​WA Parliament experiences cybersecurity breach: Report

The communications systems at Parliament House in Perth have been taken offline following an alleged cyber attack that occurred overnight.
Written by Asha Barbaschow, Contributor on

It has been reported that the phone, internet, and email systems at Western Australia's Parliament House are down as the result of a cyber breach that occurred Tuesday night.

According to the ABC, staff at the state's Parliament House have been told via an internal memo that a Trojan virus penetrated its IT network.

"To prevent further virus infiltration, computers and phones have been isolated and are therefore currently inoperable," the memo reads.

"Parliament prepares for these types of events and has a number of contingencies in place to deal with interruptions to network and communications, and to ensure ongoing facilities management is effective."

Also on Wednesday, the Office of the Auditor General (OAG) for Western Australia released a report that found the state's Department of Health did not effectively manage its multimillion dollar Centralised Computing Services contract.

In 2010, health signed a contract with a value of AU$44.9 million. According to acting Auditor General Glen Clarke, the contract has since grown and if the options to extend are taken, the potential value of the contract is AU$175 million.

"Numerous weaknesses in the management of the contract were identified including no dedicated contract manager, no clear policies and procedures for contract variations, ineffective financial management, and limited asset tracking and management," Clarke said.

'A number of the variations were approved by employees that did not have the appropriate authority with no business case or assessment and resulted in significant purchases far exceeding health's requirements."

The report, Health Department's Procurement and Management of its Centralised Computing Services Contract found that 79 contract variations added at least AU$81.4 million to the contract, two of those -- totalling AU$41.5 million -- were highlighted by Clarke as being arguably inconsistent with the purpose and terms of the initial contract.

The report stated that given their size, such variations should have been procured under a competitive public tender process; additionally, the nearly AU$42 million worth of variations were authorised by an employee who has an authorisation limit of AU$100,000.

"Financial management was ineffective, contributing to regulatory non-compliance, large unbudgeted expenditure commitments, overpayments, and a general lack of transparency," the report says.

"Health did not adequately assess the performance of the contract or contractor until November 2014 when a contract extension was signed. Health had identified serious concerns with this contract earlier but did not act on these concerns or implement a contract management plan or appoint a contract manager."

The report said that the department entered into eight leases to the value of AU$27 million through the contractor for software and other services for its datacentre without approval from the treasurer.

Upfront payments of AU$10.8 million were also paid by the department in June 2013 on five leases of AU$16 million. Clarke said that health could not explain the rationale for such an unusual payment arrangement.

The OAG made six recommendations to health regarding its future contract dealings, which included the clear separation of the roles and responsibilities for contract management, a definition of the policies and procedures it requires to achieve good practice in contract administration, and the requirement of reviewing all invoices.

The department said it was already implementing the recommendations made by the OAG.

The review was brought on in 2014 by the Department of Health's Acting Director General Professor Bryant Stokes, who said he was concerned at the time about the structure and performance of the computing contract.

Editorial standards