Missing backup tapes from the Prime Minister’s office, cleaner’s removing PCs from the Attorney General’s department, laptops stolen from staff cars and homes while couriers mysteriously lose hardware in transit, are just a few of the extraordinary incidents a parliamentary committee heard last week.
In hearings before the Joint Parliamentary Committee on Public Accounts and Audit into information security breaches by government departments, some of the most serious incidents involved the most sensitive agencies including the Prime Minister's department and Customs.
In one case a number of data tapes, containing information from the department of the Prime Minister and Cabinet, held by Telstra Enterprise Services, a service provider for outsourced Group 5 agencies, were accidentally thrown out.
The tapes, which included e-mails classified as “protected” have not been recovered. Incredibly, they were stored in a wheelie bin and thought to be garbage.
Other agencies compromised by the incident include the Department of Transport and Regional Services and the Department of Information Technology and the Arts.
Shadow IT spokeswoman Senator Kate Lundy said more than 600 computers including 500 laptops and 134 desktop PCs have disappeared from government agencies since June 1998.
Lundy said the worst offender is the Australian Taxation Office (ATO) while the Australian Federal Police (AFP) had 13 laptop computers stolen during this period.
"Crawling through rubbish tips looking for confidential government files is not a national security strategy, it is a national disgrace," she said.
The Australian Security Intelligence Organisation (ASIO) reported the best results – the loss of only one laptop, which was never recovered, from an officer’s private residence.
The most extraordinary aspect of the hearings is the circumstances surrounding the loss of the computers and the data they contained. For example, cleaners removed a PC, which has not been recovered, from the Attorney General’s department while there are plenty of other cases of laptops stolen from locked cars or homes.
The president of the Administrative Appeals Tribunal had a laptop stolen while it was in the custody of couriers. A few years earlier the tribunal president’s computer was stolen from the office in an overnight theft.
Computerworld has a copy of the documents submitted to the committee, which details a litany of IT security failures. Detailed coverage of the hearings and a full report into the breaches will be published in next week’s edition of Computerworld.
Customs theft detailed
Two brazen thieves who stole servers from Customs requested and signed for a swipecard to gain access to a supposedly secure computer room.
The committee, which is examining government information security, heard the pair unplugged the two computer servers inside the Customs facility adjacent to Sydney airport, loaded them onto a trolley and wheeled them out of the building.
The incident prompted a major security scare, although the government denied the computers contained sensitive information.
Two men were arrested and a review of security procedures by Customs' outsourcing provider EDS has since been undertaken. One of the charged men is believed to be a former employee of computer company EDS Australia which holds a $250 million-plus contract with Customs for IT services.
Customs chief executive officer Lionel Woodward said the theft stemmed from a breakdown of accepted security procedures at that facility, but measures are being tightened following the incident.
"We are not attempting to say that this is not serious. It is and it is extremely embarrassing," he said.
- with AAP