Defence is conducting a sweeping review of how it authorises ICT systems and will report annually to ministers on compliance after an audit revealed almost none of its systems have current accreditation.
The lack of documented accreditation and the patchy policies that gave rise to it over the last decade have raised concerns about avoidable cyber risks and backdoors into multi-billion-dollar Defence platforms.
Some systems are yet to be authorised or have had accreditation lapse, despite being assessed as having an “extreme” risk rating, while no briefings on ICT authorisations have been provided to the Defence minister for the last three years, even after requests for regular updates.
Want to know how this story ends?
Become a subscriber for complete access to all stories on InnovationAus.com and our daily newsletter.
Do you know more? Contact James Riley via Email.