The social security agency said the IPS was one of a number of security measures implemented as part of the five-year, AU$312 million IT Refresh program. IT Refresh is designed to support Centrelink's Electronic Service Delivery (ESD) program, whereby offerings such as child care benefit details and monies owed are available online.
In tender documents issued this week, Centrelink said "ESD has resulted in the expanded use of public data networks, such as the Internet, and an increase in network connections between business partners and client organisations".
"As a result there has also been an increase in the risk of compromise to Centrelink's key information assets."
The IPS -- designed to ensure external access to Centrelink is controlled and report on the agency's security status - is part of the Refresh project's audit, logging and monitoring requirements.
The system will be integrated into Centrelink's new Gateway architecture, according to the tender, which incorporates redundant infrastructure across two data centres in Canberra. Each centre hosts a separate Internet and business gateway, part of a distributed network encompassing more than 400 local area networks.
The system would provide "a real-time monitoring capability that is able to detect and respond to events involving intrusion and attack against Centrelink's IT systems," according to the tender.
The tender required high quality detection of potential security threats, including "sophisticated real time analytical techniques to improve anomaly detection".
The IPS must also use multiple detection methodologies at different levels of the Centrelink network to identify more sophisticated attack techniques.
The IPS design should include system hardening, self defending capability and data protection.
The IPS will accompany Centrelink's two main security tools, Security Access Management System (SAMS) and Access Control Facility (ACF). SAMS works by 'instructing' the security system of each platform in Centrelink on the appropriate level for each user or application. The ACF provides security services such as registration and authentication for the delivery of ESD applications to Centrelink customers and corporate users.
