The Department of Parliamentary Services has launched a new branch dedicated to cyber security.
Ian McKenzie, the CPS CTO, leads the DPS cyber security branch as assistant secretary. McKenzie remains the department’s designated chief information security officer and reports to DPS chief information officer Antony Stinziani.
The establishment of the branch follows the creation of a DPS cyber security operations centre, courtesy of $9 million allocated to the CSOC launch in last year’s budget, and reflects the “increasing sophistication of targeted threats directed at Australia and its institutions,” DPS secretary Rob Stefanic told a Senate Estimates hearing earlier this week.
DPS has also created a deputy secretary position to assist Stefanic as part of a 12-month trial. Acting deputy secretary Cate Saunders has responsibility for the DPS chief operating officer division and the building and security division and is designated as the department’s chief security officer for the purposes of the government’s recently revised Protective Security Policy Framework.
The new DPS cyber security branch was launched in February. The move follows revelations that month that the parliamentary computing network had suffered a security breach. The government has said that the same entity responsible for the hack also penetrated the computer networks of the Liberal, National and Labor parties.
Stefanic has previously indicated that DPS has faced challenges when it comes to implementing the Australian Signals Directorate’s (ASD) ‘Essential Eight’ security strategies.
The variety of applications and services employed by MPs and their staff present a security challenge that is probably unique across the federal public sector, according to the department.
ASD director-general Mike Burgess this week told a Senate Estimates hearing that the agency had completed its assessment of the parliament hack. The government has previously indicated it believed a “state actor” was responsible for the attack.
“The level of sophistication here leads us to believe it has to be a state actor,” Burgess said. “That's our assessment. Of course that could still be just a very, very clever individual but we think that’s highly unlikely.”
During the incident there “was a small amount of data taken; none of that was deemed sensitive, but the assessment of that is a matter for the parliament themselves,” Burgess said.