Author: Matthew Miller

Quick Read

• Melbourne Airport is bolstering its cyber visibility to protect 30 million passenger trips each year.
• Cheuk Wong, the cyber security chief, prioritizes comprehensive ecosystem visibility, spanning IT, baggage handling, and Wi-Fi.
• Artificial intelligence is employed to identify phishing attempts and analyze extensive data sets.
• Automated deletion of accounts is playing a role in minimizing internal risks.
• Centralized access management guarantees security in all four airport terminals.
• Ongoing security assessments are a fundamental part of Melbourne Airport’s cyber strategy.

Melbourne Airport Enhances Cybersecurity to ‘Anticipate the Future’

Enhancing Visibility across the Technological Framework

Melbourne Airport is making significant investments in cyber detection and response systems to protect 30 million passenger journeys annually. Cheuk Wong, the Head of Cyber Security, highlighted the necessity of transparency across the entire tech ecosystem, which includes internal IT infrastructures, baggage handling processes, and public Wi-Fi scenarios.

Wong noted that visibility is critical; without it, protective strategies are nearly impossible to enforce. The data collected is routed to a third-party Security Operations Centre (SOC) that watches for potential threats and aids in incident management. This method has proven essential as cyber threats are on the rise and airports are increasingly seen as prime targets.

Creating a Forward-Thinking Cyber Security Plan

Since Wong joined Melbourne Airport in 2018, he has directed a compact yet proficient cyber security group integrated into the broader technology department. Over the past six years, he has been instrumental in developing a nimble cyber security strategy that adjusts to emerging threats. Wong reiterates that grasping the evolving risk landscape is vital for both responsive and anticipatory security strategies.

Continuous evaluation and flexibility ensure that Melbourne Airport’s cyber policy is perpetually evolving. As Wong states, “Without understanding the prevailing environment, how can effective protection be achieved?” Visibility enables the team to not only react to incidents but also forecast potential future challenges.

Leveraging Artificial Intelligence to Manage Extensive Data sets

Realising the constraints of traditional data analysis, Melbourne Airport has implemented artificial intelligence (AI) to enhance its detection capabilities. Initially focusing on email security, AI resources now survey the larger email environment, scrutinizing conversation trends and sender activities to pinpoint threats such as phishing.

Wong compares the task to “searching for a needle in a haystack,” especially as data volumes surge with ongoing digital innovations. AI aids in filtering through this data, allowing for quicker threat identification and responses while alleviating the workload on human analysts.

Streamlining Risk Management via Account Deletion Automation

Internal threats pose notable challenges for organizations worldwide. To address this, Melbourne Airport’s HR division has rolled out automated account deletions for employees leaving the company. This measure ensures that ex-staff do not maintain access to sensitive systems, thereby curtailing insider threats. Plans are in place to broaden the scope of such automation within the organization.

Centralized Access Management for Operational Security

With over 100,000 passengers on a daily basis—akin to filling the Melbourne Cricket Ground—seamless coordination between various systems, including those run by the Australian Border Force and Airservices Australia, is crucial. Melbourne Airport has adopted a centralized access control framework that regulates physical access to sensitive areas throughout all four terminals.

Wong’s responsibilities include synchronizing business requirements with security measures to uphold system integrity and availability. Any breach could lead to unauthorized access to critical assets, highlighting the need for effective access management systems.

Ongoing Security Testing is Vital

Even the most sophisticated security systems are only valuable if they function correctly in times of need. Hence, ongoing security testing is integral to Melbourne Airport’s cyber security framework. Wong advocates for routine evaluations to confirm that systems are robust against evolving risks, ensuring a sufficient level of protection for the airport’s extensive digital and physical environments.

Conclusion

The efforts of Melbourne Airport to improve cyber visibility reflect a proactive and adaptive approach to safeguarding one of Australia’s busiest transit locations. By harnessing AI capabilities, automating internal procedures, centralizing access management, and insisting on continuous security assessments, the airport seeks not just to address cyber threats, but also to foresee and prevent them. Given the rising cyber risks alongside digital intricacies, Melbourne Airport’s strategy could serve as an exemplary model for critical infrastructure operators nationwide.

