blog Spare a thought for Eija Seittenranta, who was appointed Department of Parliamentary Services chief information officer in January this year. Not only did Seittenranta find the department’s IT operations to be an absolute shambles when she arrived, but the poor IT executive has to contend with feisty parliamentarians such as Greens Senator Scott Ludlam, who took Seittenranta to task in this extraordinary Senate Estimates hearing (we recommend you watch the video) about the fact that the US National Security Agency may have a back door into the Microsoft software used at Parliament House. This is the kind of questions Ludlam was asking the CIO:
“We know that Microsoft software contains a back door which is utilised by the US NSA and Microsoft has been very active in assisting the NSA to circumvent the company’s own encryption standards. What can you tell the committee about the network-level security threats posed by using Microsoft software given that it has been backdoored by foreign intelligence agencies?”
And these are the kind of responses which Seittenranta was providing in response (transcription here):
“We implement the patches provided by the Microsoft organisation to their systems based on malware that they are aware of. We do not get specific advice on vulnerabilities that may or may not be built into the software … We do not have capabilities to create any patches for vulnerabilities of that nature. We are dependent on what the industry provides us and advice that we might get from the Australian Signals Directorate.”
To a certain extent Ludlam’s questions have merit. It is true that there have been recent reports that the NSA has access to backdoors in the software of major US-based technology vendors. This is certainly an issue which other sovereign nations should be concerned about, when trying to ensure the security of their parliamentary offices.
However, to me Ludlam’s questions pushed Seittenranta too hard and displayed a certain naivity about commercial reality in the IT industry. Seittenranta is not the bad guy here — the CIO is highly competent and was called in specifically to remediate the Parliament’s abysmal IT infrastructure. By all accounts she is doing a stellar job.
Then too, it’s not just Parliament which is vulnerable to any back doors in enterprise software created by US agencies such as the NSA. It’s basically every organisation globally. The unfortunate fact is that some vendors, such as Microsoft, have a virtual monopoly on some types of fundamental IT platforms, such as desktop PC software, and every major organisation uses technology from those same vendors. You know the names: Microsoft, Intel, Cisco, etc.
Frankly, it’s way above Seittenranta’s role to be able to deal with these kinds of problems, and it’s likely even outside the abilities of the Australian Signals Directorate to be able to totally secure systems if the vendors have inserted backdoors for US government agencies. These are fundamental issues for the global IT industry and will not be solved by individual CIOs or even individual governments.
The Federal Government also does not provide enough funding for the kind of security which I think Ludlam would like to see; the reality is that the Parliament’s IT infrastructure, and government IT infrastructure right around Australia, is woefully insecure and out of date. Commentators such as myself have been pointing this out for many years.
If Ludlam truly wants to see significant improvements to the Parliament’s IT infrastructure, I suggest he sponsor legislation to fund it, and get the Coalition Government on board. Demanding answers from the DPS CIO on these issues isn’t going to get anyone anywhere.
Image credit: Parliamentary broadcasting