The Transport for NSW outage has left computers and phones impacted for nine days across its eight bus depots. The agency told The Sun-Herald its system for the scheduling of buses was down, but had by Saturday been largely restored. Drivers have to fill in their names on their journals, which is one of the functions that hasn’t yet been resolved, a spokesman said.
In a statement, Mr Staples said State Transit’s IT network experienced an outage that was being investigated by IT teams. “There has been no impact to customers or bus services as a result of the outage, and staff have been paid on time,” he said.
“Based on information to date we do not believe this is linked to any other incident. Transport for NSW continues to invest in the highest level of cyber defence.”
However, a senior source close to bus operations told The Sun-Herald, “it was a hack. It was a malicious hack” and claimed that “STA management has confirmed it was, in fact, a hack”.
The source said State Transit was “in the rather delicate position of having both people’s bank account details as well as copies of people’s photo ID … so if anything was to happen it would be more than a significant risk to people”.
In a report published in December, the NSW Auditor-General said 37 per cent of NSW government agencies failed to patch applications with security fixes when they became available, while 41 per cent were not using multi-factor authentication.
In a report released last week, the Australian Cyber Security Centre named both those things as key harm mitigation strategies that, if implemented, would greatly reduce the risk of data breaches.
NSW Labor’s spokeswoman for public services, Sophie Cotsis, said the state government’s “failure to invest in cyber security measures has left our digital infrastructure vulnerable, potentially putting critical health and public safety systems at risk”.
“A parliamentary inquiry into cyber security is needed to assess whether the NSW government is doing enough to keep our state safe,” she said.
Asked about the Auditor-General’s report, Customer Service Minister Victor Dominello said Cyber Security NSW had already started enhancing cyber security and standards across the government.
“The record $240 million investment announced last week is not a set and forget posture,” he said. “Through Cyber NSW, the government will continue to invest in the best and safest possible cyber architecture, remain vigilant and continue to look forward.”
Diep Nguyen, a senior lecturer at the UTS School of Electrical and Data Engineering, said it was important that all government agencies implemented the high security standards to prevent exposing “weak links” that would become vulnerable to potential attackers.
“Usually all of these networks are connected to each other, so one weak point will make the whole network vulnerable,” he said.
Tim Barlass is a Senior Writer for The Sydney Morning Herald
Angus Thompson is an Urban Affairs reporter for The Sydney Morning Herald.