The Digital Transformation Agency has taken the next step towards the centralisation of federal government networks through cyber hubs, calling on local industry to help shape the concept.
The government’s digital adviser approached the market yesterday to investigate whether Australian cyber security firms were capable of supporting the model, which is currently being trialled in three agencies.
The trial, which kicked off in Defence, Home Affairs and Services Australia in July, is informing a future whole-of-government operating model by testing core services over a 12-month period.
The model, formally known as the hardening government IT initiative, was first flagged in the cyber security strategy last year to reduce the number of networks operated and allow for focused investment.
The DTA has tentatively indicated that the model could be expanded from July 2022, with the Australian Signals Directorate no longer certifying secure internet gateway services in preparation.
Existing certified gateway providers – Emantra, Macquarie Telecom, NTT, Optus, Sliced Tech, Telstra and Verizon – will, however, remain certified until July 1, 2022.
With the trial ongoing, the DTA said in a request for information that it “would like to understand how Australian Industry could support the cyber hubs concept”.
“DTA seeks to better understand how the Australian industry can support the cyber hubs concept, particularly industry’s capability and capacity against the core services,” it said.
“This is a unique opportunity for Australian industry to assist DTA to understand and shape cyber hubs concept.”
The DTA said the government had identified “42 core services” during the pilot that will be expected to be delivered through a cyber hub in the future.
Core services include cyber threat intelligence, traffic monitoring and analysis, distribute denial of service (DDoS) protection, domain name system (DNS) filtering, web filtering and content blocking.
Other services include maturity and vulnerability assessments – which could go some way to improving annual protective security policy framework (PSPF) assessments – and cyber awareness training.
The DTA said it is keen to understand market-driven costs, necessary skillsets for the implementation of the model and future orientated practices.
Submissions to the RFI will close on December 10.