Q&A

Q: Why is cyber visibility crucial for Melbourne Airport?

A:

Cyber visibility enables Melbourne Airport to identify suspicious behaviour quickly, respond to incidents effectively, and anticipate potential threats. Without comprehensive ecosystem transparency, protective strategies would remain reactive rather than proactive.

Q: In what ways does Melbourne Airport leverage artificial intelligence for cyber security?

A:

AI is chiefly employed for recognizing phishing attempts within the airport’s email frameworks. It evaluates conversational trends and wider email practices to pinpoint threats more effectively than manual processes could achieve.

Q: What strategies are employed to manage insider threats at Melbourne Airport?

A:

The human resources department at Melbourne Airport employs an automated account deletion system for departing employees. This minimizes the possibility of former personnel having ongoing access to sensitive data and systems.

Q: What function does centralized access control serve at Melbourne Airport?

A:

Centralized access control oversees physical entry across all terminals and sensitive locations, ensuring that only authorized individuals can access restricted areas. It is essential for maintaining both operational integrity and passenger security.

Q: How frequently does Melbourne Airport conduct security assessments?

A:

Security assessments at Melbourne Airport are an ongoing initiative, designed to ensure that security protocols are effective and that vulnerabilities are identified and mitigated timely, maintaining robust cyber defenses.

Q: How does Melbourne Airport manage the escalating volume of generated data?

A:

By utilizing AI-driven solutions, Melbourne Airport can efficiently process and analyze vast quantities of data generated every day. This enables quicker identification of threats and fortifies proactive cyber security initiatives.

Q: Which agencies collaborate with the technology systems at Melbourne Airport?

A:

The systems at Melbourne Airport coordinate with those maintained by the Australian Border Force and Airservices Australia, necessitating strong collaboration and security oversight to ensure smooth operations and a positive passenger experience.

Q: What future initiatives does Melbourne Airport plan for its cyber security strategy?

A:

Melbourne Airport plans to enhance automation in risk management, improve AI capabilities, and continually refine its cyber security roadmap to effectively address new threats and adapt to evolving technologies.

Brief Overview

• The Licence NSW initiative is encountering increasing delays and expenses, even with substantial funding backing.
• A mere fraction of licenses have transitioned from the outdated system to the new platform.
• The project, originally expected to wrap up by 2025, is now anticipated to extend into 2029.
• Total expenses could surpass $500 million, prompting the Department of Customer Service (DCS) to seek further financial support.
• Challenges stem from underappreciating the complexity, unique regulatory demands, and shifts in staffing.
• DCS asserts the program remains within budget and is projected to yield $852 million in benefits by 2030.

The Licence NSW Initiative: A Digital Dream in Distress

The NSW government’s ambitious Licence NSW project — a comprehensive platform aimed at modernising licensing services across 30 agencies — is now facing scrutiny due to escalating costs and prolonged timelines. Despite having secured nearly $240 million in funding thus far, only a small number of licenses have been successfully transferred from legacy systems like the two-decade-old Siebel-based OneGov Government Licensing System (GLS).

Initial Objectives and Scope

One Platform for More than 130 License Types

The Licence NSW system was designed to unify over 130 professional and industry licenses from varied government departments into a single system utilizing Calytera’s Amanda software. The goal was to establish a “single view of the customer” to lessen administrative loads, all while enhancing the citizen experience by digitising application, renewal, and compliance procedures for over 9 million licenses.

Assisted by $166.5 million from the state’s Digital Restart Fund in 2021, the program was aimed to be finalized by the end of 2025. The anticipated economic return was an impressive $850 million in advantages by 2030.

What Went Wrong?

License Migrations Fall Short of Goals

As of early 2024, only a few license schemes — such as asbestos demolition, recreational fishing, and conveyancing — have been successfully transitioned. Conflicting internal reports indicate between 8 and 16 schemes have migrated, while the Department of Customer Service (DCS) has recently clarified that 52 individual license types have either transitioned or been retired from GLS. An additional 78 are still in line for migration, expected to be completed by FY2027.

