Parliamentary Services pulled MDM system offline causing March APH outage
The Australian Department of Parliamentary Services has said its March outage was a result of a “deliberate choice” to shut down its mobile device management (MDM) system after it saw an attempted intrusion on the parliamentary network.
“The attack did not cause an outage of the DPS systems. DPS shut down the MDM system. This action was taken to protect system security while investigation and remediation were undertaken,” DPS said in response to Senate Estimates Questions on Notice.
“To restore services, DPS brought forward the rollout of an advanced mobile services solution that replaced the legacy MDM. The new solution provides greater security and functionality for mobile devices. This rollout was a complex activity and extended the outage experienced by users.”
Nevertheless, DPS also said the legacy MDM system was still being used in a limited capacity.
“DPS took two paths to restore services to PCN mobile devices. For some users it was possible to restore services using the legacy MDM in a limited capacity,” it said. “These users were utilising a component of the legacy MDM that did not contain vulnerabilities.”
It added the MDM replacement had been piloted for three months leading up to the incident, and hence why the introduction of the planned replacement was able to be brought forward.
The department added it had seen no evidence of any email accounts being compromised due to the attack, and the attack had nothing to do with recent Exchange vulnerabilities.
DPS said the Senate President would provide further information and “material not appropriately disclosed in the public domain” to the Senate Appropriations, Staffing and Security Committee.
In response to another question asking DPS to list all outages impacting connectivity and email from the 2019-20 fiscal year to the present, the department said answering was not appropriate.
Last month, ASIO Director-General Mike Burgess said he was not concerned by the outage.
“As the director of security, I’m not concerned, by what I’ve seen,” he said.
“From my point of view of, ‘Is espionage or cyber espionage being occurred?’ I’m not concerned by that incident.
“Of course, in the broad, any network connected to the internet is subject to that frequently and the levels of cyber espionage attempts in this country are pretty high, so I remain concerned about that and through the actions of others, the [Australian Cyber Security Centre] that is dealing with the terms of that outage, I am not concerned.