Great articles on other sites
- iiNet founder Michael Malone finally backs TPG Telecom takeover
- How and why the public sector must make friends with artificial intelligence
- Second anniversary of IT pricing report approaches - Computerworld
- Doctors spend 15 mins opening Fiona Stanley Hospital software
- What to expect from Abbott's national cyber security strategy
- ISPs need more time for data retention compliance
- TPG iiNet bid: major shareholders complain
- Qld emergency services payroll replacement on the rocks
- Victoria to wait another eight months for public IT dashboard
- Superloop CEO slams Australian govt tech policies
Renai's other site: Sci-fi + fantasy book news and reviews
- Kim Stanley Robinson’s new book Aurora is due in July
- What’s the future of “Grimdark” fantasy?
- An epic rant from Richard Morgan about nuance in writing
- Brandon Sanderson’s Firefight: Review
- Get into Jeff VanderMeer’s head as he writes the Southern Reach trilogy
- George R. R. Martin’s next book The Winds of Winter won’t arrive in 2015
- Alastair Reynolds’ Poseidon’s Wake launches 16 April
- Ann Leckie’s Ancillary Sword: Review
- Ann Leckie finishes Ancillary Mercy
- Hannu Rajaniemi’s The Fractal Prince: Review
Enterprise IT, Featured, News, Security - Written by Renai LeMay on Wednesday, January 29, 2014 13:30 - 5 Comments
No back door, Microsoft tells Parliament
news Global technology giant Microsoft has definitively told Australia’s Federal Parliament that it does not have a back door in its software that would allow the company to provide access to the IT infrastructure of the Parliament, which would include private files and emails held by Members of Parliament, Senators and their staff.
In June last year, UK newspaper the Guardian published classified documents created by the US National Security Agency and leaked by whistleblower Edward Snowden, which stated that the NSA was able to gain “direct access” to the servers of companies such as Google, Facebook, Apple, Microsoft, Yahoo and Skype through a program known as ‘PRISM’. The access allowed US officials to collect information including search history, the content of emails, file transfers and live chats.
Subsequently, the New York Times reported that the US Government had used the system to collect information on non-US citizens overseas for nearly six years. The revelation of the move has caused outrage online, amongst the general public as well as those specifically interested in digital rights and privacy online.
In November last year, Greens Communications Spokesperson and Senator Scott Ludlam sharply questioned Department of Parliamentary Services chief information officer Eija Seittenranta, who was appointed CIO in January 2013 to clean up the Parliament’s woeful IT infrastructure, on the issue of whether the reported NSA backdoors had opened up the IT systems of Australia’s Federal Parliament to US interests.
In responses to some of Ludlam’s questions published this month (PDF) and first reported by The Guardian, the department said based on the available material, the speculation around backdoors in Microsoft software appeared to relate to backdoors in cloud computing products rather than internal environments. “DPS has not been provided with any specific advice that Microsoft products or any other products have been backdoored by foreign intelligence services,” the department wrote.
It further added that after further investigation and discussions with Microsoft and the Australian Signals Directorate (ASD) regarding backdoor exposures and PRISM: “Microsoft has advised DPS that there is no backdoor within the Microsoft suite of products nor have they made any attempt to source information from the parliamentary network or provide information to any other entity.”
Microsoft, the department said, has advised that the company complies with all jurisdictional laws in relation to these matters; as well as advising that ASD has been a member of the vendor’s Government Security Program which gives governments controlled access to a variety of Microsoft source code; and ASD has advised that they are not able to provide commentary on intelligence matters and that the application of the Top 35 Information Security Manual (ISM) controls remains the most effective mechanism to treat malware and advanced persistent threats.
The department added: “Further advice on whether a backdoor exists or not in Microsoft products would more appropriately be directed to Microsoft itself, ASD or the “Reform Government Surveillance group”, an industry cohort of major ICT companies to address the practices and laws regulating government surveillance of individuals and access to their information.”
The department said it employs a number of intrusion and analysis tools to detect malware and data leakage and that these tools were reviewed to determine if any malware or data leakage was evident in its IT infrastructure environment.
“DPS did not observe nor detect any data leakage that would indicate the existence of a PRISM related capability,” the department said. “DPS continues to implement the Top 35 ISM controls as part of its ICT security control programme. Whilst these have not been specifically designed to manage against threats such as the PRISM system, they are designed to prevent against intrusions and extraction of data from ICT systems.”
The department said it understands that the major security risk would be with cloud computing services where organisations’ data travels outside of Australia.
The department said it could advise “that DPS does not host Parliamentarians’ data in the cloud and that we are taking all reasonable steps to prevent systems such as the alleged PRISM system compromising our ICT environment. Our security tools have not identified any evidence of this style of illicit data collection from the parliamentary network.”
“DPS will continue to implement ASD controls and any reasonable recommendations that are provided by the IT industry, the Attorney General’s Department or ASD to combat malware and any form of advanced or persistent threat.”
As I wrote back in November last year, I believe Ludlam was barking up the wrong tree with this one. The important issue here is not so much what Microsoft and the NSA are or are not doing, as this is an issue certainly beyond Seittenranta’s ability to fix, but whether the Federal Parliament’s IT systems themselves are actually adequately funded and secured in general.
A report published by DPS in October 2012 acknowledged that at that time, the Parliament had widespread problems with IT service delivery and infrastructure, stemming from the fact that it has “no parliament-wide IT strategic plan” and no mechanism for making strategic IT decisions, despite a decade of reports warning of the situation.
Similar reports published by virtually all of Australia’s State Governments over the past several years have found that all have huge IT security holes that would be trivial to exploit.
If someone wants to spy on the digital communications and files of an Australian Parliamentarian or their staff, I strongly suspect they do not need to have Microsoft and the NSA on their side to do so. The Parliament’s IT infrastructure is dilapidated enough that an attacked can probably make their own way in. This is the issue Ludlam should be concentrating on — increasing funding to the Department’s IT support operation.
News, Policy + Politics - Jul 29, 2015 15:25 - 8 Comments
More In Policy + Politics
- Labor unveils strong Digital Economy push with top political support
- Back off: Optus, TPG tell Govt on Telstra pricing
- Unprecedented: Whole ICT sector combines to blockade TSSR bill
- Brandis “alarmed” over Labor’s data retention review
- Labor pledges Data Retention policy review
Analysis, Enterprise IT - Jul 28, 2015 16:20 - 11 Comments
More In Enterprise IT
- Qld Govt Depts have no disaster recovery plan
- ASD releases Windows 8 hardening guide
- ASG picks up $35m CIMIC IT services deal
- Datacom completes mammoth Health ICT takeover
- Weather bureau gets $80m Cray supercomputer
Industry, News - Jul 28, 2015 12:37 - 0 Comments
More In Industry
- iiNet shareholders vote ‘yes’ for TPG buyout
- iiNet chairman “proud” as TPG sell-out looms
- Kotaku alleges abuse, gross staff neglect at retailer EB Games
- Aussie software firm Marketplacer grabs $10m
- Expert360 pulls in $4.1m for consultancy 2.0
Consumer Tech, News - Jul 29, 2015 17:14 - 0 Comments
More In Consumer Tech
- Older Australians embracing video games
- Gasp … Qld will fuel electric vehicle charging stations with solar
- Oops … Tesla enthusiast charges car on Qld windfarm
- Netflix Australia: Review
- RAC builds electric vehicle highway in WA