Parliament security questioned
A leaked report describes Federal Parliament’s cyber security as being of a “low level of maturity”.
The Parliament has failed to develop effective methods for preventing cyber intrusions and did not regularly update some sensitive information systems, according to the draft internal audit.
The report is from three months before a major cyber-attack in February 2019 that breached Australia's parliamentary network and targeted the major political parties.
The draft review found; “Essential Eight strategies and other methods to prevent cyber intrusions are at a low level of maturity”.
The “Essential Eight strategies” are the key facets of cyber security management established by the Australian Signals Directorate, which government agencies are all expected to comply with.
The Department of Parliamentary Services has told reporters that: “The confidential working draft KPMG PSPF Alignment Review to which you refer does not reflect the true state of the department's PSPF maturity”.
“A large contributing factor to the low maturity for the department is the lack of an overarching approach defined for protective security management and security risk management processes,” the report says.
“Up until now, the Department has had a responsive approach to protective security management, rather than based on formal, documented, and integrated risk-based approach.”
The Department of Parliamentary Services says the final version of the report did not make adverse findings about the department achieving an acceptable cyber-security maturity rating.