The Australian Signals Directorate says that it categorised the successful penetration of the Parliament House network as ‘C1’ on the Australian Cyber Security Centre (ACSC) Cyber Incident Categorisation Matrix.
“During 2018–19, the ACSC responded to 2164 incidents of varying significance, including Australia's first national cyber crisis (C1),” the ASD’s annual report states.
“The C1 incident saw the ACSC operate at a heightened state of activity to provide advice and assistance to Australia's major political parties and government agencies after they were targeted by a sophisticated state-sponsored actor,” the document adds.
ITWire first reported the C1 categorisation.
In early February, MPs and their staff were prompted to reset their passwords in the wake of a “security incident” involving the network, which is operated by the Department of Parliamentary Services (DPS).
Prime Minister Scott Morrison later that month revealed that the government believed a an unnamed state actor had also penetrated the networks of the Liberal, National and Labor parties.
“Following the Prime Minister's announcement of this incident in February 2019, the ACSC collaborated with state and territory counterparts to activate the Cyber Incident Management Arrangements, the national coordination framework between Australian, state and territory governments to rapidly share threat intelligence as well as techniques, tactics and procedures used by the actor,” the ASD annual report states.
“The ACSC released an advisory that explained the malicious activity, together with a custom-built software tool that enabled customers – such as Australian, state and territory government agencies and critical infrastructure providers – to scan their networks to identify any potential similar indicators of compromise.”
The ASD said that it collaborated with other members of the Five Eyes intelligence sharing partnership in its response to the incident.
President of the Senate Scott Ryan yesterday told Senate Estimates hearing that he had received a report into the incident last week. Ryan said that his initial view was that he is “not convinced that this report would be appropriate for redaction and publication”.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.