A delegate at the FireEye Cyber Security Summit uses his laptop during a break in sessions at a venue in Sydney, Australia
A delegate at the FireEye Cyber Security Summit uses his laptop during a break in sessions at a venue in Sydney, Australia. Reuters

Home Affairs Secretary Stephanie Foster has ordered an audit of software and hardware used by Commonwealth agencies to identify and manage potential risks to combat rising threats from foreign interference.

The Protective Service Policy Framework (PSPF) directive issued by Foster underscores the need to identify and mitigate the risks associated with technologies, including on outsourced entities. The stocktaking has to be completed and reported to Home Affairs by June 2025, Government News reported.

The second directive demands agencies to set up processes that will identify Foreign Ownership, Control or Influence (FOCI) procurement risks. And a third one asks government entities handling intelligence-sharing platforms to share cyber information with the cyber intelligence agency, Australian Signals Directorate (ASD).

Communications Minister Michelle Rowland stated that stocktaking could be an ongoing process.

"This I actually think going forward, given the threat level, given the amount of concern over foreign interference, this is may well be something that continues into the future, and rightly so," Rowland said.

According to ABC report, it is the second time that PSPF has used its binding power. In 2023, the federal government banned Chinese app TikTok on government devices as it was believed that the app's security was compromised and fearing interference from China.

Meanwhile, the ASD issued an advisory detailing the security threats faced by Australian networks from APT40 (Advanced Persistent Threat), which was linked to China's Ministry of State Security.

"APT40 has repeatedly targeted Australian networks as well as government and private sector networks in the region, and the threat they pose to our networks is ongoing," the advisory published on Tuesday morning said.

Five Eyes intelligence partners, including the U.S. and the UK, in addition to Germany, South Korea and Japan joined Australia in attributing the involvement of APT40.

Australia has repeatedly named APT40 as targeting vulnerable networks in the country to gain access to sensitive information.

For the first time, Australia has directly attributed involvement by a Chinese actor in sponsoring a cyberattack.

A Chinese spokesperson denied the "groundless smears and accusations against China."