foi 326/14/15 document 1 - defence · 2015. 6. 19. · pilotec'f'eb . foi...
TRANSCRIPT
FOI 326/14/15 Document 1
47F
47F
47F
47F
47F47F
47F
47F47F47
47F
FOI 326/14/15 Document 1
47F 47F
47F
47F47F
47F
47F47F
33
FOI 326/14/15 Document 1
47F 47F47F
47F 47F47F 47F
47F 47F
47F
47F47F
47F 47 47F47F
47F 4747F 47F 47
47F47F 47
47F47F
3333
33
33
FOI 326/14/15 Document 1
47F
47F47F
47F
47F47F
33
33
33
33
33
33
FOI 326/14/15 Document 1
47F
47F
FOI 326/14/15 Document 3DE-CLASSIFIED
DE-CLASSIFIED
3333
3333
33
33 33
33
47F
47F
47F
33
FOI 326/14/15 Document 3DE-CLASSIFIED
DE-CLASSIFIED
33 33
3333
33 33
33 33
33
3333
33
33
47F 33
47F
47F
47F
47F
47F 47F47F
FOI 326/14/15 Document 3DE-CLASSIFIED
DE-CLASSIFIED
33
33
33
33
33 33
33
33
47F
47F
47F
47F
47F
47F
47F
47F
47F
47F
47F47F
47F
FOI 326/14/15 Document 3DE-CLASSIFIED
DE-CLASSIFIED
3333
33
33
33, 47F
33, 37F
47F
47F47F47F
47F
47F
47F
FOI 326/14/15 Document 6
47F
47F
47F
47F47F
47F
47F47F
47F
47F
47F 47F47F 47F
33
47F
FOI 326/14/15 Document 6
47F 47F47F 47F
47F
47F 47F
47F 47F47F
47F
3333
3333
33 33
FOI 326/14/15 Document 6
47F47F 47F
47F
47F
47F
FOI 326/14/15 Document 9
47F
47F
47F
47F
47F
47F 47F
FOI 326/14/15 Document 9
FOI 326/14/15 Document 9
47F
47F 47F
47F 47F47F
47F 47F
47F
PRa=FEC'i'EB Sc:n.sitive: Personal
NOTING BRIEF FOR SECRETARY: INVESTIGATION INTO REPORT OF UNAUTHORISED ACCESS TO WHITE PAPER 2015 MATERIAL
Rcfcreu~e: AF20732073IGroup: I&S Group
Due Date: N/A
Coplu: DBPSEC 1&5. DEPSEC S, FASSP. FASWP
RecommendatioD
That you:
(a) Notc the inilinJ findings ofthe DSA investigation into this matter.
(b) Notc that the investigation is ongoing.
Background
Received OcpSecl!S
D~::~.t~, Rc!) No .I~)
p] oe..:. /
1. On 28 January 2015 the DSA received 8 XP 188 Security Incident Report entitled 'Unauthorised access lO While Paper Objective files'. The report staled that on 16 Janul1J)' 2015 the White Paper 201S (WPIS) team identified that:
(8) 'the advice given lO Objective Workgroup Coordioators on how to Jock access to directories on DSN ...did not in fact restrict accessf33 s47E 1 t ;. and
(b)
2. The Report 0150 advised that
(a) 11 individuals external to the WPlS leam bad accessed material, in some cases on multiple occasions;
(b)
(e) e33 s47E
3. The DSA commenced no investigatiDn on 30 January 20 I5 nod received 0repon identifying the individuals and leT activities of interest from the WP I5 Director of Coordination on 3 February. During the period 9·12 February, DSA iDvestigalofs intCl'viewed the J2 individunls identified os being associlllcd with the in~idenl, including the II Persons of Interest (POls) reported initially.
4. On )3 February p3 :and this js bcing....usea--..-to-confi--:.um the WP)S report.
Key l!lsueJ
S. Thus far the investigation has determined:
SCDlIltive: PCrIIODol PIlOTEC'f'EB
(a)
(b)
(c)
(d)
(e)
(f)
(g)
(h)
(i)
(Ie)
(I)
l'ftOftC'f£B SCDsltive: Personnl
2
Attempts 10 restrict access to WPJ 5 DSN Objective material were initiaJly unsuccessful. However. the WP I S Director ofCoonJina.lioD has advised that access has now been appropriately restricted. This ovcm11 process is to be investigated further.
CIOO - ICf Security Bnmcb - have confinned that 1he WP Objective folders arc now appropriately locked down.
The POls arc;'S3'!fS47E IWhen interviewed they typically claimed with conviction that their work is directly linked to WPIS; they believe they bad 0 legitimate 'need to know'; and given the absence: of direction to the contrary BOd availabJe acccss to the files they felt entitled to view 011 material to which they had access.
