❓ Dr. Honey questions the Premier about poor cybersecurity practices in government agencies, citing a doubling of qualified financial audits and unresolved deficiencies. The Premier responds by outlining measures taken to address cybersecurity risks, including investment and policy changes.
AnsweredQoN 190Legislative Assembly
QuestionView source ↗
CYBERSECURITY —
GOVERNMENT AGENCIES
190. Dr D.J. HONEY to the Premier:
Before
I ask my question, I want to recognise that the purple pin that I am wearing
today came from Hon Kate Doust .
It recognises the sixtieth anniversary of the Epilepsy Association of Western Australia,
and, in particular, its Purple Walk this Sunday, 26 March from 10.30 am to 1.30
pm at Curtin University's Edinburgh Oval South.
In her report released yesterday,
the Auditor General revealed that 13 state government agencies had such poor cybersecurity practices that she could issue only
qualified financial audits for them, a doubling of the number reported last year. Additionally, 282 agencies, which is equal to half of the number
audited, had not resolved cybersecurity deficiencies identified in last year's
audit.
(1) Why is the
Premier's government failing to treat cybersecurity threats seriously
enough to ensure that it is protecting people's personal data and the
integrity of the agency computer systems?
(2) If he
believes that he is treating this issue with the required seriousness, how can
we see a doubling of the number of agencies with cybersecurity-related
financial audit findings and half of all previous findings still unresolved in
the past year?
GOVERNMENT AGENCIES
190. Dr D.J. HONEY to the Premier:
Before
I ask my question, I want to recognise that the purple pin that I am wearing
today came from Hon Kate Doust .
It recognises the sixtieth anniversary of the Epilepsy Association of Western Australia,
and, in particular, its Purple Walk this Sunday, 26 March from 10.30 am to 1.30
pm at Curtin University's Edinburgh Oval South.
In her report released yesterday,
the Auditor General revealed that 13 state government agencies had such poor cybersecurity practices that she could issue only
qualified financial audits for them, a doubling of the number reported last year. Additionally, 282 agencies, which is equal to half of the number
audited, had not resolved cybersecurity deficiencies identified in last year's
audit.
(1) Why is the
Premier's government failing to treat cybersecurity threats seriously
enough to ensure that it is protecting people's personal data and the
integrity of the agency computer systems?
(2) If he
believes that he is treating this issue with the required seriousness, how can
we see a doubling of the number of agencies with cybersecurity-related
financial audit findings and half of all previous findings still unresolved in
the past year?
AnswerView source ↗
I thank the member for the question.
(1)–(2) Obviously,
cybersecurity is increasingly becoming an issue around the world. Indeed, we
saw some major breaches by significant
Australian companies in recent months. In particular, Optus and Medibank,
amongst others, had some significant breaches. It is an issue that will
continue to impact both the private and public sectors in Australia and around
the world. We are not immune to that. We are not alone in having to deal with
that, but we do take the risk seriously. We have been putting in place a range
of measures to help us to deal with that. The Auditor General has acknowledged
the efforts the government is making to mitigate the risks. Indeed, she said in
her report yesterday, ''I also acknowledge the hard work being done by
staff and leaders across state government'' to deal with those matters.
We established the first
cybersecurity policy and we established the cybersecurity operations centre in
2020, and 62 agencies are already connected to that. A directive was issued earlier
this year to all entities to further cybersecurity preparedness, and we
established the $900 million digital capability fund to assist public sector
entities on a competitive basis to improve their cybersecurity and IT systems
across government. That is $900 million that we have announced in the course of
the last year or so. I quote what the Auditor General had to say about that —
While the full value of this
investment will take many years to realise, the enhancements are essential and
it is pleasing that a number of entities have already accessed funding �
The
Auditor General's report further found that there has been no proven
misuse of health information, court proceedings,
prisoner information or child protection information. We take the matter extremely
seriously . There have been some significant improvements on what was in
place during the last government and a range of policy changes and also a huge
amount of investment into this important area.
(1)–(2) Obviously,
cybersecurity is increasingly becoming an issue around the world. Indeed, we
saw some major breaches by significant
Australian companies in recent months. In particular, Optus and Medibank,
amongst others, had some significant breaches. It is an issue that will
continue to impact both the private and public sectors in Australia and around
the world. We are not immune to that. We are not alone in having to deal with
that, but we do take the risk seriously. We have been putting in place a range
of measures to help us to deal with that. The Auditor General has acknowledged
the efforts the government is making to mitigate the risks. Indeed, she said in
her report yesterday, ''I also acknowledge the hard work being done by
staff and leaders across state government'' to deal with those matters.
We established the first
cybersecurity policy and we established the cybersecurity operations centre in
2020, and 62 agencies are already connected to that. A directive was issued earlier
this year to all entities to further cybersecurity preparedness, and we
established the $900 million digital capability fund to assist public sector
entities on a competitive basis to improve their cybersecurity and IT systems
across government. That is $900 million that we have announced in the course of
the last year or so. I quote what the Auditor General had to say about that —
While the full value of this
investment will take many years to realise, the enhancements are essential and
it is pleasing that a number of entities have already accessed funding �
The
Auditor General's report further found that there has been no proven
misuse of health information, court proceedings,
prisoner information or child protection information. We take the matter extremely
seriously . There have been some significant improvements on what was in
place during the last government and a range of policy changes and also a huge
amount of investment into this important area.
Explore WA Government Data
Search the full archive in the free dashboard, or query programmatically via API.
Explore more
Government Gazette
Appointments, regulatory notices, planning changes.
Hansard
Debates, questions, speeches and sentiment.
Tabled Papers
Reports and documents tabled in Parliament.
Committees
Committee profiles and recent reports.
Regulations
Subsidiary legislation with filters and summaries.
Bills
Proposed laws and parliamentary progress.
Acts
Current WA legislation and summaries.
Explanatory Memoranda
Bills with EMs (text/PDF) available.
Members
MP profiles, party breakdown and rankings.
Pollie Rankings
Data-driven rankings across 19 categories.
Amendment Chains
Track how schemes and regulations evolve over time.