AUSTRALIA GOVERNMENT CUSTOMS AGENCY THEFT OF COMPUTERS CREATES SERIOUS REVIEW Computerworld | EDS to face more heat over stolen Customs servers EDS to face more heat over stolen Customs servers
Julian Bajkowski, Computerworld

03/02/2004 10:10:58

Outsourced and externally managed IT security's reputation will take the spotlight again at Senate Estimates hearings this month over the theft of two servers from an ostensibly secure Customs intelligence facility managed by EDS last year.

Dissatisfied with the government's refusal to respond to several questions on notice because of legal and security grounds, the Labor party has indicated it will take up the parliamentary cudgels again in an effort to extract detail on how the IT security incident took place. While Labor is keeping quiet about specifics, the questions are certain to revolve around what action Customs has taken to either extract service level penalties from EDS or terminate its contract.

While Cabinet has received a report from specialist security firm Signet Group into the incident, Computerworld understands any lessons learnt in the form of recommendations to the government are unlikely to be made public. The firm is run by a former director general of the Australian Secret Intelligence Service Rex Stevenson, and James Allen, a former deputy commissioner of the Australian Federal Police.

Adding to the intrigue is a statement from Customs, released on Christmas Eve 2003, which reveals that a forensic examination of the stolen machines by the Defence Signal Directorate [DSD] found that "…one of the servers did contain a backup file of old e-mails stored in November 2002. It appears that this file was temporarily stored on the server during a computer upgrade and then inadvertently not removed."

No attempt was made to access the e-mails by the thieves, the contents of which did not "contain any national security information" according to the statement.

A spokesman for Customs Shadow Minister Mark Bishop said that the government's responses to date raised more questions than they had answered.

"You only ever see the tip of the iceberg at Customs," the spokesman said.

The office of Customs Minister Chris Ellison did not return calls in time for publication.

Other questions on notice Labor is likely to be revisiting include the level of staff vetting and turnover at EDS, whether or not the EDS-run facility contained or processes intelligence and security information and what conditions have now been imposed on EDS.

Two men were charged in September 2003 over the theft of the computers which were a pair of mid-range Compaq mail servers that took about two hours to remove.