Security breach strikes parliament's IT network

Parliamentarians and their staff have been forced to reset passwords after an apparent malicious attack against the parliamentary computing network overnight.

In a statement, parliament's presiding officers said the measure was one of a number of actions taken by the Department of Parliamentary Services to protected the network and its more than 4000 users.

“One specific measure, undertaken for abundance of caution, has been to reset all user passwords that have network access,” they said.

“All users have been required to change their passwords. This has occurred overnight and this morning.”

The presiding officers said DPS was currently working with the relevant security agencies to investigate the incident, but stressed there was “no evidence that any data has been accessed or taken at this time”.

They were also quick to distance the incident from any “attempt to influence to outcome of parliamentary processes or to disrupt or influence electoral or political processes”.

No exact details were provided as to the nature of the compromise, but the reset of all user passwords is said to have occurred to secure “the network and protecting data and users”.

While the compromise is yet to be attributed to any specific actor, the ABC has reported that the incident is likely the result of a foreign government attack and that security agencies are looking into the possible involvement of China.

However a spokesperson from the Australian Signals Directorate would not be drawn on whether there had been any involvement by a foreign actor.

“At this early stage our immediate focus is on securing the network and protecting its users. Proper and accurate attribution of a cyber incident takes time,” the spokesperson said, adding that the “necessary steps are being taken to mitigate the compromise and prevent any harm”.

The parliament computing network (PCN) is used by parliamentarians and their staff at both Parliament House, electoral offices, interstate Commonwealth parliamentary offices as well as DPS itself.

Parliament's presiding officers said DPS had made “substantial strides” in strengthening cyber defence of IT network at the house in since 2012.

Infrastructure and software behind email services on the PCN was also only very recently upgraded to improve performance and reliability, according to DPS’ latest annual report.

“While there is no guaranteed approach to cyber security, best practice is the ability to detect and remediate threats quickly,” the presiding officers said.

“The department has done this working jointly with expert agencies.”

“Accurate attribution of a cyber incident takes time and investigations are being undertaken in conjunction with the relevant security agencies.”