The Bureau of Meteorology has again refused to confirm whether its IT systems late last year suffered a serious breach but says it is taking advantage of an infrastructure rebuild centred on its new supercomputer to boost its security posture.
Although Bureau officials would not comment on whether a successful attack had occurred, the agency’s head, Dr Rob Vertessy, said that there were no disruptions to IT systems as a result of a security breach.
In December it was reported that Bureau systems had been compromised by a “major cyber attack” originating in China.
“There have been no security-related disruptions to our service delivery or to our ICT systems at all,” Vertessy, director of meteorology and Bureau of Meteorology CEO, told a Senate Estimates hearing today.
All government agencies have security breaches “from time to time,” Vertessy said. The Bureau chief would not comment on media reports about the alleged hack but said there was some “wild stuff” in some of them.
“If we could just dispel one notion that there was some particular event on a day that was akin to a denial of service or a ‘bring down of the system’ – no such event occurred,” Vertessy said.
“The Bureau like all agencies has an active program of improving its ICT security posture and we are in the fortunate circumstance because we are rebuilding some of our ICT infrastructure chiefly around the supercomputer which government funded in the last budget,” Vertessy told the Estimates hearing.
“We’ve got the ability now to redesign the architecture of our systems such that we have improved ICT security,” Vertessy said.
Independent South Australian Senator Nick Xenophon has been pushing for a parliamentary inquiry in the aftermath of the reports about the alleged breach.
The Bureau’s new supercomputer is currently undergoing acceptance testing, said Dr Lesley Seebeck, the organisation’s CIO.
The new supercomputer will result in major upgrade of the organisation’s weather forecasting capabilities.
The organisation revealed last year that Cray was the successful tenderer for the program. The new Cray XC40 supercomputer will have an initial 1660 teraflop capability, which will eventually be boosted to 5 petaflops.
The first phase of the project is expected to be completed in mid-2016.
The Bureau is working to ensure there isn’t a repeat of the network outage the organisation suffered early last month, Seebeck said.
A faulty switch brought down the Bureau’s entire network at 6am on 8 January. Core systems were restored by around 11.30am, with the remainder of the systems being accessible by the end of the day, the CIO said.
The CIO’s team are undertaking a series of activities to learn from the events and investigate how the Bureau’s systems can be hardened and redundancy improved.
“I should note that we have to be careful whenever we do any changes to our systems because we have to remain up, operational 24/7, 365 days a year,” Seebeck said.
“We tend to therefore only have windows of opportunity, which are aligned with the weather. So we’re also very, very careful about when we can do maintenance and upgrades and as a result things may take a little longer than they would in a different department or agency.”