Sunday, February 10, 2019

There Are Some Real Implications Of The Breach Of The Australian Parliamentary Network A Day Or So Ago.

Here are the facts as disclosed by the Parliamentary Presiding Officers:
THE HON TONY SMITH MP SENATOR THE HON SCOTT RYAN
SPEAKER OF THE PRESIDENT OF THE SENATE
HOUSE OF REPRESENTATIVES
J O I N T M E D I A R E L E A S E
0 8 F E B R U A R Y 2 0 1 9

STATEMENT BY THE PRESIDING OFFICERS - PARLIAMENTARY COMPUTING NETWORK

Following a security incident on the parliamentary computing network, a number of measures have been implemented to protect the network and its users.
One specific measure, undertaken for abundance of caution, has been to reset all user passwords that have network access. All users have been required to change their passwords. This has occurred overnight and this morning.
The Department of Parliamentary Services and relevant agencies are working jointly to take the necessary steps to investigate the incident, while our immediate focus has been on securing the network and protecting data and users.
There is no evidence that any data has been accessed or taken at this time, however this will remain subject to ongoing investigation.
Similarly, we have no evidence that this is an attempt to influence the outcome of parliamentary processes or to disrupt or influence electoral or political processes.
The methods used by malicious actors are constantly evolving. Since 2012, DPS has made substantial strides in strengthening cyber defences for the APH IT networks.
While there is no guaranteed approach to cyber security, best practise is the ability to detect and remediate threats quickly. The department has done this working jointly with expert agencies.
Accurate attribution of a cyber incident takes time and investigations are being undertaken in conjunction with the relevant security agencies.
We are not in a position to provide further information publicly at this stage. Updates will be provided to Members and Senators and the media as required.
Contact: communication@aph.gov.au Phone: 02 6277 3591
This has provoked all sorts of speculation – for example:

China link possible in cyber attack on Australian Parliament computer system, ABC understands

By political reporter Stephanie Borys
Updated Fri 8 February, 2018 at 3:06pm
Australia's security agencies are investigating a cyber breach of the Federal Parliament's computer network that the ABC understands is likely the result of a foreign government attack.

Key points:

  • Authorities are yet to uncover any evidence that data was stolen in the breach
  • Computer passwords were reset as a precaution as investigations continue
  • The hackers were caught in the early stages of gaining access to the system, sources say
The agencies are looking into whether China is behind the incident.
In a statement, Federal Parliament's presiding officers said authorities were yet to detect any evidence data had been stolen in the breach.
One source said the response to the attack had been swift but the hackers were "sophisticated this time around".
Computer passwords have been reset as a precaution as the investigations continue.
"We have no evidence that this is an attempt to influence the outcome of parliamentary processes or to disrupt or influence electoral or political processes," the Parliament's presiding officers said in a statement.
"Accurate attribution of a cyber incident takes time and investigations are being undertaken in conjunction with the relevant security agencies."
The Australian Signals Directorate (ASD) is working to secure the network and says action was taken as soon as the breach was detected.
"The necessary steps are being taken to mitigate the compromise and minimise any harm," ASD said in a statement.
A cyber security expert warned about the seriousness of the breach.
"If you look at what goes on in Parliament House, you've got politicians, you've got staffers, you've got government departments that are moving in and out of the organisation and a lot of that is through electronic means," adjunct professor Nigel Phair, from the University of Canberra, said.
"If I was a nation state, or dare I say any hacker looking for state secrets, this is the crown jewels."
Prime Minister Scott Morrison said no Federal Government departments or agencies had been targeted in the attack.
But he refused to offer details on the breaches at Parliament House.
"I don't propose to go into any sort of detailed commentary on the source or nature of this," Mr Morrison said. "Once further information is available then we will be in a position to provide further detail."

Hackers caught in early stages, ABC told

Sources have told the ABC that the hackers were caught in the early stages of gaining access to the computer network.
The incident has been compared to a robber breaking into a house, whereby authorities know the front door has been broken but are yet to find out if anything else has been taken, or if there is another way to break in.
The attack does not affect the computer systems of government ministers and their staff, however it does affect government backbenchers, the Opposition and crossbenchers.
More here:
Reading this I could not help but reflect on the similarities the APH system had with the #myHealthRecord system.
Potentially extremely sensitive and valuable information being held on centralised servers with many users (of varying skill levels) having access both directly and via the internet. Additionally because of the awareness of the risk, pretty thorough defensive security precautions are in place. And yet the breach occurred.
One really need to say no more than to say the ADHA should be much more frank and realistic with the public about the risk of a myHR breach rather than wittering on about ‘military grade security’!
I really is only a matter of time I believe. Time will tell.
David.

5 comments:

  1. So long as it does not happen on the weekend or public holiday and outside normal business hours the ANDA world leading cyber security centre will be active to stamp out any rogue actors.

    ReplyDelete
  2. The ADHA cyber security monitoring would be 24/7/365. ADHA staff would only be a component so there 9-5 habits are on little significance.

    Of more interest is just what this low level probing of the parliament network was design for exactly? Was it simply a routine scouting exercise? A diversion for something that has gone unseen, or is something or something testing policies and procedures?

    ReplyDelete
  3. Suppose someone hacked an endpoint (e.g. a large hospital group such as that run by the South Australia).

    Would the ADHA be able to detect such an intrusion?

    ReplyDelete
  4. There would be no reason for ADHA to detect such an intrusion, unless the malicious actors then started to access the MyHR. If they did, usage patterns would differ - somewhat - from the institutions normal access pattern (depending how hard the access is pushed). The more the difference. the quicker the detection.

    ReplyDelete
  5. "...nless the malicious actors then started to access the MyHR"

    That's what I'm asking about.

    With a large institution, the normal access a) could be significant and b) would vary.

    Detection might not be so easy, certainly not on an occasional basis, or as a steady, low level stream. ADHA would be delighted if there was evidence of increasing usage. How could they tell if it was a malicious actor?

    ReplyDelete