A comprehensive audit of government hardware and software will look at which applications have been downloaded onto which devices and where they are, Communications Minister Michelle Rowland says.
Ms Rowland says foreign interference is the greatest threat faced by the government and it’s incumbent on agencies to do all they can to understand their vulnerabilities.
“It’s basically an audit of government hardware and software so we understand what applications have been downloaded onto what devices, where they are located”, she told the ABC.
“It is necessary to understand what government applications are and what government hardware is out there, what other vendors may be susceptible to.”
Identifying and managing risks
A Protective Service Policy Framework (PSPF) directive signed by Home Affairs Secretary Stephanie Foster on July 5 and published on July 8 requires Australian government entities to ‘identify and actively manage the risks associated with vulnerable technologies they manage, including those they manage for other entities’.
The directive says there’s a pressing need for agencies to proactively seek out weaknesses on government networks.
By June 2025 all entities must carry out a stocktake of all internet facing systems and services capturing the manufacturer, supplier and provider, or outsourced manager, and submit their stocktake to the Home Affairs cyber and protective security branch.
A second directive says agencies must put in place a process to manage potential FOCI procurement risks before June next year
And a third directive requires government entities using threat intelligence sharing platforms to share information with the Australian Signals Directorate.
Departments may be required to conduct stocktakes on an ongoing basis, Ms Rowland said.
I actually think going forward, given the threat level, given the amount of concern over foreign interference, this is may well be something that continues into the future, and rightly so.
Michelle Rowland
“I think that Australians would expect governments to know where their devices are, how they’re being used. And I think that this is a sensible approach,” she said.
“And I actually think going forward, given the threat level, given the amount of concern over foreign interference, this is may well be something that continues into the future, and rightly so.”
She said she expected that departments will need to comply with the directives out of their own budget.
“I think that it’s appropriate that departments take account and be accountable for their own hardware and software,” she said.
The Protective Security Policy Framework (PSPF) is administered by the Department of Home Affairs. It sets out government protective security policies and supports entities in implementing them.
The first PSPF direction was issued in 2023 to restrict the use of TikTok on government devices.
Leave a Reply