❓ Mr. Kirkup questions the Minister for Innovation and ICT about the government's response to a Bloomberg report alleging Chinese PLA embedded malicious microchips in Supermicro motherboards used by various organisations, including government agencies. The Minister responds by criticising the previous government's cybersecurity efforts and outlining the current government's initiatives.
AnsweredQoN 768Legislative Assembly
QuestionView source ↗
CYBERSECURITY — BLOOMBERG INVESTIGATION
768. Mr Z.R.F. KIRKUP to the Minister for Innovation and
ICT:
I refer to the investigation by Bloomberg that last week revealed that the People's Liberation Army has embedded
malicious microchips into motherboards, compromising the security of servers at
Apple, Amazon, the Bureau of Meteorology and the Australian and United States
departments of defence. What steps has this government undertaken to audit
whether any Supermicro motherboards or devices are operating in Western Australian
corporations or agencies?
768. Mr Z.R.F. KIRKUP to the Minister for Innovation and
ICT:
I refer to the investigation by Bloomberg that last week revealed that the People's Liberation Army has embedded
malicious microchips into motherboards, compromising the security of servers at
Apple, Amazon, the Bureau of Meteorology and the Australian and United States
departments of defence. What steps has this government undertaken to audit
whether any Supermicro motherboards or devices are operating in Western Australian
corporations or agencies?
AnswerView source ↗
I ask the member which organisation did
he —
Mr Z.R.F. Kirkup : It was a year-long
investigation by Bloomberg .
Mr D.J. KELLY : The member
named an organisation that he claims may have embedded —
Mr Z.R.F. Kirkup : Supermicro.
Mr D.J. KELLY : I thought he
said the People's Liberation —
Mr Z.R.F. Kirkup : I will go
through the question again if the member wants. I am surprised you don't
know about it, considering it is the biggest hardware attack in history.
The SPEAKER : Ask the question
again.
Mr Z.R.F. KIRKUP : I am a bit
concerned that the minister for technology does not know —
Several members interjected.
The SPEAKER : Just ask the
question.
Mr Z.R.F. KIRKUP : My question
is: I refer to the revelations in Bloomberg last week that assert that
the People's Liberation Army embedded malicious microchips into
motherboards, compromising the security of servers and devices at Apple,
Amazon, the Bureau of Meteorology and the Australian and United States
departments of defence. What steps has the government taken—clearly
none—to determine whether any Supermicro motherboards or devices are
operating in any Western Australian government agency or corporation?
Several members interjected.
Mr
D.J. KELLY : The member for
Dawesville sometimes thinks he is too clever. When we came into government —
Several members interjected.
The SPEAKER : Members! Member
for Swan Hills, I call you to order.
Mr D.J. KELLY : When we came
into government, one of the problems that we had to deal with was that the
previous government did not take cybersecurity seriously. We were the only
state government not to have any central oversight of cybersecurity across the
public sector. All we had was the Office of the Government Chief Information
Officer, which de facto provided advice to departments on these issues. When we
came into government, under the last budget we provided resources for the
first-ever across-agency cybersecurity team to look at these issues. That is a major
leap forward for this government. We are putting that in place now. We have put
a range of other initiatives in place, which we have talked about previously in
this place.
I have no reason to believe that the
incident that the member for Dawesville has referred to has infected Western Australian's
public sector—no evidence whatsoever at this point in time. However, we
have said previously that the Western Australian government is vulnerable when
it comes to cybersecurity, because the previous government was asleep at the
wheel on this issue. It was literally asleep at the wheel. While the member for
Dawesville was in the Premier's department doing I have no idea what,
the previous government was absolutely asleep at the wheel. The Auditor General
in this state released annual report after annual report saying that we were
vulnerable. What did the previous government do? It did nothing. All the trends
and the baselines that the Auditor General used to assess things such as
information security and business continuity all plateaued, if not declined,
under the previous Liberal government. We have acted. We have set up an
across-agency team to look at cybersecurity. We have had forums with directors
general to make sure that cybersecurity is not something that is dealt with by
the —
Mr Z.R.F. Kirkup : What about
this incident?
The SPEAKER : Member! You will have a supplementary.
Mr D.J. KELLY : I have
answered the member's question. We have made sure that cybersecurity is
an issue for directors general. In 18 months we have done more than the
previous government did in eight years.
