by Daniel Croft 06 December 2022
Spurred on by the recent Optus and Medibank attacks, the Department of Finance is looking to boost the security of its GovCMS, which covers content and services for agencies such as the ATO.
“The services must protect against a large variety of types of cyber security attacks, including all cyber security attacks which a sophisticated service would be expected to protect against,” states a contract, which is being offered to third-party suppliers.
The document, titled “Request for Proposal for the Provision of Web Application Protection Services (CDN, DDoS, WAF and Bot Management)”, requires that the upgrades and services “are operational and ready to respond automatically to any malicious attack traffic on or before 27 April 2023”.
This deadline is a big ask considering the requirements, which require that protection for 370 individual sites with 120 terabytes of traffic and 1.5 billion hits monthly be protected.