Defence confirms sensitive data stored on Chinese-owned servers

 

IMPORTANT UPDATE: While CONTACT is confident we copied-and-pasted a Defence statement on this subject accurately, we weren’t sure for a while – because yesterday’s official Defence statement was deleted from the Defence web site sometime after 11.40am today and thereafter replaced by a more comprehensive statement by Greg Moriarty, Secretary of the Department of Defence.
Removal of the original statement, replaced by the most senior Public Servant in Defence (and since followed up with a Press Release (a very unusual thing for Mr Moriarty), indicated to us that the original was indeed flawed.
Fortunately, we did find this proof and this 😉
CONTACT therefore stands by our original story and headline – but we’re happy to correct the record…

 

Today’s statement follows, with our original story below that…

Mr Moriarty said…

Australians can be assured that Defence’s data is safe.

The safeguarding of Defence’s data is of the utmost priority for my Department. Defence has comprehensive security controls in place at the Global Switch Ultimo data centre to protect against compromise by a foreign power or other malicious actor. Control and access of the Defence data stored at Ultimo remains under full operational control of the Australian Government. All of the most sensitive data was removed from this facility in May 2020.

The facility was designed with multiple layers of physical and cyber security controls. Physical security arrangements are accredited by relevant government agencies and include a 24/7 security presence, CCTV monitoring, sophisticated sensors and alarms and hardened physical infrastructure. The Defence Security Operations Centre provides 24/7 cyber security protection. A secure gateway provides further assurance to prevent unauthorised access to the data holdings. Taken together, these measures represent the highest level of security assurance.

Consistent with the Whole-of-Government Hosting Strategy, Defence is taking a rigorous, risk-based approach to migrate the remaining less sensitive data assets to an alternate data centre.

The FIRB has in place strict foreign investment conditions on the operations and security of Global Switch Ultimo since the initial transaction. In some cases, foreign investment conditions could include restrictions on the involvement of non-Australian citizens and additional security requirements on individuals involved (such as security vetting). The FIRB’s compliance team monitors Global Switch’s adherence to the FIRB conditions on an ongoing basis.

The Australian Government has also announced and legislated the most comprehensive reforms of Australia’s foreign framework. Critical to those is the national security test requiring mandatory notification of investments in sensitive national security land and businesses. As a last resort, the Treasurer can review actions for which approvals have been given, if exceptional circumstances arise. The protections that were put in place as a condition of that approval means, if they are not adhered to, the Treasurer has the power to act in the national interest and intervene.

The strength of Australia’s foreign investment rules and the fact that Defence retains full operational control of its data at the Ultimo facility provides the highest level of assurance of Defence’s data as we complete the migration of the remaining Defence ICT assets.

 

Yesterday’s anonymous statement (edited for style by CONTACT) said…

An official statement issued by Ministerial and Executive Coordination and Communication, Department of Defence yesterday confirmed Defence has migrated its most sensitive data to a purpose-built data centre – owned by a Chinese consortium.

“Consistent with the Whole-of‑Government Hosting Strategy, data migrations of Defence’s sensitive ICT data and assets was completed ahead of schedule and under budget prior to the expiration of the original Global Switch Ultimo lease in September 2020,” the unattributed statement said.

“Defence is now progressing work, consistent with this strategy to migrate less sensitive and unclassified data assets to an alternate data centre.

“Despite the ABC’s assertion, Defence has and will continue to retain full operational control of its data halls within the Ultimo data centre.

“Defence has strict security arrangements in place including 24/7 Defence security presence, remote CCTV monitoring and regular security audits.”

The Defence statement went on to say the Foreign Investment Review Board (FIRB) had in place strict foreign investment conditions on the operations and security of Global Switch since the initial transaction and that the FIRB’s compliance team monitored Global Switch’s adherence to the FIRB conditions on an ongoing basis.

“This assures Defence of the security of its assets and data holding as we complete an orderly migration of the remaining Defence ICT assets by 2025.”

 

UNRELATED FILE PHOTO: No. 462 Squadron cyberspace security specialists conduct information-assurance activities on deployed mission systems at the main air operating base in the Middle East. Photo by Corporal Brenton Kwaterski.

 

.

.


.


.


.