❓ A WA parliamentary question reveals varying cybersecurity practices across agencies within the Deputy Premier's portfolio. WA Health conducts regular penetration testing, while other agencies like the Mental Health Commission and Healthway do not, citing risk profiles or lack of necessity.
AnsweredQoN 3790Legislative Assembly
Asked
14 August 2018
Member
Portfolio
Deputy Premier; Minister for Health; Mental Health
QuestionView source ↗
For all departments, agencies, government trading enterprises or boards within the Minister’s portfolio responsibilities, I ask since 11 March 2017: (a) Have any independent consultants or companies been engaged to run penetration or 'White Hat' tests on any internal or external network systems: (i) If so, what consultant or company was engaged and on what date; (ii) If so, did it include any social engineering or phishing tests; and (iii) If not, why not; and (b) Have any independent consultants or companies been engaged to run penetration or 'White Hat' tests on any websites: (i) If so, what consultant or company was engaged and on what date; and (ii) If so, what website (domain only) was tested?
AnswerView source ↗
Answered
20 September 2018
Response time
11 days
WA Health and health service providers advise:
(a) Health Support Services on behalf of WA Health conduct regular network security penetration testing on both a scheduled and unscheduled basis. As this testing is highly confidential and is itself a potential network vulnerability the schedule of this testing is not disclosed.
(i) The companies who perform the penetration testing are appointed on advice of the Office of Digital Government. This appointment is subject to Non-Disclosure agreement and is not disclosed. Disclosing the names of these companies would potentially compromise the security of WA Health ICT Network.
(ii) The extent of each test is reviewed on the basis of previous test results and current cyber security threat intelligence. The extent of this testing is not disclosed as it would potentially be of assistance to cyber-criminals or compromise the integrity of the testing process.
(iii) Not applicable.
(b) Testing of WA Health websites is part of the network security penetration testing plan.
(i) The companies who perform the penetration testing are appointed on advice of the Office of Digital Government. This appointment is subject to Non-Disclosure agreement and is not disclosed. Disclosing the names of these companies would potentially compromise the security of WA Health ICT Network.
(ii) A risk assessment is conducted for WA Health websites and incorporated into the network security penetration testing plan. The disclosure of which websites are tested within a given time period would potentially compromise the security of WA Health ICT Network.
(iii) Not applicable.
Mental Health Commission advises:
(a) No. (i)-(iii) Not Applicable.
(b) No. (i)-(ii) Not Applicable.
Healthway advises:
(a) No.
(i)-(ii) Not applicable.
(iii) – Due to the risk profile of the data held Healthway has not engaged independent consultants to conduct penetration testing.
(b) No.
(i)-(ii) Not applicable.
Health & Disability Services Complaints Office (HaDSCO) advises:
(a) No.
(i)-(ii) Not applicable.
(iii) HaDSCO has not been due to engage another external party to conduct a penetration test during this time period.
(b) No.
(i)-(ii) Not applicable.
Animal Resources Authority advises:
(a) No. (i)-(iii) Not Applicable.
(b) No. (i)-(ii) Not Applicable.
(a) Health Support Services on behalf of WA Health conduct regular network security penetration testing on both a scheduled and unscheduled basis. As this testing is highly confidential and is itself a potential network vulnerability the schedule of this testing is not disclosed.
(i) The companies who perform the penetration testing are appointed on advice of the Office of Digital Government. This appointment is subject to Non-Disclosure agreement and is not disclosed. Disclosing the names of these companies would potentially compromise the security of WA Health ICT Network.
(ii) The extent of each test is reviewed on the basis of previous test results and current cyber security threat intelligence. The extent of this testing is not disclosed as it would potentially be of assistance to cyber-criminals or compromise the integrity of the testing process.
(iii) Not applicable.
(b) Testing of WA Health websites is part of the network security penetration testing plan.
(i) The companies who perform the penetration testing are appointed on advice of the Office of Digital Government. This appointment is subject to Non-Disclosure agreement and is not disclosed. Disclosing the names of these companies would potentially compromise the security of WA Health ICT Network.
(ii) A risk assessment is conducted for WA Health websites and incorporated into the network security penetration testing plan. The disclosure of which websites are tested within a given time period would potentially compromise the security of WA Health ICT Network.
(iii) Not applicable.
Mental Health Commission advises:
(a) No. (i)-(iii) Not Applicable.
(b) No. (i)-(ii) Not Applicable.
Healthway advises:
(a) No.
(i)-(ii) Not applicable.
(iii) – Due to the risk profile of the data held Healthway has not engaged independent consultants to conduct penetration testing.
(b) No.
(i)-(ii) Not applicable.
Health & Disability Services Complaints Office (HaDSCO) advises:
(a) No.
(i)-(ii) Not applicable.
(iii) HaDSCO has not been due to engage another external party to conduct a penetration test during this time period.
(b) No.
(i)-(ii) Not applicable.
Animal Resources Authority advises:
(a) No. (i)-(iii) Not Applicable.
(b) No. (i)-(ii) Not Applicable.
Explore WA Government Data
Search the full archive in the free dashboard, or query programmatically via API.
Explore more
Government Gazette
Appointments, regulatory notices, planning changes.
Hansard
Debates, questions, speeches and sentiment.
Tabled Papers
Reports and documents tabled in Parliament.
Committees
Committee profiles and recent reports.
Regulations
Subsidiary legislation with filters and summaries.
Bills
Proposed laws and parliamentary progress.
Acts
Current WA legislation and summaries.
Explanatory Memoranda
Bills with EMs (text/PDF) available.
Members
MP profiles, party breakdown and rankings.
Pollie Rankings
Data-driven rankings across 19 categories.
Amendment Chains
Track how schemes and regulations evolve over time.