Background

The Department of Industry, Science and Resources (DISR, department, the buyer) and our broader portfolio are integral to the Australian Government’s economic agenda. Our purpose is to help the government build a better future for all Australians through a productive, resilient and sustainable economy enriched by science and technology.

We do this by:

• growing innovative and competitive businesses, industries and regions
• investing in science and technology
• strengthening the resources sector.

Our departmental organisation chart is available here, and our Corporate Plan provides some additional background to our priorities and objectives.

The National Measurement Institute (NMI) is delivering an ICT change program to modernise and transform its Information Technology (IT). The following projects currently require security assessments:

• ScienceLAN Uplift
• Laboratory Information Management System (LIMS) Simplification

Scope

The scope for the two (2) individual security assessments are as follows:

Development of Statement of Applicability (SoA), based on the Information Security Manual (ISM).

• Assessment of environment / systems (as applicable) compliance against SoA
• Creation of Security Risk Management Plan (SRMP) and System Security Plan (SSP), based on the outcome of environment \ system assessment.
• Creation of Risk Treatment plan, against SRMP, highlighting priority activity.

Constraints

All activity must be completed by 30 Jun 2025. All staff will require a Baseline security clearance and be onboarded to Department of Industry, Science and Resources (DISR) network to support easy access required to documentation.

Assumptions

The LIMS system exists within the ScienceLAN. As such, the LIMS Simplification security assessment is expected to leverage significant aspects of the ScienceLAN security assessment. DISR Project and IT Operations teams will be available to provide access to documentation on ScienceLAN and LIMS, and brief the security assessment team where reasonable notice is provided.

System Overviews

ScienceLAN Uplift

The ScienceLAN Uplift project was established to progress physical segregation of ScienceLAN from other DISR networks. The project is an early response to The Architecture Practice (TAP) report findings, which highlighted significant cyber security threats within ScienceLAN. These threats pose risks to the confidentiality, integrity and/or availability of DISR networks. The project provides a platform for future initiatives outlined in the Detailed Business Case (DBC) aimed at progressing long-term ICT modernisation or transformation.

The projects’ primary objective is to decrease the likelihood of cyber security incidents within ScienceLAN impacting other DISR networks (and vice versa) by implementing physical segregation. To achieve this objective, the project has implemented a large amount of new capability to replace previously shared systems, such as:

• Secure Internet Gateway
• Software Defined Wide Area Network (SDWAN) between ScienceLAN sites and Azure.
• Dedicated Compute, Storage and Local Area Network equipment.
• Azure tenant, to support controlled transfer of data between ScienceLAN and other networks.
• Dedicated remote access solution.
• Management and monitoring systems (supporting IT operations).

While new capability implementation has considered security requirements, the project has not assessed or addressed existing security threats within ScienceLAN. An intent of the security assessment is to document the current security posture of the ScienceLAN, informing the Program Management Office (PMO) as they define future project stages and remediation activities.

LIMS Simplification

The LIMS Simplification project is providing a modern LIMS solution to be utilized as the foundation for NMI’s chemical and biological laboratories. The initial production release, supporting one lab, is now live within ScienceLAN.

The solution is a Commercial Off the Shelf (COTS) product supplied by LabWare that has been extensively configured to deliver the necessary functionality for NMI to provide its services to its clients. The LIMS is a client server application that uses Microsoft SQL server as the database backend.  In addition, specific modules have been implemented to support passing information to and from scientific instruments within ScienceLAN, as well as store and interpret information generated by these instruments.

Connectivity to other systems is limited (One system external to ScienceLAN). User access is via Citrix.