11 April, 2016
In late March 2016, Western Australia's ("WA") Public Transport Authority ("PTA") was forced to disable various websites and online systems due to an attempted hacking. The likely target of the hack was SmartRider, by which riders can pay for public transport online, due to the scale of credit card transactions occurring on this system. Fortunately, the attempted hack was detected early and PTA took its systems offline to avoid any potential breach.
However, this attempted hack arouses further concerns surrounding the IT security practices of WA government departments and demonstrates their vulnerability to cyber attack.
The Information Systems Audit Report released by WA’s auditor-general, Colin Murphy, in November 2015 revealed that various government database administrator accounts had retained default usernames and passwords or used common passwords which are extremely easy to guess, such as "password1" or "test". Auditors were also able to twice hack into a particular database and download confidential information without being detected.
Andrew Cann, WA’s chief technology officer, has acknowledged that more needs to be done to improve security.
Speaking at a Perth AISA conference in November 2015, Mr Cann identified the steps being taken by the Office of the Governmental Chief Information Officer.
The key strategy identified was the introduction of security guidelines, which establish a standard for each agency to adopt. These guidelines would ensure that agencies have a common framework for managing security issues, identifying requirements and introducing security controls to mitigate cyber security risks.
Please click here to view a copy of Mr Cann’s presentation slides.
For further information, please contact:
Rebecca Maslen-Stannage, Partner, Herbert Smith Freehills
rebecca.maslen-stannage@hsf.com