FOI 326/14/15 Document 1 - Department of Defence · FOI 326/14/15 Document 1 47F 47F 47F 47F 47F...
Transcript of FOI 326/14/15 Document 1 - Department of Defence · FOI 326/14/15 Document 1 47F 47F 47F 47F 47F...
FOI 326/14/15 Document 1
47F 47F47F
47F 47F47F 47F
47F 47F
47F
47F47F
47F 47 47F47F
47F 4747F 47F 47
47F47F 47
47F47F
3333
33
33
FOI 326/14/15 Document 3DE-CLASSIFIED
DE-CLASSIFIED
33 33
3333
33 33
33 33
33
3333
33
33
47F 33
47F
47F
47F
47F
47F 47F47F
FOI 326/14/15 Document 3DE-CLASSIFIED
DE-CLASSIFIED
33
33
33
33
33 33
33
33
47F
47F
47F
47F
47F
47F
47F
47F
47F
47F
47F47F
47F
FOI 326/14/15 Document 3DE-CLASSIFIED
DE-CLASSIFIED
3333
33
33
33, 47F
33, 37F
47F
47F47F47F
47F
47F
47F
PROTECTED Sensitive: Persona.
NOTING BlUEF FOR SECRETARY: INVESTIGATION JNTO REPORT OF UNAUTHORISED ACCESS TO WHITE PAPER 2015 MATERIAL
EXECUTIVE SUPPC RT UNITReference: AF20732073IGroup: I&S Group ('I".
L w , .........",
Due Date: NIAThrough: DCP~~'Z\ \S
CopIes: DBPSEC 1&5. DEPSEC S. FASSP, FASWP
Recommendation
That you:
(a) Note the initial findings of the OSA investigation into this matter.
(b) Note that the investigation is ongoing.
Background
1. On 28 January 2015 the DSA received 8 XP 188 Secwity Incident Report entitled 'Unauthorised access to White Paper Objective files'. The report stated that on 16 January 2015 the White Paper 20 IS (WPI S) team identified that:
(a) 'the advice given to Objective Workgroup Coordioators on how to Jock access to directories on OSN ... did not in fact restrict access f33 s47E 1 t ,\ and
(b)
2. The Report also advised that:
(a) J1 individuals external to the WP 1 S team bad accessed material, in some cases on multiple occasions;
(b) fS (c) ~33 s47E
3. The DSA commenced an investigation on 30 January 2015 and received a report identifying the individuals and leT activities of interest from the WP J5 Director ofCoordination on 3 February. During the period 9-12 February, DSA investigators interviewed the 12 individuals identified os being ossociated with the incident, including the 11 Persons of Interest (POls) reported initially.
4. On 13 F~bl'U8I')'@3 __ _ : and this IS being used to confum the wp::7')"':'S-re-p-ort~.~-------~------l
Key Issues
5. Thus far the investigation has determined:
Sensitive: Persobal PROTECTED
PH.OTECTED Sensitive: PersonuJ
2
(a) Attempts to restrict access to WP IS DSN Objective material were initially unsuccessful. However. the WP IS Director ofCoordination .has advised that access has now beeD appropriately restricted. This ovem11 process is to be investigated further.
(b) ClOG - ICT Security Branch - have confinned that the WP Objective folders are now appropriately locked down.
(e) The POls are~3-3S47E'-------~-~~~~--------'1When interviewed they typicnlly claimed with conviction that their work is directly linked to WPlS; they believe they bad a legitimate 'need to know'; and given the absence of direction to the contrnry and availabJe access to the files they felt entitled to view all materinl to which they had access.
(d) [3Sl17E
(e) A pot reported by the WPlS team as having accessed material without authorisation had actually been prqvided with a Jink to that information by the WPI5 team, roUowing an approach to them on behalfofa I Star officer. He is no longer considered a POI.
(I)
(g)
3"3 s47E
(h)
(i) 33
0) We are waitinll further systems audit information and s33 s47E ~g3~7~ ~______________-~__~____~~____~ s33 s47E I believe the access was inappropriate. Due not malicious.
OO[ ~ T (I) 'lbcre is no indication at this stage that any of the POls acc(lssed WPIS materiuJ with
intent to harm Defence, or that WP 15 material was forwarded beyond Defence.
