State Government websites have been targeted by hijackers, exposing sensitive information and user accounts, a report reveals.
The cyber-attacks are the subject of a special investigation by an external contractor hired by the Office of the Chief Information Officer.
The cyber security taskforce’s report is expected to be soon presented to Cabinet.
At the same time, the Auditor-General – who first raised concerns about the cyber attacks last year – has continued to check security controls on the websites.
“Vulnerabilities had been highlighted by some internal automated scans,” Auditor-General Simon O’Neill said in his 2014 annual report, released yesterday.
“These vulnerabilities ranged from high risk to informational only.
“These could result in the potential exposure of sensitive information, hijacking of user accounts, the integrity of the databases being compromised and the modification of website content being presented to the users.”
O’Neill’s report lists 11 specific website security concerns ranging from password control weaknesses to a case where a lack of controls allowed some users to extract personal information for all users in the database without being detected.
“Concerns identified from website testing were forwarded to the selected agencies for remediation attention,” O’Neill said.
The report also identified State Government agency concerns about cloud computing, where resources and data are held offsite in large centralised databases, referred to as ‘clouds’.
Government agencies have been uncertain about the concept and have asked the Office of the Chief Information Officer (OCIO) for “greater leadership and direction”, the report says.
Stay informed, daily
“In an effort to address this situation, the OCIO has engaged an external contractor to assist in developing a draft cloud position for consultation.
“This will form the basis of a new across-government cloud policy framework.”
Cloud computing first emerged as a commercial and administrative tool in 2009.
Want to see more stories from InDaily SA in your Google search results?
- Click here to set InDaily SA as a preferred source.
- Tick the box next to "InDaily SA". That's it.
