❓ WA Parliament Question on Notice regarding cybersecurity penetration testing ('white hat' hacking) within various departments and agencies under the Minister's portfolio since March 2017. Reveals varying levels of testing and future plans.
AnsweredQoN 3805Legislative Assembly
Asked
14 August 2018
Member
Portfolio
Water; Fisheries; Forestry; Innovation and ICT; Science
QuestionView source ↗
For all departments, agencies, government trading enterprises or boards within the Minister’s portfolio responsibilities, I ask since 11 March 2017: (a) Have any independent consultants or companies been engaged to run penetration or 'White Hat' tests on any internal or external network systems: (i) If so, what consultant or company was engaged and on what date; (ii) If so, did it include any social engineering or phishing tests; and (iii) If not, why not; and (b) Have any independent consultants or companies been engaged to run penetration or 'White Hat' tests on any websites: (i) If so, what consultant or company was engaged and on what date; and (ii) If so, what website (domain only) was tested?
AnswerView source ↗
Answered
30 October 2018
Responded by
Minister for Water; Fisheries; Forestry; Innovation and ICT; Science
Response time
18 days
Aqwest (a) No (i) Not applicable (ii) Not applicable (iii) Aqwest ensures that firewall and anti-virus software is regularly updated to the latest version or patch (b) No (i) Not applicable (ii) Not applicable
Busselton Water (a) No (i) Not applicable (ii) Not applicable (iii) Major security review completed October 2016 and next review including white hat penetration testing will occur in 2018-19 (b) No (i) Not applicable (ii) Not applicable
ChemCentre (a) Yes (i) Stantons International engaged in April to initially review practices associated with ICT vulnerability and then conduct penetration testing scheduled for October (ii) No (iii) Not applicable (b) No (i) Not applicable (ii) Not applicable
Department of Fisheries (a) No (i) Not applicable (ii) Not applicable (iii) Prior to 30 June 2017, the Department of Fisheries only conducted white hat hacks when significant external facing systems were implemented (b) No (i) Not applicable (ii) Not Applicable
Department of Primary Industries and Regional Development Please refer to Legislative Assembly question on notice 3794
Department of Water (a) No (i) – (ii) Not applicable (iii) The Department of Water intended to engage an independent consultant to conduct a full penetration test at the end of the development of the Water Online system. Development was still ongoing at the time of Machinery of Government changes (b) No (i) Not applicable (ii) Not applicable
Department of Water and Environmental Regulation (a) No (i) Not applicable (ii) Not applicable (iii) Following the recent completion of system integration as a result of Machinery of Government changes, the Department of Water and Environmental Regulation will engage an independent consultant to conduct a full penetration test of the merged ICT environment (b) No (i) Not applicable (ii) Not applicable
Forest Products Commission (a) No (i) Not applicable (ii) Not applicable (iii) No changes made to the internal or external network systems in this period have required independent penetration testing (b) No (i) Not applicable (ii) Not applicable
Department of Jobs, Tourism, Science and Innovation Please refer to Legislative Assembly question on notice 3789
Office of Digital Government (a) Please refer to Legislative Assembly Question on Notice 3789 and Legislative Assembly Question on Notice 3799 (b) No
Water Corporation (a) Yes (i) Pricewaterhouse Coopers. Testing was engaged for four weeks between November and December 2017 (ii) Yes (iii) Not applicable (b) Yes (i) Pricewaterhouse Coopers was engaged for four weeks between November and December 2017 (ii) Websites tested: • Watercorporation.com.au • Mywater.com.au • Buildernet.watercorporation.com.au • Eprocurement.watercorporation.com.au
Busselton Water (a) No (i) Not applicable (ii) Not applicable (iii) Major security review completed October 2016 and next review including white hat penetration testing will occur in 2018-19 (b) No (i) Not applicable (ii) Not applicable
ChemCentre (a) Yes (i) Stantons International engaged in April to initially review practices associated with ICT vulnerability and then conduct penetration testing scheduled for October (ii) No (iii) Not applicable (b) No (i) Not applicable (ii) Not applicable
Department of Fisheries (a) No (i) Not applicable (ii) Not applicable (iii) Prior to 30 June 2017, the Department of Fisheries only conducted white hat hacks when significant external facing systems were implemented (b) No (i) Not applicable (ii) Not Applicable
Department of Primary Industries and Regional Development Please refer to Legislative Assembly question on notice 3794
Department of Water (a) No (i) – (ii) Not applicable (iii) The Department of Water intended to engage an independent consultant to conduct a full penetration test at the end of the development of the Water Online system. Development was still ongoing at the time of Machinery of Government changes (b) No (i) Not applicable (ii) Not applicable
Department of Water and Environmental Regulation (a) No (i) Not applicable (ii) Not applicable (iii) Following the recent completion of system integration as a result of Machinery of Government changes, the Department of Water and Environmental Regulation will engage an independent consultant to conduct a full penetration test of the merged ICT environment (b) No (i) Not applicable (ii) Not applicable
Forest Products Commission (a) No (i) Not applicable (ii) Not applicable (iii) No changes made to the internal or external network systems in this period have required independent penetration testing (b) No (i) Not applicable (ii) Not applicable
Department of Jobs, Tourism, Science and Innovation Please refer to Legislative Assembly question on notice 3789
Office of Digital Government (a) Please refer to Legislative Assembly Question on Notice 3789 and Legislative Assembly Question on Notice 3799 (b) No
Water Corporation (a) Yes (i) Pricewaterhouse Coopers. Testing was engaged for four weeks between November and December 2017 (ii) Yes (iii) Not applicable (b) Yes (i) Pricewaterhouse Coopers was engaged for four weeks between November and December 2017 (ii) Websites tested: • Watercorporation.com.au • Mywater.com.au • Buildernet.watercorporation.com.au • Eprocurement.watercorporation.com.au
Explore WA Government Data
Search the full archive in the free dashboard, or query programmatically via API.
Explore more
Government Gazette
Appointments, regulatory notices, planning changes.
Hansard
Debates, questions, speeches and sentiment.
Tabled Papers
Reports and documents tabled in Parliament.
Committees
Committee profiles and recent reports.
Regulations
Subsidiary legislation with filters and summaries.
Bills
Proposed laws and parliamentary progress.
Acts
Current WA legislation and summaries.
Explanatory Memoranda
Bills with EMs (text/PDF) available.
Members
MP profiles, party breakdown and rankings.
Pollie Rankings
Data-driven rankings across 19 categories.
Amendment Chains
Track how schemes and regulations evolve over time.