Sensitive: l'cTSooal PltOTECTED
PROTECfED Sensitive: Penlonal
3
(m) 533 5'47E
6, Investigation into this matter is ongoing. f33 547E s33 s'47E
33 s47E conjunction with ClOG we nrc olso examining how Objective was initially locked down unsuccessfully) by WI'lS stnffand the advice provided to them,~7E
.1n
Consultation
7. ClOG.
Resource upects
8 Nil
47F <al:/
(b) ED r
7F
Il~o..."",,<:sc . Security Officer
Dennis Richardson ITel; (02) 626 62634 SecretaryM: 0417 06] 401 'L.bFebruary 2015 2.to February 2015
IBranch/Section Hcad . ~7F Action OfficCl' I f
Scnsitin: Personal PROTECTED
For Official Usc Ouly Sensitive-Personal
INOTING BRIEF FOR SECRETARY: IN VESTIGA TlON INTO REPORT OF ALLEGED UNAUTHORISED ACCESS TO WHITE PAPER 1015 MATERIAL
. Group: I&S Group
That you:
Reference: AF2099023S
Due Date: N/A
1 3 APR 2ms
sa!1~/2~I~sq (a) Note that the DSA investigation into nlleged unauthorised access to White Paper 2015 material
has concluded.
(b) Note the findings ofthe investigation, and the follow-on actions being taken.
Background
I. On 30 January 2015 the DSA commenced an investigation into allegations that 11 personnel extemn.l to the White Paper 201 5 (WP I 5) team had accessed WP 15 material in DSN Objective folders without authorisation between April 2014 and Janll.8J'Y 2015. The II personnel ~3"3S47E ] On 26 February 2015 you noted the initial findfngs and progress ofthCinvestigation. 'I'm investigation has now concluded.
Findings
2. The investigation makes the following findings:
(D) The WP] 5 tearn under direction of Mr Chad Hodgens, Chief of Staff, sought to restrict access to WPIS mnteriol. However, these efforts were ineffective e.s access controls within Objective were applied incorrectly. This is the primary cause of personnel outside the WPI S team obtaining unauthorised access to WPI S ITUIterial.
(b) Prevalent among the II personnel was a bcliefthat if they could access material in Objective they musl be authorised to do so, based on an absence ofdirection to the contrary and the access controls in Objective available to work grout!.,C!Oordinators. All iQdicated an awareness of the 'need to know' principle, but believedf33S47~
f33 s47E ~ they had a legitimate 'need to know'.
(c) s33 s47E---------------------------,
(d)
Seosltive-Personal For Officilll Use Onty
(e)
(f) \ There is no evidence to sU8gest~7F d malicious intentions when accessing WP) 5 material. or that harm to Defence or national interest has arisen from that access.
(g) E3S47ES47F _ _____ leigh! other personnel were iillegcifiOliave accessed WP] S material without authorisation. One has subsequenLly been proven to have authorised access. It is assessed that the m:tions of the remainder were:
i) not a security breach,
ii) motivated primarily by a genuine desire to be informed about WPlS, and
iii) made possible by incorrect application of Objective access restrictions.
Follow-on netion
3. The WP] S team, supported by ClOG, has now taken correct steps to restrict access to WP t5 material. I intend to:
.----~~----~---------------------------------,(8) referjf7F ~7F [fO'fCOilSfderatioD ofjii'9Si61c administrative action,
. (b) write 1083'3 s~7E :regarding the remaining seven ptrSoonel ond advise that they are currently of no fun6cr interest to the DSA in this matter, and
(c) work with ClOG to raise theawarencss ofObjcctive Work Group Coordinators of the importance of understanding and correctly applying Objective security conttols, and with MECC on complementary Information Management policy and education.
Consultation
4. Mr Greg Gale - AS lCT Security ClOG, Mr Chad odgens W PIS team Chiefof Staff.
IF ey, AM. esc Chief Security Officer
I Te): (02) 626 62634 • M: 0417 061 40) : A ril2015
Bl1IDChIScction Head Action Officer
k.u. Rkh.ii1... Secretary ( April 2015
Sensitive-Personnl For Offlclal Use Only