$32m extension to Tax Office cyber deal

The Tax Office has renewed its main cybersecurity support deal with Macquarie Telecom’s government arm at a cost of $32.7 million, as it battles as many as three million attempted cyber-attacks every month.

The ATO extended the secure internet gateway (SIG) and cybersecurity services contract with Macquarie Government earlier this month, bringing the total cost of engagement to $86.1 million. It will now run until December 2024.

Macquarie Government became the ATO’s SIG provider in 2019, when it began protecting the interactions of some 20,000 ATO staff online, as well as the millions of myGov accounts linked to ATO Online.

Australian Taxation Office

Under the deal, the company provides “full inspection of internet traffic flows, content and images” and triages targeted attacks through its 24×7 Security Operation Centre (SOC).

Sovereign data centre, hyperconverged infrastructure, and cloud services are also provided as part of the deal to “support the secure management of the connection between the ATO’s IT environment and the internet”.

Efforts to hack the ATO’s systems have climbed significantly over the last five years. Second commissioner Jeremy Hirschhorn told a conference in October there are three million hack attempts every month.

“In the time it takes me to make this speech, there will be 4,000 attempted hacks on the ATO’s system. There are three million attempted hacks of the ATO’s system every month,” he said in an address to the Tax Institute.

In 2018, the ATO told a senate inquiry that around 8,000 malicious attempts on its website occurred each week – approximately 416,000 a year.

The rise of attempted and successful hacks on agencies is one of the reasons behind the creation of four cyber hubs across government to consolidate the number of networks, thereby reducing the attack surface.

The ATO is one of the four hubs, alongside Services Australia, the Department of Defence, and the Department of Home Affairs, however InnovationAus.com understands the new contract is unrelated.

Commenting on the announcement, Macquarie Government managing director Aidan Tudehope said the deal would help keep the ATO secure.

“We’re proud to play a key role in keeping one of Australia’s most fundamental government agencies secure, at a time when Australians are looking for greater assurance their critical government data and the institutions that store and protect it are fully secure,” he said.

Approximately 42 per cent of all federal government staff have SIG and other cybersecurity services provided by Macquarie Government.

The new contract comes six weeks after the Macquarie Government became the first company to have both its cloud and data centre services certified to the ‘strategic’ level by the Digital Transformation Agency.

Certified strategic is the highest level of assurance under the government’s data sovereignty scheme known as the Hosting Certification Framework, requiring providers to allow the government to specify ownership and control conditions.

Other certified cloud and data centre providers include AirTrunk, Australian Data Centres, Amazon Web Services, AUCloud, Canberra Data Centres, DCI Data Centres, Equinix, Fujitsu, Google, IBM, NEXTDC, Oracle, Sliced Tech and Vault Cloud.

In October, InnovationAus revealed that assessments of hosting service providers against the framework had been partially outsourced at a time when a certification backlog was continuing to grow.

Do you know more? Contact James Riley via Email.

Leave a Comment

Related stories