In the face of ever-increasing cyber threats, the Albanese Labor Government is announcing new reforms to increase security for Government systems to protect Australia from malicious attacks.
A number of initiatives under the 2023-2030 Australian Cyber Security Strategy, and Commonwealth Cyber Security Uplift Plan, come into effect this month, including the release of the Systems of Government Significance (SoGS) Standard under the Protective Security Policy Framework.
Through these initiatives, we are modernising Australia's approach to security by strengthening all layers of government security - ensuring we remain flexible, proactive and prepared to adapt to new challenges.
These reforms meet the Government's commitment to exceed requirements placed on critical infrastructure through the Security of Critical Infrastructure Act 2018 and Systems of National Significance, and enhance the cyber security capability of Australian Government agencies - ensuring they have the tools needed to defend from cyber threats.
The Systems of Government Significance will deliver a prioritised list of the Australian Government's critical digital functions and systems, based on the potential for significant consequences to Australia's economic prosperity, social cohesion or national interest if disrupted.
Declared systems will have additional obligations placed upon them to mitigate risks and uplift their cyber security capability.
A number of entities across the Commonwealth participated in test cases and collaborated on the development of assessment criteria as part of the development of the SoGS Standard. The test cases included the Australian Taxation Office, Australian Border Force, and the National Blood Authority.
Following the collection of information from Commonwealth entities, an assessment process will occur to finalise a register of Systems of Government Significance.
Other reforms that will uplift Australian Government cyber security include the 2025 release of the Protective Security Policy Framework, which features a focus on new and emerging technologies and ensures the policy settings are appropriate for the contemporary threat environment.
This month, commencement of reforms to the Hosting Certification Framework will provide a more transparent, flexible and enforceable lever for the Australian Government with key cloud and data centre providers.
Quotes attributable to Minister for Cyber Security Tony Burke
"Australians are increasingly concerned about their digital safety, and the Government is stepping up its commitment to keep people safe from cyber threats.
"The Systems of Government Significance program allows us to be smarter about where we concentrate our efforts and resources into protecting our government's most sensitive data."
Quotes attributable to ATO Chief Information Officer and Chief Security Officer Mark Sawade
"The safety of taxpayers' information is of the utmost importance to us and our participation in the pilot is crucial in ensuring that we continue to safeguard our systems and ways of working."
Quotes attributable to ABF Deputy Commissioner Tim Fitzgerald
"The ABF's mission to protect and manage Australia's border and ensure the safety and security of all Australians, including against cyber threats, underscored the importance of ABF's involvement in the pilot for this regime."
Quotes attributable to the National Blood Authority CEO Mr. John Cahill
"Our commitment to maintaining the security and safety of our systems guided the importance of our participation in the test cases run by the Department of Home Affairs. As a very small agency, the expertise shared enabled us to concentrate our efforts to mitigate cyber incidents."
More information about Commonwealth Cyber Security Uplift reforms is available at Commonwealth Cyber Security Policy Consultation Package.
