Defence Mysteriously Silent on Security Vetting Concerns
It has been more than a month since a Joint Committee of Public Accounts and Audit public hearing heard revelations from Department of Defence officials that 85 percent of critical security clearances, including the ‘Positive Vetting’ level, are conducted by private contractors.
The hearing learned that sensitive personal information about Australia’s most senior public servants and military officers – including sexual behaviour and financial, medical, drug and alcohol details – is being whizzed around by motorcycle couriers in hardcopy form due to lack of connectivity between ICT systems and cyber security concerns.
Defence also admitted to instances where highly sensitive personal information was sent to the wrong address by couriers.
Labor MPs asked Defence for a list of the names and ownership details of the private contractors, and sought an absolute assurance they are not foreign owned.
Yet despite promising to provide a list within 24 hours on the details of 14 of the 22 private contractors undertaking these highly sensitive assessments, Defence has failed to respond.
Basic company searches reveal that some of the contractors have directors living overseas.
The hearing also revealed that private contractors retain information from assessments, including a list of who was spoken to, such as close friends, former partners and family members.
Defence was unable to tell the hearing why private contractors needed to retain this information, or how they were required to store such information.
The Government must immediately explain:
- who owns the companies undertaking sensitive security clearances
- details of the motorcycle couriers ferrying the sensitive documents, including ownership and vetting arrangements
- why the private contractors retain assessment information
- how long they retain the information
- where the information is stored, and
- whether the private contractors comply with Australian Signals Directorate cyber security standards in the management, storage and transmission of the information.
The Minister for Defence must also explain why Defence has failed to respond to the questions posed at the public hearing, particularly on the ownership details of the private contractors and whether they meet Australian cyber security standards.
GAI BRODTMANN MP
SHADOW ASSISTANT MINISTER FOR CYBER SECURITY AND DEFENCE
MEMBER FOR CANBERRA
JULIAN HILL MP
DEPUTY-CHAIR, JOINT COMMITTEE OF PUBLIC ACCOUNTS AND AUDIT
MEMBER FOR BRUCE