[3S47E
A POI reponed by the WPI S team as baving accessed material without authorisation had actually been prqvided with 8 link to that iDfonuBlion by the WPJS team, following au approach to them on behalfofa I Star officer. He is no longer considered a POI. 33S4
3
stems audit information and
Then:: is no indication at this stage that any ofthe POls accessed WPI S materinJ wilh intent to bl1nJl Defence, or thot WP 15 material was forwarded beyond Defence.
Sensitive: PerloDsl PIIOTgCfKD
PROTECTED Sensitive: PenoDDI
3
6. Investigation into this matter is ongoing.;33 s47E 3"3'S47E
33 s47E
unsuccessful! ~Y WPl S staffand the advice rovided to them, 7E conjunction with ClOG we are oJso examining how Objcctive w8S;;,,;::;iru;;::·-.=tio=I:i1-=..=.==--===--.
CODsuJtalJoD
7. ClOG.
Resouree upecCs
8. Nil.
7
Dennis RichardsoD Secretary 'L.!tlebruary 20I5
~~~~~~~~~----~----~~
Scnsith'e:: Personal PROTSGfED
b}
INOTING BRIEF FOR SECRETARY: INVESnGAnON INTO REPORT 011 ALLEGED UNAUTHORISED ACCESS TO WHITE PAPER 1015 MATERIAL
. Group: I&'S Group Refcrencz: AFl099023S
Due Date: N/A
1 3 APR 20i5
For Offidal Use Ouly SeDlidYe·Personal
Sf.t.j,p/~I~'A.That you:
(a) No'elhat the DSA investigation inlo nlleged unauthorised access to White Paper 201 S material has concluded.
(b) Note !he findings oflbc investigation. and the fOJloW"OD actions being taken.
Background
I. On 30 Jaouary 20lS Ibe DSA commenced an investigation into allegations that 11 personnel external to the While Papel' 201 S (WP I5) team had accessed WP J5 materioJ in DSN Objective folders without authorisation between April 2014 and January 2015. The II personnelP'3S47E _ IOn 26 fc:bru.ar,y 201 S you noted the initial findings anaprogress onne investigation. ThC investigation has now concluded.
Findings
2. The investigation makes the follOwing findings:
(D) The WPI S leam under direction of Mr Ched Hodgens. Chief ofSta.ff, sought to restrict DCCesS to WP I 5 material, However, these efforts were ineffective 8S access controls within Objective were applied incorrectly. This is the primary cause ofpcrsonnel outside the WP] S team obtaining unauthorised access to WP) S matcrlal.
(b) Prevalent among the I) personnel was B bcliefthat J{they could access material in Objective they must be authorised to do so, based on BD absence ofdirection to !he contrary and the access controls in Objective available to work groult-coordinators. An indicated an awareness ofthe 'need to know' principle. but beUevedji"33 S47CJ
f3"3S47E . ~ they hed 8 legitimate 'need to know',
(c) §'33S47~---------------------,
(d)
Seqalllve·PenJOnal FOT Official Ute ODIy
Seasilive·Pel'lODaJ ~~~·~F----~-~·~------~--------~----------~
(c)
(f) \ There is no eVidCiicc to sug8est~7F malicious intentions when accessing WP JS material. or that harm to Defence or national interest has oriSCD from that access. ~~~~F------~--~----~I .
(g) L __ eight other pt:rsoMeJ were iltCgCa to hive accessed WP) S material without authorisation. One has 8Ub$equcnlly been proven to have authorised access. It is nssessed that the actions oftbe remainder were:
i) not a security breacb,
if) motivated primarily by a genuine desire to be informed about WPI S. and
iii) made possible by incorrect application ofObjective access restrictions.
FoliowooOD dOD
3. 1be WPJS team, supported by CIOO. hus now taken correct steps to n:sbict access to WPIS malcriBl. I intend to: 00 ,,~mP~~--~-~--------------------------~
f7F [foreonsfacration oljiCiiii61c administrative action•
. (b) write IoP3 M7E :regarding the remaining seven persormel and advise that they are cwrentJy or no lUiibcr interest to the DSA in this matter, and
(c) wOJt with ClOG to raisc the awareness ofObjcctive Wade Group Coordinators of the importance of understanding and correctly applying Objective security concrols. and with MECC on complementar)' Information Manasemcnt policy and education.
CODsultatioD
4. Mr Oreg Gale AS ICT Security ClOG, Mr Chad odgens WPI5 team ChiefofStaff.
em. Ridioiib•• Sec:retmy I April20JS
SeositJve-PersoDol . For Omtlol Use Oo)y