ACT hacks questioned
Two hacks on the ACT Government show a “lack of awareness”, according to one security expert.
Nigel Phair, the head of UNSW Canberra's cyber unit, has questioned the digital security of smaller governments like the ACT's, after hackers twice gained access to ACT Government directories, containing corporate contact information for thousands of public servants.
“I don't think there's any awareness at all,” he said.
“I think if you ask the average person at those organisations, they'd say; ‘We're not a bank, why would anyone want to hack us?’”
The ACT’s chief digital officer, Bettina Konti, said the breaches were worrying.
“On the one hand, a lot of that information would be available in public directories, particularly for senior officials in governance,” she said.
“But on the other hand, it's still concerning.
“We still need to do everything that we can to make sure that we mitigate the risk of that happening again.”
The Government has moved to respond, rolling out greater use of two-factor authentication before significant transactions.
The systems often involve a text message containing a unique password sent to a person's phone, which must be entered alongside the ordinary password.
Mr Phair said it is the very least organisations that could be done.
“It's pleasing that they've done something after the fact,” he said.
“But this is basic cyber hygiene and something they really should have had in place before.”
Ms Konti said the Government knows its responsibility.
“As a government … we're highly aware that the community holds us to a much higher bar of security integrity than they do other organisations,” she said.
“And in the ACT, we have a team of cyber-security professionals working around the clock to ensure that all of our controls are in place and we're monitoring for those kinds of things.”
But she added that risks could not be avoided entirely.
“No organisation is invulnerable to cyber attacks,” she said.
“It's not possible to mitigate completely the risk of a cyber attack in any organization.
“In the same way that it's not possible to completely eliminate serious crime in our community.”