Mr V.A. Catania : Like what?
Mr D.J. KELLY : The ''member
for North West–Claremont'' would not know what he is talking
about, so he should not raise his head above the parapet. I have no reason to
believe that the cybersecurity incident that the member for Dawesville referred
to has infected the Western Australian government at this point.
he —
Mr Z.R.F. Kirkup : It was a year-long
investigation by Bloomberg .
Mr D.J. KELLY : The member
named an organisation that he claims may have embedded —
Mr Z.R.F. Kirkup : Supermicro.
Mr D.J. KELLY : I thought he
said the People's Liberation —
Mr Z.R.F. Kirkup : I will go
through the question again if the member wants. I am surprised you don't
know about it, considering it is the biggest hardware attack in history.
The SPEAKER : Ask the question
again.
Mr Z.R.F. KIRKUP : I am a bit
concerned that the minister for technology does not know —
Several members interjected.
The SPEAKER : Just ask the
question.
Mr Z.R.F. KIRKUP : My question
is: I refer to the revelations in Bloomberg last week that assert that
the People's Liberation Army embedded malicious microchips into
motherboards, compromising the security of servers and devices at Apple,
Amazon, the Bureau of Meteorology and the Australian and United States
departments of defence. What steps has the government taken—clearly
none—to determine whether any Supermicro motherboards or devices are
operating in any Western Australian government agency or corporation?
Several members interjected.
Mr
D.J. KELLY : The member for
Dawesville sometimes thinks he is too clever. When we came into government —
Several members interjected.
The SPEAKER : Members! Member
for Swan Hills, I call you to order.
Mr D.J. KELLY : When we came
into government, one of the problems that we had to deal with was that the
previous government did not take cybersecurity seriously. We were the only
state government not to have any central oversight of cybersecurity across the
public sector. All we had was the Office of the Government Chief Information
Officer, which de facto provided advice to departments on these issues. When we
came into government, under the last budget we provided resources for the
first-ever across-agency cybersecurity team to look at these issues. That is a major
leap forward for this government. We are putting that in place now. We have put
a range of other initiatives in place, which we have talked about previously in
this place.
I have no reason to believe that the
incident that the member for Dawesville has referred to has infected Western Australian's
public sector—no evidence whatsoever at this point in time. However, we
have said previously that the Western Australian government is vulnerable when
it comes to cybersecurity, because the previous government was asleep at the
wheel on this issue. It was literally asleep at the wheel. While the member for
Dawesville was in the Premier's department doing I have no idea what,
the previous government was absolutely asleep at the wheel. The Auditor General
in this state released annual report after annual report saying that we were
vulnerable. What did the previous government do? It did nothing. All the trends
and the baselines that the Auditor General used to assess things such as
information security and business continuity all plateaued, if not declined,
under the previous Liberal government. We have acted. We have set up an
across-agency team to look at cybersecurity. We have had forums with directors
general to make sure that cybersecurity is not something that is dealt with by
the —
Mr Z.R.F. Kirkup : What about
this incident?
The SPEAKER : Member! You will have a supplementary.
Mr D.J. KELLY : I have
answered the member's question. We have made sure that cybersecurity is
an issue for directors general. In 18 months we have done more than the
previous government did in eight years.
Mr V.A. Catania : Like what?
Mr D.J. KELLY : The ''member
for North West–Claremont'' would not know what he is talking
about, so he should not raise his head above the parapet. I have no reason to
believe that the cybersecurity incident that the member for Dawesville referred
to has infected the Western Australian government at this point.
Explore WA Government Data
Search the full archive in the free dashboard, or query programmatically via API.
Explore more
Government Gazette
Appointments, regulatory notices, planning changes.
Hansard
Debates, questions, speeches and sentiment.
Tabled Papers
Reports and documents tabled in Parliament.
Committees
Committee profiles and recent reports.
Regulations
Subsidiary legislation with filters and summaries.
Bills
Proposed laws and parliamentary progress.
Acts
Current WA legislation and summaries.
Explanatory Memoranda
Bills with EMs (text/PDF) available.
Members
MP profiles, party breakdown and rankings.
Pollie Rankings
Data-driven rankings across 19 categories.
Amendment Chains
Track how schemes and regulations evolve over time.