The Australian government is set to conduct a comprehensive audit of all internet-facing technologies used by Commonwealth agencies due to increasing concerns about foreign interference and influence threats. Last week, Home Affairs Secretary Stephanie Foster issued formal directives requiring each federal government body to identify and mitigate potential risks.

Under these new instructions, nearly 200 Commonwealth entities and companies must now share cyber threat information with the Australian Signals Directorate. This move represents only the second use of the binding powers under the Protective Service Policy Framework (PSPF), the first being last year’s ban on the Chinese-owned app TikTok from Commonwealth devices.

On the same day these directives were issued, Home Affairs Minister Clare O’Neil announced new measures to counter foreign interference threats within the broader Australian community.

Under PSPF Direction 001-2024, government entities are told “to identify indicators of foreign ownership, control, or influence (FOCI) risk as they relate to the procurement and maintenance of technology assets and appropriately manage and report those risks.”.

“Foreign interference occurs when activity carried out by, or on behalf of, a foreign power is coercive, corrupting, deceptive, clandestine, and contrary to Australia’s sovereignty, values, and national interests,” the directive explains.

Government entities are told to “implement a process when undertaking procurement of technology assets to identify and manage potential FOCI risks” before June next year.

In the second directive, Foster orders “a technology asset stocktake on all internet-facing systems or services to identify all technology assets managed by, or on behalf of, the entity.”.

Additionally, Commonwealth entities are directed to “develop a technology security risk management plan for all internet-facing systems or services, as part of the entity’s overall security plan.”.

According to the third directive, it will now also be mandatory for all “Australian government entities using threat intelligence sharing platforms to share cyber threat information with the Australian Signals Directorate.”.

The Department of Home Affairs has yet to specify how the threat mitigation activities will be funded and has not responded to enquiries from the ABC. However, leading cyber security experts have welcomed the new directives.

“These directions mark a significant step in Australia’s journey to be the world’s most secure nation by 2030,” says Sarah Sloan, head of government affairs and public policy for Palo Alto Networks in Australia.

“The federal government, responsible for operating critical systems and safeguarding vital data, oversees the most essential functions of our nation—from delivering social security to ensuring national defence.

“It is imperative that these organisations lead in cybersecurity measures,” Sloan added, noting that the requirement for a stocktake of internet-connected technology assets and services was particularly pertinent.

“This emphasis on attack surface management (ASM) is well placed. With the rapid expansion of digital footprints due to cloud adoption, digital transformation, and remote work, robust ASM is crucial.”.

Editors Publicspectrum

Website | + posts

Public Spectrum is the first knowledge-sharing platform in Australia to embrace the entire public sector. This website is a platform where you can connect, collaborate, empower, inspire, and upskill with public sector professionals.

• New CEO to lead EMRC sustainability
• Scams Awareness on senior cybersecurity education
• Services Australia launches digital government booking
• Government's digital post bank solution