❓ WA Parliamentary Question on Notice regarding ICT compatibility and security risks associated with outdated Microsoft software across various departments. The responses reveal varying levels of compliance and awareness of potential vulnerabilities.
AnsweredQoN 5968Legislative Assembly
Asked
18 October 2016
Member
Portfolio
Emergency Services; Fisheries; Corrective Services; Veterans
QuestionView source ↗
I refer to ICT
compatibility in relation to the Digital WA strategy, and ask for each
department and agency under your control: (a) are all computers currently utilising Microsoft
software that is supported by Microsoft (only versions since 2014); (b) how many computers are currently using Windows
XP; (c) how many computers are currently using Internet
Explorer version 10 (IE10) or older; (d) what is the privacy risk for your departments
and agencies for using software that is no longer supported by Microsoft; and (e) have you been made aware of the potential for
information to be externally accessed by your departments using software no
longer supported by Microsoft?
compatibility in relation to the Digital WA strategy, and ask for each
department and agency under your control: (a) are all computers currently utilising Microsoft
software that is supported by Microsoft (only versions since 2014); (b) how many computers are currently using Windows
XP; (c) how many computers are currently using Internet
Explorer version 10 (IE10) or older; (d) what is the privacy risk for your departments
and agencies for using software that is no longer supported by Microsoft; and (e) have you been made aware of the potential for
information to be externally accessed by your departments using software no
longer supported by Microsoft?
AnswerView source ↗
Answered
15 November 2016
Responded by
Minister for Emergency Services; Fisheries; Corrective Services; Veterans
Response time
28 days
Department of Fire and Emergency Services
The Department of Fire and Emergency Services (DFES) advises:
(a) Yes.
(b) None.
(c) None.
(d) Not applicable.
(e) Yes.
State Emergency Management Committee
The State Emergency Management Committee (SEMC) Secretariat advsies:
(a) - (e) The Department of Fire and Emergency Services (DFES) provides the SEMC Secretariat with all of its ICT services and therefore DFES’s response to this request encompasses the SEMC Secretariat.
Department of Fisheries
The Department of Fisheries advises:
(a) No.
(b) 10 units for specialist applications are still operating on Windows XP. These only perform tasks that require the Windows XP operating system to operate and are not used as standard “user” computers.
(c) At this point in time IE11 is the standard web browser and is deployed across more than 80% of the Department of Fisheries’ (Department) desktop infrastructure. Remaining machines are either being updated, replaced or unable to be upgraded as per the advice at (b).
(d) The Department notes the privacy risk posed by unsupported software, regardless of the vendors. The Department endeavours to mitigate risk through a range of solutions. Data is stored in currently supported software environments and secured using industry standard practices and principles. Software tools used to access data are managed and restructured to ensure a consistent and controlled environment. Software updates are centrally managed to ensure security patches are assessed quickly and applied automatically. A range of Virus, Malware and Intrusion detection tools are used to monitor activity and safeguard the Department’s environment. This is especially the case for points of data entry and departure within system interfaces. Finally, agency policy and Servicedesk communication seeks to maintain a secure environment with clear staff expectations in regards to privacy and proactive distribution of currently identified risks and threats.
(e) The Department is aware of the potential for breach of systems resulting from poorly maintained systems. All reasonable efforts are made to remove or reduce this potential and ensure staff are informed of current trends in threats to the environment.
The Department of Corrective Services
The Department of Corrective Services (the Department) advises:
(a) All desktop computers are using Microsoft Windows 7, however there is one standalone computer running Windows XP, and 12 computers running Internet Explorer (IE) 9.
(b) One personal computer (PC) is running Windows XP. This is a standalone PC that is required for the iPharm (Pharmacy) system and is not connected to the network.
(c) Twelve computers in the Community Offender Monitoring Unit require Internet Explorer (IE) 9 to access the Electronic Monitoring System. This system is being upgraded and will operate with Internet Explorer 11 by December 2016.
(d) Departmental Information is protected through a range of inter-related strategies and functions that avoid dependence on single technologies and manage the overall risks.
(e) Yes, and the Department is actively working to address any risk
Veterans
(a) –(e) I refer to answer to QON 5977.
The Department of Fire and Emergency Services (DFES) advises:
(a) Yes.
(b) None.
(c) None.
(d) Not applicable.
(e) Yes.
State Emergency Management Committee
The State Emergency Management Committee (SEMC) Secretariat advsies:
(a) - (e) The Department of Fire and Emergency Services (DFES) provides the SEMC Secretariat with all of its ICT services and therefore DFES’s response to this request encompasses the SEMC Secretariat.
Department of Fisheries
The Department of Fisheries advises:
(a) No.
(b) 10 units for specialist applications are still operating on Windows XP. These only perform tasks that require the Windows XP operating system to operate and are not used as standard “user” computers.
(c) At this point in time IE11 is the standard web browser and is deployed across more than 80% of the Department of Fisheries’ (Department) desktop infrastructure. Remaining machines are either being updated, replaced or unable to be upgraded as per the advice at (b).
(d) The Department notes the privacy risk posed by unsupported software, regardless of the vendors. The Department endeavours to mitigate risk through a range of solutions. Data is stored in currently supported software environments and secured using industry standard practices and principles. Software tools used to access data are managed and restructured to ensure a consistent and controlled environment. Software updates are centrally managed to ensure security patches are assessed quickly and applied automatically. A range of Virus, Malware and Intrusion detection tools are used to monitor activity and safeguard the Department’s environment. This is especially the case for points of data entry and departure within system interfaces. Finally, agency policy and Servicedesk communication seeks to maintain a secure environment with clear staff expectations in regards to privacy and proactive distribution of currently identified risks and threats.
(e) The Department is aware of the potential for breach of systems resulting from poorly maintained systems. All reasonable efforts are made to remove or reduce this potential and ensure staff are informed of current trends in threats to the environment.
The Department of Corrective Services
The Department of Corrective Services (the Department) advises:
(a) All desktop computers are using Microsoft Windows 7, however there is one standalone computer running Windows XP, and 12 computers running Internet Explorer (IE) 9.
(b) One personal computer (PC) is running Windows XP. This is a standalone PC that is required for the iPharm (Pharmacy) system and is not connected to the network.
(c) Twelve computers in the Community Offender Monitoring Unit require Internet Explorer (IE) 9 to access the Electronic Monitoring System. This system is being upgraded and will operate with Internet Explorer 11 by December 2016.
(d) Departmental Information is protected through a range of inter-related strategies and functions that avoid dependence on single technologies and manage the overall risks.
(e) Yes, and the Department is actively working to address any risk
Veterans
(a) –(e) I refer to answer to QON 5977.
Explore WA Government Data
Search the full archive in the free dashboard, or query programmatically via API.
Explore more
Government Gazette
Appointments, regulatory notices, planning changes.
Hansard
Debates, questions, speeches and sentiment.
Tabled Papers
Reports and documents tabled in Parliament.
Committees
Committee profiles and recent reports.
Regulations
Subsidiary legislation with filters and summaries.
Bills
Proposed laws and parliamentary progress.
Acts
Current WA legislation and summaries.
Explanatory Memoranda
Bills with EMs (text/PDF) available.
Members
MP profiles, party breakdown and rankings.
Pollie Rankings
Data-driven rankings across 19 categories.
Amendment Chains
Track how schemes and regulations evolve over time.