The government appears to be firming up the defences of its major agencies in the wake of recent cyberattacks. 

The Department of Finance has put out a tender for better security after hacks on Optus and Medibank exposed the data of millions.

The department manages GovCMS, which is used for content and services at government agencies including the Australian Taxation Office and the Department of Social Services.

“The services must protect against a large variety of types of cybersecurity attacks, including all cybersecurity attacks which a sophisticated service would be expected to protect against,” the tender documents state. 

The documents are titled “Request for Proposal for the Provision of Web Application Protection Services (CDN, DDoS, WAF and Bot Management)”, and conspicuously lack any details about cost.

The two-year contract has a potential one-year extension period.

It also bans whatever security company secures the contract from engaging in any ‘data mining’ - using the databases to discover new information, such as trends.

Without written approval, the security supplier cannot mine any of the “customer material, user material or information uploaded, accessed or manipulated in the services by the customer”, the documents state. 

The ban also covers data obtained after customers click and accept any terms and conditions page.

“Such terms have no effect whatsoever,” the tender documents emphasise.