❓ Hon Steve Martin asks about the Department of Transport and Major Infrastructure's (DTMI) cyber security risk profile, which was assessed as 'very high'. The Minister's answer outlines risk management practices and audit history, indicating no recent high-risk security issues raised by the OAG.
AnsweredQoN 616Legislative Council
QuestionView source ↗
I note the Minister's answer to questions in Legislative Council Budget Estimates that "The Department's risk profile has been assessed as very high" in relation to cyber security, and I ask: (a) on what date was the assessment, which first assessed the Department's cyber risk profile (either as the former Department of Transport or the Department of Transport and Major Infrastructure) as "very high", provided to the Department; (b) without revealing sensitive information, what is the reason for the "very high" result; (c) when will the Cyber Security Program, designed to lower the risk profile to "medium", be completed; (d) what is the frequency of cyber security assessments and when is the next cyber security assessment to be conducted; and (e) how many cyber security assessments in (d) over the last two years have been returned as "high" or "very high" or similar?
AnswerView source ↗
Answered
21 October 2025
Responded by
Parliamentary Secretary to the Minister for Transport
Response time
5 days
(a)-(e) The Department of Transport manages cyber risks in accordance with the WA Government Cyber Security Policy.
As the Department is the custodian of identity information for the WA community; an incident impacting the confidentiality, integrity or availability of key data systems would have an immediate and severe impact on DTMI operations. The “very high” risk rating is significantly influenced by the impact should such a risk materialise.
Internal audits on the Department’s cyber security controls were conducted in March 2024 and August 2025 in addition to the annual OAG general computer controls audits completed in June 2023 and 2024, and August 2025. OAG have not raised any security issues rated as high or very high in the last 10 years.
As the Department is the custodian of identity information for the WA community; an incident impacting the confidentiality, integrity or availability of key data systems would have an immediate and severe impact on DTMI operations. The “very high” risk rating is significantly influenced by the impact should such a risk materialise.
Internal audits on the Department’s cyber security controls were conducted in March 2024 and August 2025 in addition to the annual OAG general computer controls audits completed in June 2023 and 2024, and August 2025. OAG have not raised any security issues rated as high or very high in the last 10 years.
Explore WA Government Data
Search the full archive in the free dashboard, or query programmatically via API.
Explore more
Government Gazette
Appointments, regulatory notices, planning changes.
Hansard
Debates, questions, speeches and sentiment.
Tabled Papers
Reports and documents tabled in Parliament.
Committees
Committee profiles and recent reports.
Regulations
Subsidiary legislation with filters and summaries.
Bills
Proposed laws and parliamentary progress.
Acts
Current WA legislation and summaries.
Explanatory Memoranda
Bills with EMs (text/PDF) available.
Members
MP profiles, party breakdown and rankings.
Pollie Rankings
Data-driven rankings across 19 categories.
Amendment Chains
Track how schemes and regulations evolve over time.