Cyber threat actors regularly target governments in order to access official ICT systems and data holdings.

In addition to cyber-attacks, ICT systems failures can significantly disrupt services heavily dependent on data-related infrastructure and communications such as the emergency services' ability to respond to an emergency.

Examples of significant events include the extreme threat posed by the BlueKeep remote desktop protocol vulnerability to Microsoft systems across government and an attack on ICT systems of hospitals and health services in Gippsland and south-west Victoria, both in 2019.

All links in the table below will open in a new window.
Publish year Assurance activity Summary Organisation
2023 Cybersecurity: Cloud Computing Products (External link) An assessment of a select a range of agencies, including government departments, a local council, a water authority, a health service and other entities approach to cybersecurity, the report makes 7 recommendations to address weaknesses and improve cybersecurity. Victorian Auditor-General's Office
2023 Senate Select Committee on Foreign Interference through Social Media (External link) Foreign interference through social media is a real, pervasive and growing threat and this report makes 17 recommendations aimed to make Australia an even harder target for the sophisticated disinformation campaigns of authoritarian regimes. Parliament of Australia
2023 ASD Cyber Threat Report 2022-2023 (External link) Australian governments, critical infrastructure, businesses and households continue to be the target of malicious cyber actors. This annual report illustrates that both state and non-state actors continue to show the intent and capability to compromise Australia’s networks, and also highlights the added complexity posed by emerging technologies such as artificial intelligence. Australian Government
2022 Administration of Critical Infrastructure Protection Policy (External link) An assurance audit that examines whether the Department of Home Affairs, as policy and regulatory lead, has an effective approach to protecting Australia’s assets of national significance and supports asset owners and operators to improve their resilience to attacks. It makes seven recommendations aimed at: the use of risk management to inform decision-making; establishing an engagement strategy; having appropriate performance measurement; improving the existing framework to manage compliance; and support and review the effective use of all available regulatory tools. Australian National Audit Office
2022 ACSC Annual Cyber Threat Report 2021-22 (External link) A report that provides an overview of key cyber threats impacting Australia, how the ACSC is responding to the threat environment, and crucial advice for Australian individuals and organisations to protect themselves online. It identifies 7 key cyber security trends in the 2021–22 financial year. Australian Cyber Security Centre
2022 The Commonwealth Cyber Security Posture in 2022 (External link) A report on the implementation of cyber security measures across the Commonwealth government for the period January 2021 to June 2022, its findings indicate that the cyber security posture across the Commonwealth is well-established in some areas but requires improvement in others. Australian Government
2021 ACSC Annual Cyber Threat Report (External link) An identification of key cyber threats affecting Australian systems and networks, with strategic assessments, analysis, and case studies to describe malicious cyber activity affecting Australian networks between July 2020 an June 2021. It provides mitigation advice to Australians and organisations can take to protect their networks from cyber threats. Australian Cyber Security Centre
2020 ACSC Annual Cyber Threat Report: July 2019 to June 2020 (External link) An identification of key cyber security threats targeting Australian systems and networks, and case study examples of malicious activity targeting Australian networks, between July 2019 and June 2020. It provides mitigation advice that all Australians and organisations can take to defend against these threats. Australian Cyber Security Centre
2019 Security of Water Infrastructure Control Systems (External link) An audit examining whether control systems in the water sector are secure, it reviewed governance arrangements over these control systems for four water providers: Barwon Water (BW), Melbourne Water (MW), VDP and Yarra Valley Water (YVW). Victorian Auditor-General's Office
2018 Department of Premier and Cabinet Annual Report 2017–18 (External link) A progress report on the actions set out in the Victorian Government’s Cyber Security Strategy 2016–2020. This strategy aimed to improve the cyber resilience and governance in government and major infrastructure and service providers, and included a whole of government Cyber Incident Response Service. Department of Premier and Cabinet