‘Security incident’ forces MPs to reset passwords
- 08 February, 2019 10:07
A ‘security incident’ has hit the parliamentary computing network, the system used by MPs, senators and their staff.
All users with access to the network were prompted to change their passwords this morning, after they were hard reset last night.
The move was “undertaken for abundance of caution” a statement from the network’s presiding officers – House of Representatives speaker Tony Smith and Senate President Scott Ryan – said this morning.
The Department of Parliamentary Services (DPS) and other agencies are now working to investigate the incident, the department said, “while our immediate focus has been on securing the network and protecting data and users”.
As yet there is “no evidence” data has been accessed, the statement read. Nor is there evidence the attack attempted “attempted to influence the outcome of parliamentary process or to disrupt or influence electoral or political processes”.
Governments are a prime target for malicious cyber attackers. Earlier this week the Australian Signals Directorate revealed that over the last three financial years it responded to 1097 “cyber incidents” affecting both unclassified and classified government networks.
In last year’s May budget, $9 million was earmarked for the DPS to establish a cyber security operations centre for Parliament House. The Treasury specified the centre would "enhance cyber security protection for the parliamentary computing network".
Some $300,000 was set to be provided in capital funding in the 2018/19 financial year for the centre's launch.
The source of the attack is not yet publicly known. Previous attacks on government systems have been attributed to China, such as the 2015 attack on a Bureau of Meteorology supercomputer.
Australia's parliamentary network was reportedly hit by a hack in 2011, which was understood to have given Chinese intelligence agencies access to staff emails for up to a year.
“Accurate attribution of a cyber incident takes time and investigations are being undertaken in conjunction with the relevant security agencies,” Smith and Ryan’s statement today said.
Parliaments around the world have become a prime target of hackers in recent years. In 2017, the UK parliament was hit by a “sustained and determined” cyber-attack, leaving around 90 parliamentarians unable to access their emails. The attackers sought access to the email accounts of MPs and their staff.
In 2015, the German parliament computer network was downed for days following a cyber attack, reported to have been mounted by a Russian intelligence agency.