logged events per day from more than 130 sources over the 12-month period.

The statistics were published in the department's 2016-17 Annual Report [PDF], which also said it delivered a suite of whole-of-government cybersecurity protections and programs to "increase capability and maturity across government".

The department also said it worked closely with the federal government to help establish the first Joint Cybersecurity Centre in Brisbane.

Launched in February, the centres aim to boost cybersecurity resilience in the country by bringing industry, government, and law enforcement together to share relevant threat information under the one roof.

The Brisbane centre is the first stage of the AU$47 million program that will also see similar centres established in Sydney, Melbourne, Adelaide, and Perth.

The AU$47 million Joint Cyber Security Centre program was designed in partnership with industry and forms part of Australia's Cyber Security Strategy.

In February last year, the state announced its own cybersecurity commitment, pumping AU$12.5 million into tackling cybercrime and potential threats made against the state's IT infrastructure, with the four-year investment used to form a new Cyber Security Unit and keep it running to provide further protection of the government's systems.

Shortly after, it emerged that Department of Premier and Cabinet director-general David Stewart had his email account hijacked, and that it was used to circulate bogus emails in his name that contained a malicious virus.

Looking forward, the department said it wishes to further strengthen the government's cybersecurity defences and capability through proactive incident detection and mitigation and "addressing cybersecurity challenges". It also hopes to build on existing internal capability to mature data-sharing and data analytics across government.

The annual report also summarised the department's yearly activities, including those under the state's Advance Queensland initiative.

One achievement director-general Jamie Merrick highlighted in his foreword was the government's uptake in procuring services from small and medium-sized businesses.

"In 2015-16, we doubled the number of contracts we had with small and medium-sized businesses; in the last year, we have more than doubled that again," Merrick wrote. "Not only is this delivering smarter and lower cost public services, it is also supporting the growth of Queensland businesses."

According to Merrick, the department is changing the way it does business, and said industry is responding. The department is also accountable for the state's IT services provider, CITEC, which was saved from outsourcing in May 2015.

CITEC provides security, cloud, datacentre, managed IT, services, and networks to other state government departments and agencies.

Over the 12 month period summarised in the department's annual report, the state government processed an estimated 19 billion government business transactions each week, worth over AU$40 billion every year, through the infrastructure and platforms managed by CITEC.

Although the IT agency experienced major woes in the past, CITEC maintained an availability of 99.98 percent on more than 22,590 network devices, 1800 servers, and 2800kW of datacentre power during 2016-17. It also maintained 99.93 percent service availability for the Queensland Government Customer Identity Management (CIDM) system, the department said.