ACSC called in on 427 fed govt security incidents last year – Security

Commonwealth entities suffered 427 cyber security incidents last year that warranted a response from the Australian Cyber Security Centre (ACSC), new numbers from late last week show.

A report on the ‘Commonwealth cyber security posture in 2019’ [pdf], released as Australia headed into the Easter weekend, provided a detailed breakdown of incidents that impacted Commonwealth (or federal) entities last calendar year, though it does not disclose which entities were victims.

Commonwealth entities include federal parliamentary departments as well as “corporate” entities such as the ABC and Airservices Australia.

“In 2019, the ACSC responded to 427 incidents affecting Commonwealth entities – 65 percent of which were self-reported to the ACSC,” the report said.

“The remaining 35 percent were identified through: ACSC investigations; reporting from international partners and third parties; and analysis of a variety of classified and open-source material.”

Around 76 of the incidents involved a malicious email “sent … to gain unauthorised access to a network, account, database or website”.

Another 60 of the incidents involved the “unauthorised scanning of network ports and systematic attempts to guess passwords through repeated attempts”, while eight percent – or around 34 incidents related to “a system on which an actor has accessed or modified a network, account, database or website without authorisation.”

“Cyber operations were often sophisticated, and deliberately targeted Australia in order to obtain information on: defence capabilities; cutting-edge Australian research; valuable intellectual property; and the personal information of Australian residents and Government staff,” the report said.

“These threats had the potential to affect the ability of the Australian Government to effectively serve the public and keep their trust.”

The report said that entities’ maturity around implementing the Essential Eight baseline continues to improve.

In addition, it said, most entities were now able to accurately identify the number of “cyber security events and incidents” they suffered per day, week or other time interval.

“In 2018, most respondents to the ACSC Cyber Security Survey were unable to provide data on cyber security events or incidents observed in their entity’s environment,” the report said.

“In 2019, the majority of respondents reported experiencing hundreds of cyber security events or incidents per day, with only 10 percent unable to provide data.”

Just how the total number of incidents in 2019 – 427 – compares to prior years is somewhat difficult to accurately ascertain, as numbers have previously been sporadically disclosed.

They have also previously been disclosed as financial years rather than calendar years.

A question on notice published late last year stated that “In 2018-19, ASD [the Australian Signals Directorate] logged over 2100 triaged events. Of these, approximately 360 requests were from Commonwealth agencies,” it said.

Across the prior three financial years, “there were 1097 cyber incidents affecting unclassified and classified [federal] government networks that were considered serious enough to warrant an operational response,” iTnews reported early last year.