Home›Questions on Notice›QoN 3789

❓ WA Parliamentary Question reveals details of penetration testing activities across various government departments and agencies, including Goldcorp, Lotterywest, Premier and Cabinet, Public Sector Commission, Salaries and Allowances Tribunal, and the Department of Jobs, Tourism, Science and Innovation.

AnsweredQoN 3789Legislative Assembly

Asked

14 August 2018

Member

Mr Z.R.F. Kirkup

Portfolio

Premier; Minister for Public Sector Management; State Development, Jobs and Trade; Federal-State Relations

QuestionView source ↗

For all departments, agencies, government trading enterprises or boards within the Minister’s portfolio responsibilities, I ask since 11 March 2017: (a) Have any independent consultants or companies been engaged to run penetration or 'White Hat' tests on any internal or external network systems: (i) If so, what consultant or company was engaged and on what date; (ii) If so, did it include any social engineering or phishing tests; and (iii) If not, why not; and (b) Have any independent consultants or companies been engaged to run penetration or 'White Hat' tests on any websites: (i) If so, what consultant or company was engaged and on what date; and (ii) If so, what website (domain only) was tested?

AnswerView source ↗

Answered

18 September 2018

Response time

9 days

Goldcorp
(a)        No.
(iii)       Network segmentation is currently underway and network vulnerability tests be executed once complete.
(b)(i)    Computest Services BV – Security Vunerability Test – July 2017.
(ii)        Perthmint.com
Lotterywest
(a)        Since 11 March 2017 Lotterywest has engaged companies to run penetration or 'White Hat' tests on internal or external network systems.
(i)         Lotterywest engaged KPMG to perform scheduled yearly Network and Security Audits in July 2017 and August 2018.
(ii)        Both of these audits included social engineering and phishing tests.
(iii)       Not applicable.
(b)        Since 11 March 2017 Lotterywest has engaged independent consultants or companies to run penetration or 'White Hat' tests on our websites.
(i)         Lotterywest engaged Asterisk to perform a penetration test in August 2017 and August 2018.
(ii)        The following websites were tested:
Public website: www.lotterywest.wa.gov.au including Grants portal and Play Online portal.
Premier and Cabinet
(a)        Yes.
(a)(i)     Ernst and Young, February 2017. Conducted over March and April 2017.
(a)(ii)    No.
(a)(iii)   Not within the scope of the engagement.
(b)        Yes.
(b)(i)    Ernst and Young, February 2017. Conducted over March and April 2017.
(b)(ii)    *.dpc.wa.gov.au, constitutionalcentre.wa.gov.au, mp.wa.gov.au, premier.wa.gov.au, sat.wa.gov.au.
Public Sector Commission advises:
(a)        The Public Sector Commission’s internal and external network systems are managed by and sit within the Department of the Premier Cabinet’s (DPC) infrastructure. Please see the DPC response to this question.
(b)        Yes.
(b)(i)    Stantons International, from mid-2017
(b)(ii)    . Websites / domains:
1.         www.publicsector.wa.gov.au
2.         www.intersector.wa.gov.au
3.         www.icg.wa.gov.au
4.         www.lobbyists.wa.gov.au
5.         www.jobs.wa.gov.au
6. www.sharingculture.wa.gov.au
Salaries and Allowances Tribunal
Please refer to the response from the Department of the Premier and Cabinet, which is the service provider to the Tribunal.
Department of Jobs, Tourism, Science and Innovation
(a)        Yes.
(i)         Diamond Cyber - 01 June 2017; Office of the Auditor General – 01 July 2018.
(ii)        Yes.
(iii)       Not applicable.
(b)        Yes.
(i)         HiVint, February 2018.
(ii)        www.industrylink.wa.gov.au

View on Parliament of WA