Australian MPs still scared of Huawei

Concerns remain within Australia's parliament about the perceived IT security risk of using kit Huawei kit in government networks, four years after the Chinese vendor was banned from bidding for work in the NBN.

Huawei was famously barred from tendering for work on the national broadband network in 2012 over concerns about backdoors in its products, enabling cyber attacks from China.

The subsequent Liberal government upheld the ban after coming to power in 2013. 

Huawei's rival ZTE, however, was allowed to tender for NBN work for reasons unexplained by spy agency ASIO.

Huawei has long fought against perceived links to the Chinese government and fears over the security of its products. 

In senate estimates today, Labor senate leader Penny Wong raised issue with a Huawei smartwatch government infrastructure minister Paul Fletcher listed as a gift on his declaration of interests.

Wong noted that a "range of security concerns" had been raised publicly about Huawei and grilled Department of Parliamentary Services chief information officer Eija Seittenranta about whether the smartwatch had been connected to the parliamentary network.

Seittenranta said she was unable to confirm whether it had, but if so, the APH network's endpoint malware detection software would have initiated anti-virus scanning upon connection.

Wong quizzed Seittenranta on whether her department had conducted a risk assessment on the wearable, given the security concerns associated with the company.

The CIO said it was not within her department's remit to conduct independent risk assessments for such devices; it instead relied on advice from the Australian Signals Directorate, ASIO, and the Attorney-General's Department.

"Do you have any concerns about something provided by the company Huawei being connected to the network?" Wong asked.

"We haven't ever had an issue with it and haven't been given any sepcific advice about Huawei," Seittenranta said.

General guidelines for MPs and senators are not to connect external hardware to the APH network, Seittenranta said.

Network outage under spotlight

Seittenranta was also grilled about a seven-hour outage to the parliamentary network last Monday, which rendered systems unavailable for MPs and senators in the middle of a sitting day.

The root cause of the outage was revealed to be two human errors, one made by an internal staff member and another by a DPS contractor.

The first error, made by the DPS worker, was a change that was incorrectly classified as routine rather than as a formal change.

It therefore bypassed normal control processes that would have ensured the change was made after hours, Seittenranta said.

A subsequent technical error, made by a contractor in executing the change request, compounded the first mistake, the CIO said.

"[The person] was trying to change the configuration of some of our storage to enable a new project to proceed," Seittenranta said.

"It separated the storage from our server environment. To recover, the storage had to be reattached, and all of our systems - because they went down in an unplanned manner - had to go through a series of health checks to come up to assure that no data integrity issues following the outage."

The parliamentary network was restored for all users by 6:23pm. The initial outage had occured at around 11:45am.

The intended change has now been deferred until after the sitting period, Seittenranta said. Her team has also revisited the definitions of various types of changes to ensure no others have been incorrectly labelled as administrative rather than formal.

She noted last Monday's outage was DPS' first in three years.