Tuesday, 12 February 2019
Statement by the Speaker
Parliamentary Computing Network
For the information of honourable members—I would ordinarily have done this at the start of question time today, but given it was busy I thought I'd wait until a convenient time, which I think is now—I will simply update members of the House on the Australian parliamentary computing network. As members would, of course, be aware, the Australian parliamentary computing network has recently been the subject of a security incident. As soon as the incident was identified, the Department of Parliamentary Services worked with the Australian Signals Directorate and its Cyber Security Centre to investigate and remediate the situation. As a consequence of this, the decision was taken late last week to implement a number of measures to protect both the network and its users.
One specific measure was to reset all network user, administrator and system-level passwords. The reset occurred between the hours of 3 am and 6.30 am last Friday, 8 February. During this time, a range of other measures were also undertaken. I can assure the House this action was carried out as a standard security incident response procedure and a precautionary measure to protect user access and information. A conscious decision was made not to advise users in advance, as any communication may have flagged remediation activities to the offender and limited remediation effectiveness. The majority of APH users who attended work on the morning of last Friday, after logging on, were prompted to change their password. This then enabled users to resume normal work. The Department of Parliamentary Services ensured that additional resources were made available on the 2020 service desk during Friday, the weekend and leading up to this sitting period to manage the high volume of calls generated by the password reset. An email was sent to all network users at approximately 9.30 am on Friday advising of the password reset and why this was necessary to occur, understanding that users who had not performed a password reset would not receive this communication.
For several years, the Australian Signals Directorate and its Cyber Security Centre have been working with DPS to improve security of the network. DPS has made substantial strides in strengthening cyberdefences, which have been effective in limiting the impact of this incident. While any intrusion to the network is extremely unfortunate, it's important to understand that methods used by malicious actors are constantly evolving and no network, including the parliamentary computing network, is ever considered 100 per cent secure. If there is an incident, best practice is possessing the capability to detect it and then remediate it quickly. The relevant agencies have assured the President of the Senate and me that DPS acted decisively and fully cooperated with their advice and that the handling of this incident represented best practice. That cooperation continues as DPS works with the experts of the Australian Signals Directorate to secure the system and its protected users. Importantly, I'd also like to specifically acknowledge the assistance and expertise of staff from the ASD's Cyber Security Centre, who have worked tirelessly alongside DPS to address and mitigate the impact of this incident. Members, I hope, will understand I'm not in a position to provide any further information regarding attribution of responsibility for this intrusion. It's also likely to be some time before the investigation into this incident is concluded. I will provide further relevant updates to members when appropriate.