The October 2019 attack involved targeting the personal email accounts of several parliamentary staffers in an attempt to bypass network security controls in place for their official email addresses.

The October 2019 attack involved targeting the personal email accounts of several parliamentary staffers in an attempt to bypass network security controls in place for their official email addresses.Credit:Alex Ellinghausen

Senior government sources said the attack had the same threat indicators as the cyber security breach in February 2019,which could suggest China was behind the attack.

The Department of Parliamentary Services would not confirm this,with a spokeswoman saying the department did not publicly discuss security matters.

"It is not appropriate to publicly disclose wide-ranging details of cyber security controls or of cyber security incidents,"she said."DPS continues to work with relevant agencies and to refine and deploy cyber security measures."

Loading

The October 2019 attack involved targeting the personal email accounts of several parliamentary staffers in an attempt to bypass network security controls in place for their official email addresses,according to the DPS annual report.

There were"thousands of attempts to inject malware into the system"that were blocked by parliament's cyber security operations centre using intelligence from other government security agencies.

"Targeting individuals,rather than technical systems,also demonstrated the importance of personal responsibility in maintaining a secure environment,"the annual report said.

Advertisement

Parliament was hit by asophisticated cyber attack in February 2019 that gained access to the Liberal,Labor and Nationals party networks three months before the federal election. While the government never named the attacker,intelligence agencies reportedly found China was responsible.

Prime MinisterScott Morrison warned in June Australia was facing an unprecedented wave of cyber attacks on all levels of government,industry and critical infrastructure.

Unlike the February attack,the attack later that year did not involve any successful penetration of the network.

The department conducted nearly 3000 cyber security investigations over the 2019-20 financial year.

It has been beefing up its cyber security and increasing training for parliamentarians and their staff.

Loading

Members of Parliament were being informed this week of the next stage of security measures,a senior government source said. This is expected to include restrictions on the use of personal devices on the parliamentary network.

Part of the virtual Parliament arrangements in place for those politicians who can't travel to Canberra because of coronavirus restrictions or health reasons is a requirement that MPs using video conferencing do so from a DPS-provided laptop. They must also use the official parliamentary network in their electorate offices,not connect to the chamber from home or elsewhere.

While cyber security has been a focus,DPS also revealed coronavirus had affected mandatory training for its physical security force,with just 17.4 per cent of parliamentary security officers completing required courses in the year to June 30. However,it expected nine in 10 of its security guards would have done a first aid course and seven in 10 operational safety training by August.

Get our Morning&Evening Edition newsletters

The most important news,analysis and insights delivered to your inbox at the start and end of each day. Sign up toThe Sydney Morning Herald’s newsletter here andThe Age’s newsletter here.

License this article

Most Viewed in Politics

Loading