❓ A WA parliamentary question on notice seeks information on cybersecurity spending and incidents within the Minister's portfolio. The response reveals varying levels of detail and incidents across different departments, with some departments citing difficulties in providing specific cost breakdowns.
AnsweredQoN 549Legislative Assembly
Asked
25 May 2017
Member
Portfolio
Water; Fisheries; Forestry; Innovation and ICT; Science
QuestionView source ↗
In respect of the Minister’s portfolio responsibilities for departments, agencies or publicly owned corporations: (a) how much money was spent on anti-virus, network security, firewall or anti-malware software in the last financial year; (b) from 17 March 2017 to 19 May 2017, have there been any reported instances of: (i) Viruses: (A) if so, what systems were affected, for how long and was there any downtime (in hours) for each system; (ii) Malware: (A) if so, what systems were affected, for how long and was there any downtime (in hours) for each system; (iii) Cyber-attack: (A) if so, what systems were affected, for how long and was there any downtime (in hours) for each system; and (B) was this attack reported to the WA or Australian Federal Police? If not, why not; (iv) DNS attack: (A) if so, what systems or websites were affected, for how long and was there any downtime (in hours) for each system; and (B) was this attack reported to the WA or Australian Federal Police? If not, why not; (v) Infected websites: (A) if so, what websites were infected / hacked, for how long and was there any downtime (in hours) for each system; (c) From 17 March 2017 to 19 May 2017 have any network files been illegally accessed by external individuals or organisations: (i) if so, what files were illegally accessed and when; (ii) if so, were the WA Police or Australian Federal Police informed of this illegal access; and (iii) if not, why not?
AnswerView source ↗
Answered
27 June 2017
Responded by
Minister for Water; Fisheries; Forestry; Innovation and ICT; Science
Response time
7 days
Aqwest, Busselton Water, ChemCentre, Forest Products Commission, Office of the Government Chief Information Officer and Water Corporation
(a) The Government Chief Information Officer advises this question is difficult to answer as security costs for a wide range of agencies are not necessarily easily obtainable. This is due to external IT vendors bundling the total costs of their services to government of which security measures form one component. The collection and provision of this detail would require considerable time, which would divert staff from their normal duties and it is not considered to be a reasonable or appropriate use of government resources. (b) No (i-iv) Not applicable (c) No (i-iii) Not applicable
Department of Fisheries (a) The Government Chief Information Officer advises this question is difficult to answer as security costs for a wide range of agencies are not necessarily easily obtainable. This is due to external IT vendors bundling the total costs of their services to government of which security measures form one component. The collection and provision of this detail would require considerable time, which would divert staff from their normal duties and it is not considered to be a reasonable or appropriate use of government resources. (b)(i) No. (A) Not applicable (ii) 14. (A) 13 events only affected local desktop machines. Of these 13, nine malware infections were automatically cleaned or quarantined immediately. The remaining four were cleaned within four business hours. The total downtime for all individual users was 12 hours across these four instances. The other one event affected a redundant (secondary backup) data storage device. Replacement equipment was installed and data backups resumed from the primary source. There was no loss of data. The secondary backup environment was offline for 12 days or 288 hours. (iii) No (A) Not applicable (B) Not applicable (iv) No (A) Not applicable (B) Not applicable (v) No (A) Not applicable (c) No (i)(i-iii) Not applicable
Department of Water (a) The Government Chief Information Officer advises this question is difficult to answer as security costs for a wide range of agencies are not necessarily easily obtainable. This is due to external IT vendors bundling the total costs of their services to government of which security measures form one component. The collection and provision of this detail would require considerable time, which would divert staff from their normal duties and it is not considered to be a reasonable or appropriate use of government resources. (b)(i-v) Viruses and malware were detected but were immediately cleaned, removed by anti-virus and anti-malware software, including network security, resulting in no downtime or system being affected. (c) No (i-iii) Not applicable
Office of Science (a)-(c) Please refer to Legislative Assembly Question on Notice 565.
(a) The Government Chief Information Officer advises this question is difficult to answer as security costs for a wide range of agencies are not necessarily easily obtainable. This is due to external IT vendors bundling the total costs of their services to government of which security measures form one component. The collection and provision of this detail would require considerable time, which would divert staff from their normal duties and it is not considered to be a reasonable or appropriate use of government resources. (b) No (i-iv) Not applicable (c) No (i-iii) Not applicable
Department of Fisheries (a) The Government Chief Information Officer advises this question is difficult to answer as security costs for a wide range of agencies are not necessarily easily obtainable. This is due to external IT vendors bundling the total costs of their services to government of which security measures form one component. The collection and provision of this detail would require considerable time, which would divert staff from their normal duties and it is not considered to be a reasonable or appropriate use of government resources. (b)(i) No. (A) Not applicable (ii) 14. (A) 13 events only affected local desktop machines. Of these 13, nine malware infections were automatically cleaned or quarantined immediately. The remaining four were cleaned within four business hours. The total downtime for all individual users was 12 hours across these four instances. The other one event affected a redundant (secondary backup) data storage device. Replacement equipment was installed and data backups resumed from the primary source. There was no loss of data. The secondary backup environment was offline for 12 days or 288 hours. (iii) No (A) Not applicable (B) Not applicable (iv) No (A) Not applicable (B) Not applicable (v) No (A) Not applicable (c) No (i)(i-iii) Not applicable
Department of Water (a) The Government Chief Information Officer advises this question is difficult to answer as security costs for a wide range of agencies are not necessarily easily obtainable. This is due to external IT vendors bundling the total costs of their services to government of which security measures form one component. The collection and provision of this detail would require considerable time, which would divert staff from their normal duties and it is not considered to be a reasonable or appropriate use of government resources. (b)(i-v) Viruses and malware were detected but were immediately cleaned, removed by anti-virus and anti-malware software, including network security, resulting in no downtime or system being affected. (c) No (i-iii) Not applicable
Office of Science (a)-(c) Please refer to Legislative Assembly Question on Notice 565.
Explore WA Government Data
Search the full archive in the free dashboard, or query programmatically via API.
Explore more
Government Gazette
Appointments, regulatory notices, planning changes.
Hansard
Debates, questions, speeches and sentiment.
Tabled Papers
Reports and documents tabled in Parliament.
Committees
Committee profiles and recent reports.
Regulations
Subsidiary legislation with filters and summaries.
Bills
Proposed laws and parliamentary progress.
Acts
Current WA legislation and summaries.
Explanatory Memoranda
Bills with EMs (text/PDF) available.
Members
MP profiles, party breakdown and rankings.
Pollie Rankings
Data-driven rankings across 19 categories.
Amendment Chains
Track how schemes and regulations evolve over time.