Bespoke Customisation Challenges

A significant factor contributing to the delay has been the necessity for extensive customisation. The Amanda platform was projected to deliver 64% reusable functionality across licensing schemes with minimal adjustments. Yet, the distinct requirements of regulators have necessitated significant modifications, hindering progress and driving up costs.

Rising Costs and Financial Pressures

The program was initially expected to remain within the $240 million budget, but has already required multiple infusions of cash. In November 2023, DCS received an urgent $10 million to keep operations running. In the June 2024 NSW Budget, an additional $62.5 million was earmarked to facilitate the upcoming phase of migrations.

DCS is now preparing to ask for an extra $133 million in ‘technical adjustment’ funding for FY26–FY29. Additionally, a proposal for $196 million in new policy funding has been made to uphold the operational capabilities of the Government Technology Platforms (GTP) division, which administers the program.

Staffing Changes Increase Uncertainty

In late 2023, a significant restructuring occurred within the GTP division. The Public Service Association (PSA) reported that 112 ongoing staff members were affected by changes to their roles or temporary assignments. This instability has added further complexity to an already burdened delivery model.

Hope Remains Despite Challenges

Notwithstanding the delays and funding hurdles, DCS insists that the Licence NSW program is still adhering to its financial targets. Officials report the platform has already generated $198 million in economic benefits and remains on track to achieve the full projected $852 million by FY2030.

Nonetheless, the validity of these projections is under fire as essential milestones continue to elude completion. With only one migration (recreational fishing) successfully achieved in 2024 thus far, and future timelines marked as “tentative,” industry analysts are expressing doubts.

Conclusion

The Licence NSW initiative aimed to transform licensing processes within the NSW Government. However, as of mid-2024, the project has encountered significant obstacles — from underevaluating complexities and poorly defined business cases to high demands for customisation and staffing disruptions. With projected costs now likely to exceed $500 million and completion pushed to 2029, the program is under intense scrutiny from both government and public sectors.

Q: What does the Licence NSW program involve?

A:

Licence NSW is an initiative aimed at digital transformation by the NSW Government that seeks to consolidate over 130 licensing schemes from 30 agencies into a unified platform using the Amanda software system.

Q: What is causing the delays?

A:

Delays have arisen due to underestimating required complexity, extensive customisation needs, and unique requests from various regulators. Internal restructures and staffing issues have also played a role.

Q: What are the current costs of the program?

A:

Almost $240 million has been spent to date, with an additional $62.5 million designated in the 2024-25 budget. Additional funding requests totaling over $300 million are on the horizon, possibly pushing total expenses beyond $500 million.

Q: How many licenses have successfully migrated?

A:

As of April 2024, 52 individual license types have been either migrated or retired, with 78 more scheduled for migration by FY2027.

Q: What platform is being utilized for the migration?

A:

The Amanda platform developed by Calytera is being implemented. It is a commercially available solution intended for licensing and regulatory workflows, albeit requiring substantial customisation.

Q: What is the revised completion target for the program?

A:

While the original completion date was set for 2025, it has now been postponed to FY2029 due to ongoing delays.

Q: Is the project currently on budget?

A:

According to the Department of Customer Service, yes — the project is still within its approved budgets, but additional funding is being sought to ensure its completion.

Q: What are the anticipated advantages of Licence NSW?

A:

The program is expected to bring about $852 million in economic benefits by FY2030, including enhancements in efficiency, reduced processing times, and improved service delivery for citizens.

Initiating Queensland’s Digital Identity Overhaul

Queensland has formally moved on from its older QGov platform, marking the beginning of a new chapter in secure digital access with the implementation of the Queensland Digital Identity (QDI) system. Overseen by the Department of Transport and Main Roads (TMR), the QDI platform now serves as the main entry point for a variety of Queensland Government digital services.

