Australian government computing network reset following security ‘incident’
The federal government has confirmed it experienced a security incident across its computer network — affecting everyone with an Australian Parliament House email address, including politicians and all of their staff.
A statement from the Department of Parliamentary Services (DPS) said all user passwords that have network access were reset throughout Thursday evening and Friday morning as a result of the incident.
“The Department of Parliamentary Services and relevant agencies are working jointly to take the necessary steps to investigate the incident, while our immediate focus has been on securing the network and protecting data and users,” the statement read.
DPS said there is no evidence to suggest data has been taken or accessed, but it will be continuing investigations into the incident.
Additionally, the department said it has no evidence that the security incident is an attempt to influence the outcome of parliamentary processes or to disrupt or influence electoral or political processes.
Over the course of the last three financial years, the federal government’s networks have been the subject of cyber incidents 1,097 times.
The information was reported in response to Questions on Notice from Senate Estimates last year, with the Australian Signals Directorate (ASD) — now under the Australian Cyber Security Centre (ACSC) — confirming that during FY15-16, FY16-17, and FY17-18, these cyber incidents that affected unclassified and classified government networks were considered serious enough to warrant an operational response.
“ASD response is required when an incident achieves any degree of success, which can have varying impacts from significant data exfiltration and degradation of the network through to no harm being realised,” it wrote.
“The nature of the response varied depending on the incident, and ranged from telephone conversations through to deployment of staff resources and tools to assist in mitigating the incident.”
HPE and IBM are reportedly among the managed service providers targeted by China’s APT10 group. Meanwhile, the Australian Cyber Security Centre hasn’t ruled out government agencies being among the end targets.
Straight-faced, a Department of Human Services representative told a Senate committee its data-matching ‘robodebt’ project went well, because it produced savings.
The 50-page document highlights what outcomes could be achieved, but misses the mark on how exactly it’s going to make them happen.
While heat over My Health Record continues, the Coalition is promoting a report from the UN that gave it second spot in a report on digital government.
Human rights advocates have called on the Australian government to protect the rights of all in an era of change, saying tech should serve humanity, not exclude the most vulnerable members of society.