Govt not effectively mitigating insider threats
The Australian Government Security Vetting Agency (AGSVA) is not effectively mitigating the government's exposure to insider threats, a new audit has found.
An audit of the personnel security component of the government's Protective Security Policy Framework (PSPF) found that AGSVA has failed to implement the government's policy direction to share information with client entities on identified personnel security risks.
The audit, conducted by the Australian National Audit Office (ANAO), evaluated whether the AGSVA is providing effective security vetting services.
The audit also assessed the Attorney General's Department, the Digital Transformation Agency, ASIC, and the Australian Radiation Protection and Nuclear Safety Authority for compliance with the personnel security requirements of the framework, following 2014 reforms conducted in response to the previous audit.
None of the audited entities — including AGSVA — fully comply with all mandatory PSPF controls, the audit found.
Further, while AFSVA collects and analyses information regarding personnel security threats, it does not communicate this information to entities outside of its parent, the Department of Defence. The agency also does not use clearance maintenance requirements to minimise risks.
Since the prior audit, AGSVA's average timeframe for completing positive vetting clearances has increased significantly.
But the audit found that the agency has plans to implement a number of process improvements by adopting a new ICT system. The new system is expected to be fully operational in 2023.
The other audited entities also demonstrated mixed compliance with the PSPF personnel security requirements.
Some were only partially compliant with the requirement to ensure personnel have appropriate clearances, and none had fully implemented the requirements introduced in 2014 to manage the ongoing suitability of personnel.
Please follow us and share on Twitter and Facebook. You can also subscribe for FREE to our weekly newsletter and quarterly magazine.
Building secure AI: a critical guardrail for Australian policymakers
While AI has the potential to significantly enhance Australia's national security, economic...
Building security-centric AI: why it is key to the government's AI ambitions
As government agencies test the waters of AI, public sector leaders must consider how they can...
State government agencies still struggling with securing user access
Audit reports have shown that Australian government agencies in four states experience challenges...