The Australian Cyber Security Centre (ACSC), in collaboration with the U.S. The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have released new protocols to enhance the reliability of system updates for software and service manufacturers. These guidelines, part of CISA’s “Secure by Design” series, aim to strengthen the integrity of Australia’s digital government by ensuring secure software deployment, reducing cyber risks, and maintaining public sector data stability.
The guidance outlines several critical steps:
- Security-first development: The Australian Cyber Security Centre (ACSC) urges software developers to adopt a secure-by-design approach from the very beginning of their projects. By embedding cybersecurity principles into the earliest stages of product design, developers can create a robust foundation that is less susceptible to threats. “Starting with a security mindset from the outset ensures a foundation that is less vulnerable to threats,” the ACSC highlights in its release.
- Continuous Vulnerability Management: The new guidance requires continuous vulnerability assessments even after initial deployment to ensure robust defences throughout a product’s lifecycle. It also mandates secure deprecation, ensuring systems are retired gracefully without exposing the public sector to hidden vulnerabilities.
- Rigorous Testing Protocols: A key element of the new guidelines is the implementation of strict, standardised testing before software release. CISA emphasises that this involves “robust testing and measurements” to simulate various real-world scenarios, thereby enhancing trust and reliability in public sector digital services.
- Incident Examples Highlighting Risks: The CrowdStrike outage highlights the risks of poorly managed updates, which can disrupt essential services worldwide. Such incidents underscore the necessity of a controlled deployment programme that mitigates risks through proactive planning.
- Proactive, Holistic Approach: The ACSC and CISA recommend that manufacturers adopt a proactive, holistic approach to security that spans the entire software development lifecycle rather than relying on reactive patches. The ACSC emphasises, “A proactive approach to security from design through deployment is essential to safeguard national data assets,” underscoring the public sector’s responsibility to maintain citizens’ digital trust.
This guidance targets software deployed across various systems, from mobile devices to cloud infrastructure, where consistent and secure updates are crucial for protecting Australia’s critical public sector data. By implementing these standards, the Australian government aims to maintain data integrity and bolster public sector resilience against cyber threats, ultimately fostering a stable digital environment for government operations.
These protocols lay a strong foundation for Australia’s digital government framework, boosting public sector accountability and reliability through structured and secure software deployment practices. As cyber threats continue to evolve, this guidance provides a crucial, systematic approach to reinforcing digital government integrity. It underscores the essential role of proactive, security-focused software development and deployment practices.