News location:

Canberra Today 24°/28° | Friday, March 29, 2024 | Digital Edition | Crossword & Sudoku

ACT government systems at risk of cyber attacks

A REVIEW of ACT government computer information systems has shown they’re exposed to risks that could lead to errors and fraud, unauthorised access to sensitive information, cyber security attacks and loss of critical data, according to the auditor-general. 

The report titled “2018-19 Financial Audits – Computer Information Systems” was presented today (April 30) by auditor-general Michael Harris to the speaker for tabling in the ACT Legislative Assembly. 

Mr Harris says: “There are weaknesses in these controls that expose the ACT government’s systems and data to higher than necessary risks, which could lead to errors and fraud, unauthorised access to sensitive information, cyber security attacks, loss of critical data and the inability to promptly recover systems in the event of a major disruption or disaster.”

In particular, Mr Harris says these weaknesses relate to the effective management of user access to the ACT government network and applications, implementation of application whitelisting (a technique used to only allow authorised applications to operate on systems) and audit log monitoring to monitor the appropriateness of users’ activities. 

“Financial information produced from agency computer information systems is only as accurate and reliable as the data that is entered and maintained within them,” he says.

“It is, therefore, critically important that controls over these systems are appropriately designed, implemented and applied to minimise the risk of financial results being misstated in agency financial statements.” 

A review of these controls by the Audit Office as part of agency financial audits concluded that they continue to provide reasonable assurance that information reported by agencies in their financial statements is accurate, complete and reliable. 

Mr Harris says progress has been made by agencies to address long outstanding previously reported audit findings on their controls in recent years, although, he cautions that “agencies need to give a higher priority to promptly resolving identified weaknesses in these controls in the future to ensure that their computer information systems and data are not exposed to unnecessary risks for prolonged periods of time”. 

The Audit Office made 12 recommendations to agencies to improve their controls over their computer information systems. 

Who can be trusted?

In a world of spin and confusion, there’s never been a more important time to support independent journalism in Canberra.

If you trust our work online and want to enforce the power of independent voices, I invite you to make a small contribution.

Every dollar of support is invested back into our journalism to help keep citynews.com.au strong and free.

Become a supporter

Thank you,

Ian Meikle, editor

Share this

Leave a Reply

Related Posts

Follow us on Instagram @canberracitynews