Reasons Behind the Retirement of QGov

QGov was launched more than ten years ago to facilitate a unified login experience across Queensland Government services. However, as digital security threats evolved and users demanded more seamless access, QGov was considered outdated. TMR announced that the system had reached its “end-of-life” stage, leading to the creation of a more secure, scalable, and contemporary platform.

Features of the QDI Platform

Unified Access Point

QDI now functions as the state’s singular login method, replacing the previously fragmented access across various services. Users can log in once and navigate all services ranging from driver licence renewals to vehicle registrations and health services.

Migration of Accounts and Initial Setup

A significant number of existing QGov accounts have been either transferred to the QDI system or integrated with current digital licence app accounts. New users, or those whose accounts were not automatically moved, must establish a QDI account by verifying their identity through a combination of a driver licence, passport, and birth certificate.

Verification of Identity and Unique Accounts

To bolster security and prevent identity duplication, every QDI account is linked to a distinct email address and identity document combination. Users are restricted from creating more than one account using the same identity details, addressing a critical problem that affected the QGov system.

Security Enhancements and Compliance

Multi-Factor Authentication and Biometric Capabilities

QDI incorporates sophisticated security measures such as multi-factor authentication (MFA) via SMS or authenticator applications. It also utilizes Passkey technology, allowing users to log in using biometric methods like fingerprint or facial recognition on compatible devices, reflecting global advancements in digital security.

Consistency with Federal Standards

TMR has confirmed that QDI has been developed in accordance with the Federal Government’s Digital ID framework, which is receiving additional investment as part of a $288 million initiative to establish a national Digital ID ecosystem. This guarantees that QDI is compatible with federal systems and complies with national security requirements.

Advantages for Queensland Residents

This digital shift offers Queensland residents quicker, safer, and more streamlined interactions with government services. Users can securely manage their digital identities with the assurance that their information is safeguarded through advanced encryption and authentication techniques.

Future Prospects

As the digital identity environment evolves further, Queensland’s adoption of QDI positions the state at the forefront of secure eGovernment solutions. With an emphasis on compatibility with federal systems and possibly other state-level frameworks in the future, QDI establishes a robust foundation for digital citizenship in Australia.

Conclusion

The transition to the Queensland Digital Identity (QDI) system represents a significant advancement in digital government services for Queensland. By replacing the outdated QGov platform, QDI offers a more secure, efficient, and user-friendly experience aligned with national digital identity standards. With features such as biometric login and account uniqueness, QDI is crafted to address the increasing demands for digital security and accessibility in today’s world.

Q: What is the Queensland Digital Identity (QDI)?

A:

QDI is the new secure digital identity platform for Queensland, succeeding the former QGov system. It serves as a single access point for various state government services online.

Q: Why was the QGov system replaced?

A:

QGov had reached the end of its operational life and could no longer fulfill the needs of modern security, scalability, or user experience. QDI provides improved security, interoperability, and a more cohesive user experience.

Q: How do I create or access my QDI account?

A:

Users can set up a QDI account by authenticating their identity using official documents such as a driver licence, passport, or birth certificate. Some accounts were automatically migrated from QGov or conflated with digital licence app accounts.

Q: Can I have multiple QDI accounts?

A:

No. QDI accounts are intended to be one of a kind. Users cannot generate multiple accounts with the identical identity documents to avoid duplication and fraud.

Q: What security features does QDI offer?

A:

QDI includes multi-factor authentication via SMS or authenticator apps, and Passkey support for biometric login, such as fingerprint or facial recognition on smartphones and compatible devices.

Q: Is QDI linked to the federal Digital ID system?

A:

Yes. QDI is structured to conform to the federal government’s Digital ID framework, guaranteeing compatibility and adherence to national digital identity security standards.

Q: What services can I access via QDI?

A:

QDI enables access to a variety of Queensland Government services including transport, licensing, health, education, and more—all within a single secure account.

Q: What should I do if I encounter issues logging into my account?

A:

If you experience difficulties, you should visit the official Queensland Government website or contact QDI support for assistance with account recovery or technical issues.