Strengthening Authentication Security in Government

Client:
MidCoast Council

Industry:
Government & Critical Infrastructure

Services Rendered:
Design & Implementation (Enterprise PKI Architecture, 802.1X, RADIUS)

About MidCoast Council

MidCoast Council operates a large and complex digital environment supporting thousands of staff devices, internal applications, and authenticated services across the organisation.

Established in 2016 through the merger of Gloucester Shire, Great Lakes, and Greater Taree councils, administers over 10,000 km² in New South Wales’ Mid North Coast, serving approximately 96,579 residents.

The region encompasses coastal towns like Forster and Taree, extending inland to Barrington Tops National Park. The council focuses on delivering essential services, infrastructure development, and community engagement to enhance the area’s liveability and sustainability.

Browse our services

The Challenge

The existing authentication infrastructure presented several risks that required attention:

The system responsible for issuing trust credentials was permanently connected to the network, creating a single point of compromise that could have allowed an attacker to undermine the security of the entire organisation from a single breach.
The underlying security standards in use had been deprecated by the industry and no longer met internal compliance requirements, leaving the council exposed to known attack techniques.
The process for revoking access when a device or user was compromised was slow.
The council needed a platform that could grow with them, supporting future cloud adoption, third-party integrations, and emerging security standards without requiring another full redesign.

The Solution

S5 designed and delivered a hardened, industry-standard two-tier trust architecture using Microsoft's enterprise certificate platform. The design separates the most sensitive components of the system from the day-to-day certificate issuance infrastructure. Day-to-day certificate issuance is handled by a separate, hardened online system with strict controls over what can be issued, to whom, and under what conditions. The solution also introduced real-time access revocation, ensuring that a compromised device or user account can be locked out of all authenticated services within seconds rather than hours.

Our Approach

S5 approached this engagement with operational continuity as a non-negotiable requirement. Before any changes were made, the team completed a thorough mapping of every service, application, and device dependent on the existing infrastructure to ensure nothing was missed and no service would be unexpectedly disrupted.

The new environment was built and validated in parallel with the existing system, allowing both to operate simultaneously during the transition. Services were migrated gradually and methodically, with new trust credentials issued ahead of time so that each service could be seamlessly cut over without any gap in operation. Security hardening was applied at every stage by removing insecure configurations, closing known vulnerability paths, and eliminating direct exposure of the most sensitive system components.

The result is a significantly more secure, resilient, and future-proof authentication foundation that the council can rely on as their digital environment continues to grow.