Cybersecurity risk for NSW Electoral Commission unanswered just weeks before municipal elections

Six weeks away from local elections in New South Wales, the state government has been asked to explain why it has not provided its Electoral Commission with $22 million to address “urgent” cybersecurity risks.

In documents tabled in parliament in March, the NSW Electoral Commission revealed it had alerted the government to the situation.

“The lack of adequate investment in the cybersecurity of NSW’s electoral systems and staff over time has meant that the commission does not comply, and cannot comply in the immediate future, with the sector’s mandatory cybersecurity policies. public of NSW,” the documents state.

“The Commission also fails to meet the ACSC (Australian Center for Cyber ​​Securities) Essential 8 standards for cybersecurity.”

The statement also explained how it had failed in its three previous funding proposals to address the issue.

He warned that the risks were significant, saying:

“While the overall risk of cyber breaches of commission systems is considered lower for a local government election, as the national security implications of such elections are also lower, the magnitude of such elections and the introduction expected from iVote means the threat level remains significant.”

The document detailed the enhancements and upgrades needed to mitigate risks and exposures to external business systems and 50 internally developed enterprise systems.

Seven months later, no funding decision

During Tuesday’s budget hearings, Digital Minister and Minister of Customer Service Victor Dominello was asked about the situation by Labour’s Adam Searle.

At the Estimates hearing, Minister Victor Dominello was asked to explain himself.(Provided: NSW Parliament)

“Given – in my own words – the alarming evidence provided by the Election Commissioner earlier this year regarding his agency’s complete lack of preparedness on the cybersecurity front, it does not appear that this issue is being addressed by the government whose you are part of any degree of alarm or emergency,” Mr. Searle said.

“The suggestion that the government isn’t taking this seriously couldn’t be further from the truth, we realize how important this is,” Dominello replied.

Digital NSW department staff revealed the cost of the upgrade would be $22 million and told the hearing they were working with the Electoral Commission on a business case for the project.

Staff said they were waiting for the commission to respond to an assurance and review process before they could proceed.

Mr Searle reminded the Minister that the agency had already had three attempts to seek additional funding.

“This is not the first time the Electoral Commissioner has testified about what appears to be his agency’s systematic underfunding,” Mr Searle said.

“A lack of cybersecurity around the integrity of our electoral system, in seven months the government hasn’t even been able to allocate the money, that seems like a pretty poor process.”

Mr Dominello said the commission and Cyber ​​Security NSW needed to resolve a range of issues.

“Now I’m not saying it’s the commission’s fault. Maybe they’re complying and ticking all the boxes, but maybe they’re not,” the minister said.

He agreed to take the matter on notice.

Mr Searle said the government must act decisively and quickly to resolve the issue before local elections on December 4 and five state by-elections.

“We must do everything possible to maintain the integrity of electoral processes, because the outcome of elections must be valid and have social approval, with public support, for the integrity of electoral processes and their results. “

The Commission provided advice on cost savings

In June, municipal elections were delayed for the second consecutive year when the government postponed polls until December in response to the pandemic.

In September, additional documents filed in state parliament showed the delays would cost taxpayers $146 million.

The newspapers also revealed that the NSW Electoral Commission believed it could have saved the state $54million if the government had agreed to a fully online and postal election.

Commissioner John Schmidt proposed the measures in July 2020 in response to the risks associated with COVID-19, but the government chose not to adopt the measures.

Applications open this week

Council election nominations opened Monday for 124 local governments across the state.

Candidates have until November 3 to apply.

Parliament last week adopted new COVID-19 security measures for the elections, including preventing candidates from distributing election materials within 100 meters of the polling station or pre-poll location.

Wingecarribee, Central Coast, Balranald and Central Darling councils do not hold elections because they are under administration.

Aurora J. William