Cybersecurity worries on government sites

Andrew Drummond
·1-min read

A large number of websites managed by state and federal government departments remain vulnerable to cyber attack, recent analysis shows.

An assessment by Macquarie University experts stretched from 2018 to 2020 and looked at more than 1800 federal, state and territory government websites ending in .gov.au

They found more than half are vulnerable to attack and 16 per cent do not have the most basic of security measures.

"People put their trust in government websites, they expect links to be safe and information to be well protected," Macquarie Professor Dali Kaafar said.

Almost 50 per cent of sites managed by the federal environment department and 35 per cent of those operated by the federal health department, continue to use non-encrypted data for transmitting information.

At the heart of the issue is HTTP or hypertext transfer protocol which is used for the transfer of files.

The environment department said many of their websites host only public information.

"Any sensitive information processed by the department's websites is secured using HTTPS," a spokesperson told AAP.

"The department is progressively migrating its services over to HTTPS as part of a broader uplift program."

A Health Department spokesperson said systems and data security is taken seriously and processes are in line with government policy.

"Health will continue to look for ways to secure systems and align to cyber security best practice methods.

" The department prioritises systems and websites that process or collect information, static or informational sites are also being addressed in this body of work."

Macquarie researchers acknowledged there have been significant improvements in government website security over the past two years.