NDIA backs infosec after internal report kept private

8 months ago AndyC

The National Disability Insurance Agency (NDIA) is publicly backing the security of its new PACE CRM platform, after a report raised “concerns” about the system and “serious concerns” with the agency’s information security generally.

NDIA backs infosec after internal report kept private

The National Disability Insurance Agency (NDIA) is publicly backing the security of its new PACE CRM platform, after a report raised “concerns” about the system and “serious concerns” with the agency’s information security generally. 




NDIA backs infosec after internal report kept private










The document – which had been sought under freedom of information (FoI) laws – is to be kept private after a mid-September ruling deemed it too sensitive for public airing.

It is said to include “significant detail” about NDIA’s ICT environment, “including detailed processes and specifics around types of controls NDIA has in place regarding validation of payment claims”, the ruling by the Administrative Appeals Tribunal (AAT) states.

The document also contains “sensitive detail regarding the development and implementation of PACE, including the foundational cyber security principles the agency has used to develop the network in which the PACE sits.”

In addition, it is said to have raised “some serious concerns about the security of the information and information systems employed by the NDIA.”

PACE is a new customer relationship management (CRM) system based on Salesforce, which over time will replace a SAP-based CRM supplied by Services Australia.

Internal testing of PACE started in June last year, before progressing to external testing at the end of 2022. PACE is set to be deployed nationally from the end of October.

The AAT suggested that both PACE and NDIA’s ICT environment “may have changed” – for the better – since the document being sought had been prepared.

However, even with remediation of the concerns raised in the report, the Tribunal said it wasn’t prepared to risk a public release.

The AAT said the contents of the document, if released, “would damage public confidence in the scheme and of the NDIA more broadly.”

“As it is, there are many reports these days about information security, matters being ransomed by organised criminals, that to release such a report or make such a report available runs a substantial risk of damaging the public confidence in the operation of the NDIA,” wrote AAT deputy president Greg Melick.

“I cannot be satisfied that it would not increase the risk of a cyber attack on the NDIA systems.”

An NDIA spokesperson told iTnews that the agency “continues working to ensure our new computer system supports our staff and improves participants’ experience with the scheme.”

“The agency is confident in the security of the new ICT system,” the spokesperson said.



About Author

AndyC

Andy Curtis is an award-winning security consultant, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by state and federal government, leading healthcare and banking providers across three continents. He has given talks about computer security for some of the world’s largest companies, worked with law enforcement agencies on investigations into hacking groups, and is a regular voice on TV and radio explaining IT security threats.

See author's posts

Tags: , , , , , , , , ,

More Stories

Too much of a good thing? How security sprawl can weaken defences

Too much of a good thing? How security sprawl can weaken defences

2 days ago AndyC
Kinsing malware exploits Apache Tomcat on Linux clouds

Kinsing malware exploits Apache Tomcat on Linux clouds

3 days ago AndyC
LogicMonitor launches LM Cost Optimisation tool for businesses

LogicMonitor launches LM Cost Optimisation tool for businesses

3 days ago AndyC
Organisations battle AI risks amid rise in supply chain attacks

Organisations battle AI risks amid rise in supply chain attacks

3 days ago AndyC
AUCloud Ramps Expands its Senior Leadership Team

AUCloud Ramps Expands its Senior Leadership Team

3 days ago AndyC
Cyberattacks exploiting trusted ties spanned over a month in 2023

Cyberattacks exploiting trusted ties spanned over a month in 2023

3 days ago AndyC

You may have missed

Security Affairs newsletter Round 472 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs newsletter Round 472 by Pierluigi Paganini – INTERNATIONAL EDITION

5 hours ago AndyC
North Korean Kimsuky used a new Linux backdoor in recent attacks

North Korean Kimsuky used a new Linux backdoor in recent attacks

5 hours ago AndyC
AI's Energy Appetite: Challenges for Our Future Electricity Supply

AI’s Energy Appetite: Challenges for Our Future Electricity Supply

5 hours ago AndyC
Chinese Nationals Arrested for Laundering Million in Pig Butchering Crypto Scam

Chinese Nationals Arrested for Laundering $73 Million in Pig Butchering Crypto Scam

6 hours ago AndyC
Grandoreiro Banking Trojan Resurfaces, Targeting Over 1,500 Banks Worldwide

Grandoreiro Banking Trojan Resurfaces, Targeting Over 1,500 Banks Worldwide

6 hours ago AndyC

Subscribe To InfoSec Today News

You have successfully subscribed to the newsletter

There was an error while trying to send your request. Please try again.

World Wide Crypto will use the information you provide on this form to be in touch with you and to provide updates and marketing.