❓ WA Parliamentary Question on Notice regarding government agencies monitoring third-party WiFi/Bluetooth addresses. Several agencies deny monitoring, while Western Power and Synergy admit to logging network usage for security and auditing purposes, with user consent obtained through terms and conditions.
AnsweredQoN 2667Legislative Assembly
Asked
13 March 2018
Member
Portfolio
Treasurer; Minister for Finance; Energy; Aboriginal Affairs
QuestionView source ↗
Does any department, agency and Government Trading Enterprise under the Minister's control maintain any wireless network that monitors a third-party's WiFi MAC (Media Access Control) or bluetooth address and if so: (a) Where is the wireless network located and who is being monitored; (b) What company supplies the software and/or hardware to monitor the addresses, what was the upfront and ongoing annual cost; (c) Why was the decision made to monitor the addresses; (d) What information is harvested as part of this monitoring, how is it stored and how long is it retained; and (e) Are the third-party's aware of the monitoring and do they have any way to opt-out?
AnswerView source ↗
Answered
8 May 2018
Response time
9 days
Department of Treasury No. (a – e) Not applicable.
Department of Finance No. (a – e) Not applicable.
Western Australia Treasury Corporation No. (a – e) Not applicable.
Economic Regulation Authority No. (a – e) Not applicable.
Department of Planning, Lands and Heritage (a – e) Please refer to answer to Legislative Assembly question on notice 2665.
Lands, Approvals and Native Title Unit (a – e) Please refer to answer to Legislative Assembly question on notice 2677.
Aboriginal Policy Unit (a – e) Please refer to answer to Legislative Assembly question on notice 2677.
Western Power (a) Western Power, at all offices and depots, offers a Bring Your Own Wireless Device and Guest Wireless Network for use by employees, contractors and visitors to access the Internet. Once contractors and visitors connect to the Internet, their traffic patterns are monitored by Western Power’s Security Incident and Event Management (SIEM) to look for possible viruses or malware. If detected, then the device is quarantined and the owner of the device is alerted using our Security Incident Response Process and they are assisted in remediation
(b) Cisco Wireless: $39,519 per annum with an additional $91,565 up-front costs for CISCO-ISE equipment; and IBM Qradar SIEM and monitoring Service: $420,000 per annum. (Note: total cost across the entire ICT fleet of monitored systems and devices, not just Wifi)
(c) Detection of Possible Computer Infection that could spread (Virus or Malware)
(d) No information is harvested from the address, however monitoring of traffic patterns by the address is performed through the Security Incident and Event Management system (SIEM) for 90 Days; after which it is destroyed.
(e) Yes, via a Conditions of Use notification when they connect to the wireless environment.
Synergy (a) Forrest Centre Head Office, Cockburn Power Station, Collie Power Station, Greenough River Solar Farm, Kalgoorlie Gas Turbine, Kwinana Power Station, Mungarra Gas Turbine, Muja Power Station, Pinjar Turbine. Synergy captures a log of all wireless guests connecting to the Guest Network using standard logging protocols.
(b) Cisco. Specifically Cisco’s “Prime” software is used for access logging. $20,000 for the upfront cost, $19,400 annual cost.
(c) The logs are used to generate usage reports and to serve as an audit trail in case a client attempts to access something they should not. Synergy understand that this is standard practice for an enterprise wireless configuration.
(d) The client’s MAC, Wireless network accessed, and Wireless access point utilised are logged. This information is stored within the Cisco Prime software and in the authentication logs maintained within Cisco Identity Service Engine for 30 days and then deleted from the system.
(e) Yes and yes - they are aware of the logging activity via the terms and conditions. They are required to accept these before access is allowed.
Horizon Power No. (a – e) Not applicable.
Government Employees Superannuation Board No. (a – e) Not applicable.
Fire and Emergency Services Superannuation Fund No. (a – e) Not applicable.
Insurance Commission of Western Australia No. (a – e) Not applicable.
Independent Market Operator No. (a – e) Not applicable.
Office of the Auditor General No. (a – e) Not applicable.
Department of Finance No. (a – e) Not applicable.
Western Australia Treasury Corporation No. (a – e) Not applicable.
Economic Regulation Authority No. (a – e) Not applicable.
Department of Planning, Lands and Heritage (a – e) Please refer to answer to Legislative Assembly question on notice 2665.
Lands, Approvals and Native Title Unit (a – e) Please refer to answer to Legislative Assembly question on notice 2677.
Aboriginal Policy Unit (a – e) Please refer to answer to Legislative Assembly question on notice 2677.
Western Power (a) Western Power, at all offices and depots, offers a Bring Your Own Wireless Device and Guest Wireless Network for use by employees, contractors and visitors to access the Internet. Once contractors and visitors connect to the Internet, their traffic patterns are monitored by Western Power’s Security Incident and Event Management (SIEM) to look for possible viruses or malware. If detected, then the device is quarantined and the owner of the device is alerted using our Security Incident Response Process and they are assisted in remediation
(b) Cisco Wireless: $39,519 per annum with an additional $91,565 up-front costs for CISCO-ISE equipment; and IBM Qradar SIEM and monitoring Service: $420,000 per annum. (Note: total cost across the entire ICT fleet of monitored systems and devices, not just Wifi)
(c) Detection of Possible Computer Infection that could spread (Virus or Malware)
(d) No information is harvested from the address, however monitoring of traffic patterns by the address is performed through the Security Incident and Event Management system (SIEM) for 90 Days; after which it is destroyed.
(e) Yes, via a Conditions of Use notification when they connect to the wireless environment.
Synergy (a) Forrest Centre Head Office, Cockburn Power Station, Collie Power Station, Greenough River Solar Farm, Kalgoorlie Gas Turbine, Kwinana Power Station, Mungarra Gas Turbine, Muja Power Station, Pinjar Turbine. Synergy captures a log of all wireless guests connecting to the Guest Network using standard logging protocols.
(b) Cisco. Specifically Cisco’s “Prime” software is used for access logging. $20,000 for the upfront cost, $19,400 annual cost.
(c) The logs are used to generate usage reports and to serve as an audit trail in case a client attempts to access something they should not. Synergy understand that this is standard practice for an enterprise wireless configuration.
(d) The client’s MAC, Wireless network accessed, and Wireless access point utilised are logged. This information is stored within the Cisco Prime software and in the authentication logs maintained within Cisco Identity Service Engine for 30 days and then deleted from the system.
(e) Yes and yes - they are aware of the logging activity via the terms and conditions. They are required to accept these before access is allowed.
Horizon Power No. (a – e) Not applicable.
Government Employees Superannuation Board No. (a – e) Not applicable.
Fire and Emergency Services Superannuation Fund No. (a – e) Not applicable.
Insurance Commission of Western Australia No. (a – e) Not applicable.
Independent Market Operator No. (a – e) Not applicable.
Office of the Auditor General No. (a – e) Not applicable.
Explore WA Government Data
Search the full archive in the free dashboard, or query programmatically via API.
Explore more
Government Gazette
Appointments, regulatory notices, planning changes.
Hansard
Debates, questions, speeches and sentiment.
Tabled Papers
Reports and documents tabled in Parliament.
Committees
Committee profiles and recent reports.
Regulations
Subsidiary legislation with filters and summaries.
Bills
Proposed laws and parliamentary progress.
Acts
Current WA legislation and summaries.
Explanatory Memoranda
Bills with EMs (text/PDF) available.
Members
MP profiles, party breakdown and rankings.
Pollie Rankings
Data-driven rankings across 19 categories.
Amendment Chains
Track how schemes and regulations evolve over time.