https://www.crn.com.au/news/dxc-technology-client-geoscience-australia-fails-government-cybersecurity-standards-496020
5 replies (most recent on top)
The word on the street is that nobody wants to sign-up with DXC. Is that a surprise? Just look at all of the unfilled roles that exist in DXC Australia, many of which are security roles that have been vacant for more than 18 months.
Oh that $20M contract is a what CSC is managing for Geoscience Australia. CSC deserves to lose the contract unless a stream of execs come down under to and promise the world to deliver nada as usual. Give me a break or a WFR to get out of this clusterf--k company.
$20M for a 3yr contract ending next yr. I wonder if DXC will get the 1yr extention? They should at least be well known in the Australian IT community now.
On this contract DXC was responsible for ICT security as part of its cloud and agility transformation and the client accountable for its DXC supplier, so they take the hit whomever is to blame.
They failed the top 4 of the essential eight. Sounds like a whole heap of awareness required on both sides if you ask me. I can half understand DXC's mentality of treating security as an upsell rather than inclusive service to all clients, but it's not worth the risk of reputational damage, not for a large corporation who where their digital transformation for an Agency in Australia ends up like this.
I think a whole heap of awareness if required on both sides and maybe this will wake Industry up a bit now that the National Audit office are on the prowl.
It was taking 30 days to patch software, when the directive is 48 hrs. Yup, 90 days is no good anymore DXC :-P Just saying.
To be fair, I suspect either that the client didn't pay for any security services OR that they themselves weren't stipulating the requirements for them to adhere to whatever security standards that were required by the Australian Government...
CSC/DXC weren't going to do anything that wasn't contracted and paid for, yet on the other hand this now is portrayed as a DXC failure....
The directives are the absolute basic steps for any firm, similar to the UK Govt's Cyber Essential 10 steps. If your big, corporate, digital player can't get even the basics right, then what chance does healthcare, defence and nuclear clients have?
Looking at DXC's infographics - designed to frighten clients - it is clear now that the biggest vulnerability is using DXC itself!
Where is the ISMS? Where is the Senior Commitment? Budget? Is there one? Resources? Do they have anyone left in Cyber?
Hello DXC are you even awake in today's digital world? Oh sorry no, you're on a journey aren't you. Make sure you lock the door before you set out.
Shame that the client now has to bring in their own Security consultant to tighten up this mess.
Keep cutting back DXC and keep rewarding top management with bonuses that are inversely proportional to growth and reputational damage.
Good job DXC don't support healthcare, defence and nuclear clients isn't it? Oh wait..!