❓ WA Parliamentary Question on Notice regarding penetration testing of government IT systems and websites within the Police and Road Safety portfolios. The response details which consultants were engaged, the dates, and the scope of the tests, including social engineering and phishing.
AnsweredQoN 3793Legislative Assembly
QuestionView source ↗
For all departments, agencies, government trading enterprises or boards within the Minister’s portfolio responsibilities, I ask since 11 March 2017: (a) Have any independent consultants or companies been engaged to run penetration or 'White Hat' tests on any internal or external network systems: (i) If so, what consultant or company was engaged and on what date; (ii) If so, did it include any social engineering or phishing tests; and (iii) If not, why not; and (b) Have any independent consultants or companies been engaged to run penetration or 'White Hat' tests on any websites: (i) If so, what consultant or company was engaged and on what date; and (ii) If so, what website (domain only) was tested?
AnswerView source ↗
Answered
20 September 2018
Responded by
Minister for Police; Road Safety
Response time
11 days
The Road Safety Commission advise that Hivint Cybersecurity Consultancy were engaged on 28 February 2018 to conduct penetration and/or 'White Hat' tests on IT network systems. Social engineering and phishing tests were not included. Only technical scan included in the tests. Asterisk Information Security, on 19 March 2018, were engaged to conduct tests on www.rsc.wa.gov.au .
The Western Australia Police Force advise that Price Waterhouse Coopers (PCP) and Asterisk have been engaged to conduct a range of security tests on the internal and external network. PCP was first engaged on 15 June 2017, and Asterisk on 1 June 2017. The tests included social engineering and phishing tests. Further, Asterisk conducted penetration tests on four websites related to Policing.
The Western Australia Police Force advise that Price Waterhouse Coopers (PCP) and Asterisk have been engaged to conduct a range of security tests on the internal and external network. PCP was first engaged on 15 June 2017, and Asterisk on 1 June 2017. The tests included social engineering and phishing tests. Further, Asterisk conducted penetration tests on four websites related to Policing.
Explore WA Government Data
Search the full archive in the free dashboard, or query programmatically via API.
Explore more
Government Gazette
Appointments, regulatory notices, planning changes.
Hansard
Debates, questions, speeches and sentiment.
Tabled Papers
Reports and documents tabled in Parliament.
Committees
Committee profiles and recent reports.
Regulations
Subsidiary legislation with filters and summaries.
Bills
Proposed laws and parliamentary progress.
Acts
Current WA legislation and summaries.
Explanatory Memoranda
Bills with EMs (text/PDF) available.
Members
MP profiles, party breakdown and rankings.
Pollie Rankings
Data-driven rankings across 19 categories.
Amendment Chains
Track how schemes and regulations evolve over time.