❓ WA Parliamentary Question on Notice regarding ICT compatibility and security risks associated with outdated Microsoft software across various government departments and agencies. Reveals varying levels of compliance and risk mitigation strategies.
AnsweredQoN 5972Legislative Assembly
Asked
18 October 2016
Member
Portfolio
Treasurer; Minister for Energy; Citizenship and Multicultural Interests
QuestionView source ↗
I refer to ICT
compatibility in relation to the Digital WA strategy, and ask for each
department and agency under your control: (a) are all computers currently utilising Microsoft
software that is supported by Microsoft (only versions since 2014); (b) how many computers are currently using Windows
XP; (c) how many computers are currently using Internet
Explorer version 10 (IE10) or older; (d) what is the privacy risk for your departments
and agencies for using software that is no longer supported by Microsoft; and (e) have you been made aware of the potential for
information to be externally accessed by your departments using software no
longer supported by Microsoft?
compatibility in relation to the Digital WA strategy, and ask for each
department and agency under your control: (a) are all computers currently utilising Microsoft
software that is supported by Microsoft (only versions since 2014); (b) how many computers are currently using Windows
XP; (c) how many computers are currently using Internet
Explorer version 10 (IE10) or older; (d) what is the privacy risk for your departments
and agencies for using software that is no longer supported by Microsoft; and (e) have you been made aware of the potential for
information to be externally accessed by your departments using software no
longer supported by Microsoft?
AnswerView source ↗
Answered
30 November 2016
Response time
43 days
Department of Treasury
(a) No.
(b) One restricted stand-alone computer.
(c) One, the same computer as above.
(d) This standalone computer has an embedded version of Windows XP with limited functionality and restricted access, reducing the potential privacy risks.
(e) Yes.
Economic Regulation Authority
(a) Yes.
(b) None.
(c) None.
(d) None.
(e) No.
Government Employees Superannuation Board
(a) All desktop computers (and laptops) are running supported versions of Microsoft Windows - Windows 7 Enterprise Service Pack 1. While this version pre-dates 2014, it is ‘in support’ with Microsoft.
(b) None.
(c) 55 have IE9 installed. This is due to interoperability with an internal application developed on Microsoft CRM Dynamics. Testing is in progress using IE11.
(d) This is rated at low as all computers are located on an internal network with multiple levels of security (e.g. firewalls in place). Internet access is via a proxy server and all endpoints have anti-virus software that is frequently updated (e.g. data file signatures).
(e) Yes.
Horizon Power
(a) Yes.
(b) Nil.
(c) Nil.
(d) Not applicable.
(e) Not applicable.
Independent Market Operator
The Digital WA Strategy does not apply to the Independent Market Operator.
(a-e) Not Applicable.
Insurance Commission of Western Australia
(a) Yes.
(b) None.
(c) None.
(d) Not applicable. All Microsoft software used at the Insurance Commission is supported by Microsoft.
(e) Yes.
Office of Multicultural Interests
(a) Yes, all desktop and Notebook/Laptop/Tablet computers.
(b) Nil.
(c) Nil.
(d) Not applicable.
(e) Yes.
Office of the Auditor General
(a) No. (one server is running Windows Server 2003 and Internet Explorer 7)
(b) 0
(c) 1
(d) The privacy risk is minimal as the server is protected by multiple firewalls and is not accessible by the public. The application running on this server (‘eTrack’ Practice Management System) is scheduled for replacement by March 2017. The server utilising unsupported Microsoft software will then be immediately decommissioned.
(e) No.
Public Utilities Office
(a) Yes.
(b-c) Nil.
(d) Not applicable.
(e) No.
Synergy
(a) Yes.
(b) Nine.
(c) Zero.
(d) Low. The processes and controls put in place by Synergy’s ICT business unit ensure that older Microsoft products are replaced by supported Microsoft products wherever possible (on an on-going basis), ensuring that privacy risks are mitigated accordingly.
