❓ WA Parliamentary Question regarding the impact of the WannaCry ransomware on various government departments, agencies, boards, and publicly owned corporations. The response indicates no infections occurred within most listed entities, with existing security measures and patching policies cited as preventative measures.
AnsweredQoN 56Legislative Assembly
Asked
17 May 2017
Member
Portfolio
Treasurer; Minister for Finance; Energy; Aboriginal Affairs
QuestionView source ↗
In respect of the Minister’s portfolio responsibilities for departments, agencies, boards or publicly owned corporations: (a) how many computers were infected with the ransomware program called 'WannaCry': (i) was any payment made to decrypt any computers as per the ransom; (ii) why were the infected machines not patched to prevent this from occurring; and (iii) what actions have been taken since the infection to prevent this from occurring again in the future?
AnswerView source ↗
Answered
20 June 2017
Response time
8 days
I thank the Member for the question. Computer viruses are often a problem because they stop otherwise busy public servants from doing their jobs for the people of WA and instead force them to deal with a problem created by an immature, childish, petulant hacker with an overstated opinion of themselves.
Department of Aboriginal Affairs
(a) Nil
(i-iii) Not applicable
Department of Finance
(a) Nil
(i-iii) Not applicable
Public Utilities Office
(a) Nil
(i-iii) Not applicable
Department of Treasury
(a) Nil.
(i-ii) Not applicable.
(iii) Existing ICT security policies and controls are in place to prevent users from accessing the malicious site and prevent this type of malware from running on the Department’s network.
Treasury’s ICT patching policy ensures the regular delivery of security updates to the Department’s computers. Treasury’s computers were patched against ‘Wannacry’ in April 2017.
Economic Regulation Authority
(a) Nil
(i-iii) Not applicable
Fire and Emergency Services Superannuation Fund
(a) Nil
(i-iii) Not applicable
Government Employees Superannuation Board
(a) No GESB workstations have been impacted by the WannaCry ransomware.
(i-ii) Not applicable
(iii) The actions that have been taken since the infection to prevent this from occurring in the future are:
Horizon Power
(a) No Horizon Power computers were infected with WannaCry
(i-ii) Not applicable
(iii) Horizon Power has a mature patching program in place as per the Australian Signals Directorate’s (ASD) Essential 8 and had already patched for this vulnerability in April 2017. In addition, we have 24/7 monitoring in place to detect any malware activity and an incident management process to deal with malware outbreaks which includes, if necessary, recovery from backup tapes. Notwithstanding, the following additional controls were put in place:
Independent Market Operator
(a) Nil
(i-iii) Not applicable
Insurance Commission of Western Australia
(a) Nil
(i-iii) Not applicable
Native Title
(a) Nil
(i-iii) Not applicable
Office of the Auditor General
(a) Nil
(i-ii) Not applicable
(iii) We perform continual reviews of security practices and controls to prevent infections from occurring.
Synergy
a) None.
(i-iii) Not applicable.
Western Australia Treasury Corporation
(a) Nil
(i-iii) Not applicable
Western Power
(a) Nil
(i-iii) Not applicable
Department of Aboriginal Affairs
(a) Nil
(i-iii) Not applicable
Department of Finance
(a) Nil
(i-iii) Not applicable
Public Utilities Office
(a) Nil
(i-iii) Not applicable
Department of Treasury
(a) Nil.
(i-ii) Not applicable.
(iii) Existing ICT security policies and controls are in place to prevent users from accessing the malicious site and prevent this type of malware from running on the Department’s network.
Treasury’s ICT patching policy ensures the regular delivery of security updates to the Department’s computers. Treasury’s computers were patched against ‘Wannacry’ in April 2017.
Economic Regulation Authority
(a) Nil
(i-iii) Not applicable
Fire and Emergency Services Superannuation Fund
(a) Nil
(i-iii) Not applicable
Government Employees Superannuation Board
(a) No GESB workstations have been impacted by the WannaCry ransomware.
(i-ii) Not applicable
(iii) The actions that have been taken since the infection to prevent this from occurring in the future are:
Horizon Power
(a) No Horizon Power computers were infected with WannaCry
(i-ii) Not applicable
(iii) Horizon Power has a mature patching program in place as per the Australian Signals Directorate’s (ASD) Essential 8 and had already patched for this vulnerability in April 2017. In addition, we have 24/7 monitoring in place to detect any malware activity and an incident management process to deal with malware outbreaks which includes, if necessary, recovery from backup tapes. Notwithstanding, the following additional controls were put in place:
Independent Market Operator
(a) Nil
(i-iii) Not applicable
Insurance Commission of Western Australia
(a) Nil
(i-iii) Not applicable
Native Title
(a) Nil
(i-iii) Not applicable
Office of the Auditor General
(a) Nil
(i-ii) Not applicable
(iii) We perform continual reviews of security practices and controls to prevent infections from occurring.
Synergy
a) None.
(i-iii) Not applicable.
Western Australia Treasury Corporation
(a) Nil
(i-iii) Not applicable
Western Power
(a) Nil
(i-iii) Not applicable
Explore WA Government Data
Search the full archive in the free dashboard, or query programmatically via API.
Explore more
Government Gazette
Appointments, regulatory notices, planning changes.
Hansard
Debates, questions, speeches and sentiment.
Tabled Papers
Reports and documents tabled in Parliament.
Committees
Committee profiles and recent reports.
Regulations
Subsidiary legislation with filters and summaries.
Bills
Proposed laws and parliamentary progress.
Acts
Current WA legislation and summaries.
Explanatory Memoranda
Bills with EMs (text/PDF) available.
Members
MP profiles, party breakdown and rankings.
Pollie Rankings
Data-driven rankings across 19 categories.
Amendment Chains
Track how schemes and regulations evolve over time.