❓ Question regarding DFES's handling of a data breach and vulnerabilities in the Triple Zero system, following an Auditor General's report. The Minister provides answers, often referring to tabled papers and ongoing improvements.
AnsweredQoN 1722Legislative Council
QuestionView source ↗
I refer to the Office of the Auditor General's Report titled Information Systems Application Audit: Triple Zero which identified several vulnerabilities in the Department of Fire and Emergency Service (DFES) access to the Triple Zero system, and I ask: (a) in respect to the case study which outlines that DFES suffered a data breach in November 2021 which saw sensitive information about a Triple Zero incident being shared on social media, and that DFES was unable to identify who was responsible for the unauthorised disclosure due to the use of a generic account: (i) when was the Minister first made aware of this incident; (ii) has DFES undertaken an investigation into this incident; (iii) if yes to (iii), what was the outcome of the investigation; (iv) was a report or review prepared in relation to this incident,; (v) if yes to (iv), please table the report; (vi) please identify the incident associated with the data breach; and (vii) please identify the nature of the information that was publicly released from the triple zero system; (b) has DFES now ceased the use of generic accounts and shared passwords to access the Triple Zero system; (c) if yes to (b), on what date did this occur; (d) if no to (b), what is the time frame for this vulnerability to be rectified; (e) what are the specific interim mitigation protocols DFES will implement to ensure access to the Triple Zero system is authorised and appropriate; (f) have all DFES internal policies relating to the Triple Zero system been finalised and approved; (g) if no to (f), please identify the policies which remain in draft of unapproved form; (h) what is the time frame to finalise and approve any draft policies identified in (f); (i) on what date was the Memorandum of Understanding between DFES and WA Police for the use of the Triple Zero system last updated and on what date will the memorandum of understanding next be reviewed; (j) please outline the role of DFES representatives on any steering committee relating to the Triple Zero system; (k) for any steering committee identified in (i), please identify: (i) when each committee was formed; (ii) the terms of reference of the committee; and (iii) whether the terms of reference have been approved; (l) since becoming aware of the Auditor General's findings, has the Minister written to the Auditor General in relation to the Triple Zero audit; and (m) if yes to (l), please table any correspondence to the Auditor General?
AnswerView source ↗
Answered
28 November 2023
Responded by
Minister for Emergency Services
Response time
7 days
Answer
The Department of Fire and Emergency Services (DFES) advises:
(a)
(i) On the eve of the OAG’s Report being tabled. Noting I was not the Minister for Emergency Services in November 2021.
(ii) Yes.
(iii) In December 2021 DFES published a General Circular reminding staff and volunteers of their obligation not to unlawfully disclose official information, in accordance with the Criminal Code Act Compilation Act 1913 and the DFES Code of Conduct. The investigation recommended the implementation of operationally appropriate user auditing controls within relevant systems.
(iv) Yes.
(v) – (vii) See tabled paper no ####.
(b) - (d) As per the recommendations in the Auditor General’s Report, DFES has commenced improvement protocols for access management. These mitigations will be in place by the middle of 2024.
(e) As per the recommendations in the Auditor General’s Report, DFES has agreed to improve screening protocols where required by December 2023.
(f) - (h) As part of the ongoing actions to implement recommendations aligned to the dates in the Auditor General’s report, DFES and WA Police continue to work on finalising all outstanding requirements regarding policies and procedures for the Triple Zero System.
(i) The Memorandum of Understanding (MoU) between WA Police and DFES was last updated on 20 July 2018 and signed on 6 August 2018. As per the recommendations in the Auditor General’s Report, DFES has agreed to review the MoU by December 2023.
(j) See tabled paper no ####.
(k)
i. Each Committee was established in the second half of 2018 as part of the Interagency CAD Project.
ii. See tabled paper no ####.
iii. All Interagency Committees’ Terms of Reference were reviewed and approved during the last Interagency CAD upgrade project on 13 October 2022.
(l) Yes.
(m) See tabled paper no ####.
The Department of Fire and Emergency Services (DFES) advises:
(a)
(i) On the eve of the OAG’s Report being tabled. Noting I was not the Minister for Emergency Services in November 2021.
(ii) Yes.
(iii) In December 2021 DFES published a General Circular reminding staff and volunteers of their obligation not to unlawfully disclose official information, in accordance with the Criminal Code Act Compilation Act 1913 and the DFES Code of Conduct. The investigation recommended the implementation of operationally appropriate user auditing controls within relevant systems.
(iv) Yes.
(v) – (vii) See tabled paper no ####.
(b) - (d) As per the recommendations in the Auditor General’s Report, DFES has commenced improvement protocols for access management. These mitigations will be in place by the middle of 2024.
(e) As per the recommendations in the Auditor General’s Report, DFES has agreed to improve screening protocols where required by December 2023.
(f) - (h) As part of the ongoing actions to implement recommendations aligned to the dates in the Auditor General’s report, DFES and WA Police continue to work on finalising all outstanding requirements regarding policies and procedures for the Triple Zero System.
(i) The Memorandum of Understanding (MoU) between WA Police and DFES was last updated on 20 July 2018 and signed on 6 August 2018. As per the recommendations in the Auditor General’s Report, DFES has agreed to review the MoU by December 2023.
(j) See tabled paper no ####.
(k)
i. Each Committee was established in the second half of 2018 as part of the Interagency CAD Project.
ii. See tabled paper no ####.
iii. All Interagency Committees’ Terms of Reference were reviewed and approved during the last Interagency CAD upgrade project on 13 October 2022.
(l) Yes.
(m) See tabled paper no ####.
Explore WA Government Data
Search the full archive in the free dashboard, or query programmatically via API.
Explore more
Government Gazette
Appointments, regulatory notices, planning changes.
Hansard
Debates, questions, speeches and sentiment.
Tabled Papers
Reports and documents tabled in Parliament.
Committees
Committee profiles and recent reports.
Regulations
Subsidiary legislation with filters and summaries.
Bills
Proposed laws and parliamentary progress.
Acts
Current WA legislation and summaries.
Explanatory Memoranda
Bills with EMs (text/PDF) available.
Members
MP profiles, party breakdown and rankings.
Pollie Rankings
Data-driven rankings across 19 categories.
Amendment Chains
Track how schemes and regulations evolve over time.