By Lilia Guan
The publication of more than 250,000 sensitive documents from the US Embassy has raised concerns about government IT security.
Non-profit whistle blowing agency, Wikileaks, released confidentail documents, giving the public an insight into the US Government’s foreign activities.
A spokesperson from the Attorney-General’s Department confirmed with Government News the leak was currently being being investigated by US authorities. The documents leaked are US-classified material.
“The sort of offences that could be relevant may include offences relating to the unauthorised use or disclosure of classified information,” he said.
In Australia the protection of Government information systems was one of the three key objectives of the Government’s Cyber Security Strategy, the spokesperson said.
“The Government relies heavily on information and communication technology to deliver its services and agencies must actively manage security risks associated with electronic data transmission, aggregation and storage,” he said.
However as indicated in the Cyber Security Strategy, the Government was reviewing its protective security policy to ensure that its information security policies and standards continue to reflect international best practice.
The spokesperson said in June this year, the Australian Government released a new Protective Security Policy Framework.
The Framework aimed to create "an appropriate security culture amongst government agencies, setting out the mandatory protective security, including information security, requirements expected by Government".
“The Government was progressively reviewing the information security policies and procedures which support this framework,” the spokesperson said.
“The work began some months ago and the lessons of this most recent incident will be an important input into this process.”
However no organisation should feel 100 percent confident that this won’t happen to them, According to the CIO of South Australia, Andrew Mills.
“It’s worrying when something like this happens,” he said.
“I don’t think any of us should be confident that this won’t happen [within own organisation]. This happened to two of the most secure [government] organisations in the world.”
Mr Mills said organisations implement technology based on risk and the IT department has to balance that risk with their budget.
“I don’t think you’ll ever be able to get rid of the human aspect [within security].”
According to Mr Mills IT departments had to ensure useability, without locking down the system to tightly.
“There’re balances that need to be checked with whatever technology you put in,” he said.
Data secuirty vendor Imperva's data security expert, Robert Rachwald, said the Wikileaks could happen to any government around the world.
“What happened was there was too much trust put in the hands of single low level military personnel,” he said.
“[Within a six month period] he was able to download privileged information and recognised the value of what he had.”
Mr Rachwald said too much IT “privilege” was given to a single user and there were “no checks and balances” in place to stop him from being able access corporate data.
.gif)
.gif)
