The Department of Finance has admitted it is scrambling in the electorate offices of federal politicians to rip out and replace around 120 “systems” made by Chinese firms Hikvision and Dahua, which have been banned at the Department of Defence.
In a rapidly escalating sweep of federal assets potentially compromised by the untrusted hardware, finance department officials confirmed at least 65 different electoral office sites had been identified as using the defence-blacklisted CCTV equipment, with a replacement program now underway.
Aside from video surveillance and intercoms relying on the suspect technology, finance officials also revealed they are replacing electronic locks at some of the sites as part of the refit now underway.
The big security refit was revealed at Senate estimates on Tuesday as finance officials faced more questions as to whether they had pro-actively informed elected representatives of the Hikvision and Dahua issue as part of their purge of the equipment.
Finance appears to have taken the approach that it would replace the systems as part of its regular upgrade cycle for such products as opposed to moving specifically to replace the systems.
The estimates committee was told by finance executives that Ministerial and Parliamentary Services “reached out to parliamentarians in July last year [2022] to notify them of that project”, although a request for a specific start date was taken on notice.
Of the 65 electorate offices identified in the defence blacklisted kit, just 20 had been refitted.
Senator Claire Chandler, who before politics was a senior analyst at Deloitte Risk Advisory, wanted to know what finance had told elected representatives in terms of details and the context around why the refresh was being undertaken.
“There is a difference between saying to MPs and senators, ‘There is an almost run-of-the-mill update to your security devices occurring at some point in the next financial year’, which, from recollection was the intention of the email from July last year,” Chandler pursued.
“And then them saying, ‘We’re specifically changing this device because of security concerns’ … that would be information that I think senators and members of parliament would like to know.”
Finance gave evidence that the move to replace the systems in question was “more of a precautionary measure”.
The estimates committee heard that there was a range of factors driving how replacements were prioritised and that finance expected to replacement of CCTV cameras to be completed by April this year.
This article first appeared in The Mandarin.
Would somebody please outline what kind of security threat these cameras pose? As another writer highlighted, a competent installation process would eliminate the potential for reporting back to China (that Beryl was stealing two tea bags from the tea room). All this hubble and bubble (why don’t we just call it ‘clickbait’ and ‘politically motivated fear mongering’?) about a security threat, but no credible explanation of how it’s technically possible. And, exactly what highly classified information is being stolen by the plethora of cameras pointing at windows, entrances, car parks, memorials etc.? To my certain knowledge, none of these cameras are actually looking over the shoulders of important officials and reading state secrets. I know Chinese engineering is highly capable, but it’s unlikely they’ve figured out how to change the laws of physics: data is not invisible! Next time a politician mentions this issue, ask them to provide a credible technical explanation of how it’s done. I’m not holding my breath waiting for the answer.
Your statement is absolutely bang on. If you ask for an explanation they will just claim “National Security” to avoid answering.
Look, the issue is not really about the digital equivalent of the old analog cameras sending a signal to a video recorder. The concern is the modern “smart” security camera with built in software to identify humans and movement and then automatically react to zoom in to faces and track people. Sadly it’s possible to embed nefarious software both in the complex code in these cameras or even within the microcode in the processor chips. The problem is that it is functionally impossible to certify the cameras as being safe, as to do that each and every camera would need to be disassmbled, the millions of lines of machine code in it analysed to identify what it does and ensure it is not encrypting data and sending it out. The same operation is then required on each line of micro-code in the processor chips, if it can be extracted. This would be a truly Herculean task and certainly beyond the resources of security organisations. Better or more practical to just buy cameras from a friendly country that we are happy to be spied on by.
I must disagree. Penetration testing is a normal state of affairs in many industries, particularly finance, and it is most certainly NOT a “Herculean task” to review the code and test both the hardware and the code as well as ensure that your network traffic security is set up to restrict access to either external sites outside your network or from external sites outside your network. Indeed, such testing should be done no matter where any equipment is sourced from.
I wouldn’t trust Public Service IT to test a single shot pea shooter however there are extremely qualified and experienced commercial testing companies that can undertake this pen testing work promptly and at minimal cost.
What a bizarre Yankee knee-jerk response……………….
…………..can anybody think of a CCTV camera that is NOT made in China?
It can only be a matter of time before all plain white cotton Tee-shirts are banned because the evil CCP have secretly infected them with COVID Mark 2…………………….
The silence from the media as to which Party was in Government when the contracts were signed off on for these cameras is deafening.
Just imagine Sky News After Dark commentary if these systems were installed under a Labor Govt.?. Any input by Andrews Govt and they would be calling for Royal Commission.
More concerned about any IT equipment we have installed that is sourced from the US.