Victoria’s parliament is now facing an average of 5000 daily cyber security threats, with 10 million threat events recorded by the IT team during just one month last year.
Legislative Assembly speaker Colin Brooks revealed the figure at budget estimates late last month, which he used to stress that cyber security was a “key focus” for the parliament.
However it is just a fraction of total number of threat events experienced by parliament each month, which “peaked at 10 million in October last year”.
Brooks highlighted one brute-force DOS attack against the parliamentary website during May, which saw site queries climb to 481,903 in a single day.
A document accompanying his evidence to the committee shows that all but 13,821 queries were attributed to the attack.
Brooks said chief information officer Matt Smith was building on upgrades to parliament’s IT security over the last financial year by “putting in place a number of measures”.
This includes educating users “about the dangers of some of the ways in which our systems can be accessed in a malicious way”.
But he said the need for “greater cyber security requirements” would cause budget pressures during the next financial year.
“In terms of measures, some 60 percent of email traffic is identified as suspect and dropped – a large proportion of email traffic coming in,” he told the public accounts and estimates committee.
At budget estimate hearing [pdf] last year, Brooks revealed almost 6000 hacking attempts against the parliament’s system had occurred during April 2018.
Almost 2400 attempts originated in the United States, followed by Japan (1175), Australia (547) and China (527), according to a presentation shared during the hearing.
Parliaments across Australia are facing increased scrutiny following February’s malicious attack against Australian Parliament House.
That breach saw a state-sponsored actor make away with a small amount of non-sensitive data from the parliamentary computing network.