(e) No.
Western Australian Treasury Corporation
(a) Yes.
(b) Nil.
(c) Nil.
(d) Not Applicable.
(e) Yes.
Western Power
(a) No.
(b) 4
(c) 63
(d) Low, the remaining devices perform a technical role only and there are plans in place to remove them by the end of 2016.
(e) Yes, Western Power is actively working to reduce this risk.
(a) No.
(b) One restricted stand-alone computer.
(c) One, the same computer as above.
(d) This standalone computer has an embedded version of Windows XP with limited functionality and restricted access, reducing the potential privacy risks.
(e) Yes.
Economic Regulation Authority
(a) Yes.
(b) None.
(c) None.
(d) None.
(e) No.
Government Employees Superannuation Board
(a) All desktop computers (and laptops) are running supported versions of Microsoft Windows - Windows 7 Enterprise Service Pack 1. While this version pre-dates 2014, it is ‘in support’ with Microsoft.
(b) None.
(c) 55 have IE9 installed. This is due to interoperability with an internal application developed on Microsoft CRM Dynamics. Testing is in progress using IE11.
(d) This is rated at low as all computers are located on an internal network with multiple levels of security (e.g. firewalls in place). Internet access is via a proxy server and all endpoints have anti-virus software that is frequently updated (e.g. data file signatures).
(e) Yes.
Horizon Power
(a) Yes.
(b) Nil.
(c) Nil.
(d) Not applicable.
(e) Not applicable.
Independent Market Operator
The Digital WA Strategy does not apply to the Independent Market Operator.
(a-e) Not Applicable.
Insurance Commission of Western Australia
(a) Yes.
(b) None.
(c) None.
(d) Not applicable. All Microsoft software used at the Insurance Commission is supported by Microsoft.
(e) Yes.
Office of Multicultural Interests
(a) Yes, all desktop and Notebook/Laptop/Tablet computers.
(b) Nil.
(c) Nil.
(d) Not applicable.
(e) Yes.
Office of the Auditor General
(a) No. (one server is running Windows Server 2003 and Internet Explorer 7)
(b) 0
(c) 1
(d) The privacy risk is minimal as the server is protected by multiple firewalls and is not accessible by the public. The application running on this server (‘eTrack’ Practice Management System) is scheduled for replacement by March 2017. The server utilising unsupported Microsoft software will then be immediately decommissioned.
(e) No.
Public Utilities Office
(a) Yes.
(b-c) Nil.
(d) Not applicable.
(e) No.
Synergy
(a) Yes.
(b) Nine.
(c) Zero.
(d) Low. The processes and controls put in place by Synergy’s ICT business unit ensure that older Microsoft products are replaced by supported Microsoft products wherever possible (on an on-going basis), ensuring that privacy risks are mitigated accordingly.
(e) No.
Western Australian Treasury Corporation
(a) Yes.
(b) Nil.
(c) Nil.
(d) Not Applicable.
(e) Yes.
Western Power
(a) No.
(b) 4
(c) 63
(d) Low, the remaining devices perform a technical role only and there are plans in place to remove them by the end of 2016.
(e) Yes, Western Power is actively working to reduce this risk.
Explore WA Government Data
Search the full archive in the free dashboard, or query programmatically via API.
Explore more
Government Gazette
Appointments, regulatory notices, planning changes.
Hansard
Debates, questions, speeches and sentiment.
Tabled Papers
Reports and documents tabled in Parliament.
Committees
Committee profiles and recent reports.
Regulations
Subsidiary legislation with filters and summaries.
Bills
Proposed laws and parliamentary progress.
Acts
Current WA legislation and summaries.
Explanatory Memoranda
Bills with EMs (text/PDF) available.
Members
MP profiles, party breakdown and rankings.
Pollie Rankings
Data-driven rankings across 19 categories.
Amendment Chains
Track how schemes and regulations evolve over time.