The shadow assistant minister for cyber security, Gai Brodtmann, has called for the government to classify Australia’s election systems as a “critical infrastructure sector” under the Trusted Information Sharing Network in order to “overlay the appropriate scrutiny and assurance mechanisms to assure the Australian people of the cyber resilience of their democracy”.
The Labor MP, who earlier this month announced she would not contest the next election, cited concerns over alleged attempts to influence the US and French elections as well as the denial of service attacks on the 2016 Census.
The TISN is an initiative to boost information sharing and collaboration between critical infrastructure operators.
In June 2017 the federal parliamentary inquiry into the conduct of the 2016 federal election issued an interim report focused on the modernisation of the Australian Electoral Commission (AEC). Among its recommendations were that the government consider additional funding for the AEC to help the commission modernise IT systems.
The report said the AEC should potentially receive funding for the deployment of additional electronic certified lists at polling stations and a trial to test the scanning and electronic counting of House of Representatives ballot papers
Brodtmann, in a submission to the ongoing inquiry, said that the report made clear the need for the AEC’s IT systems and electoral processes to be modernised but that the “acquisition of new equipment and systems alone will not automatically assure the cyber security of our electoral systems.”
She called on the government to direct the AEC to comply with Australian Signals Directorate information security standards.
Since a 2013 update to the Protective Security Policy Framework, implementation of the ASD’s ‘Top 4’ mitigation strategies has been mandatory for government agencies — however, a number of major government agencies have failed to comply.
In June this year an Australian National Audit Office (ANAO) report revealed that implementation of the Top 4 remained patchy.
“While voting in Australia is paper based, our national voter registration databases are not,” Brodtmann wrote. “We must ensure Australia’s databases are protected from any kind of breach or manipulation.”