The Department of Defence will pay consultants more than $20,000 every day for the next 18 months to test the Navy’s cyber hygiene after years of government uplift programs.
Global giant Deloitte last month landed a $11 million contract to supply specialists for the work until June next year, in a continuation of the Cyber Hygiene Programme being run at the Royal Australian Navy.
Similar programs are in place at the Air Force and Army, with the latter partnering with Cisco.
But few details are available about the cyber hygiene programs or the latest $11 million contract for Deloitte, which will run until June next year.
A Department of Defence spokesperson told InnvoationAus that the Cyber Hygiene Programme program “seeks to enhance the Navy’s ability to protect its systems against cyber threats” and will build on the Navy’s previous “Cyber worthiness initiatives”.
“Deloitte has been engaged to partner with Navy to provide specialist cyber expertise to assure Navy’s platforms and systems are fit for purpose against cyber threats, including enhancements to Navy’s cyber awareness and hygiene training outcomes,” the spokesperson told InnovationAus.com.
The department spokesperson said specific details of the contract “are commercial in confidence”.
The Royal Australian Navy has worked to improve the cyber worthiness of its systems for years, with then-Chief of Navy Vice Admiral Mike Noonan using the phrase in 2019. At the time he said he was applying the term to ensure “our systems can operate in a sustained manner in a cyber environment”.
A government overarching Cyber Hygiene Improvement Program is run by the Defence portfolio’s Australian Cyber Security Centre (ACSC), although this is not related to the Navy project.
The ACSC program scans tens of thousands of externally-facing internet connections of Commonwealth and state and territory government agencies to find potential vulnerabilities. It also discloses identified vulnerabilities widely and conducts responses when threats emerge.
“In 2021–22, 49 high priority operational tasks were undertaken to protect Australian networks, including scans of government entities and Australian-attributed Internet Protocol addresses for potential compromise by critical vulnerabilities,” the ACSC said in its latest Threat Report.
The ACSC credits the program with an improving uptake of security protocols across government, but has conceded the overall level is still too low.
Asked about similar hygiene programs at the Army and Air Force, the Defence spokesperson said the Army had engaged Cisco under a strategic partnership rather than an individual contract, while the Air Force used a range of industry expertise.
“The Army–Cisco Strategic Partnership (A-CSP) is an ongoing program which supports Army’s cyber security capability, through the delivery of specialist cyber security services to address high priority treatment activities,” the spokesperson said.
“Air Force uses industry expertise for a range of activities, to compliment Air Force cyber initiatives as part of normal business practices.”
Do you know more? Contact James Riley via Email.