Sensitive Defence information is still being held at data centers owned by Global Switch, a Chinese-owned multinational company, despite promises to have all government data migrated out by 2020. Regardless of the complexity of the move or data being “less sensitive”, this is an unacceptable situation. The Chinese Communist Party must be laughing at our Government.
Transcript
Okay, thank you. Getting onto storage of defence data, including critical secure data. In February, 2021, the Australian federal government renewed its contract with the firm Global Switch, despite serious security concerns. The company has hosted Australia’s sensitive and high security data for some time. Elegant Jubilee, a Chinese consortium, bought 49% of the parent British company Alders Gate Investments, causing an ownership change for Global Switch in 2016. Then treasurer Scott Morrison said in 2017 that the defence data would be shifted back to a government owned hub for security reasons. After he became prime minister, he later decided to extend their contracts with Global Switch. Does the firm Global Switch still host Australia’s sensitive and high security defence data?
Senator, Jeff Goedecke, First Assistant Secretary ICT Service Delivery and Reform. The Global Switch facility, which is completely controlled by the commonwealth, does hold some of the less sensitive data. There are as indicated in the release by secretary Moriarty in February last year, there are plans in place to migrate that data from Global Switch by 2025. This is in accordance with the whole of government hosting strategy.
So why was it decided to continue this arrangement, hosted ultimately with, with Chinese ownership?
It’s, it’s, it’s not Chinese ownership. As I said, the Commonwealth owns, has complete control of the facility, both from a physical perspective and from a, and a, a protection from a logical sense, from an ICT perspective and security perspective. The amount of equipment and data, and the complexity and interdependencies, necessitate a longer term to remove these things. There’s a, a great deal of reliance on defence business continuity, that requires a staged approach to remove this stuff. It basically, the complexity and size of the footprint, the payload inside the data centre, means it was impossible to, to move that over a very short period of time.
So when was the decision last made to, to leave it there, and eventually you take it off by 2025?
So, just bear with me, Senator
And Senator, Greg Moriarty, Secretary of the Department. All of, all of the highly sensitive information is, is long gone. So what, so-
What sort of information is there?
Well, this-
So we, so what happened was the government approved, back 2018 for defence to be funded to move what was sensitive data from the data centre out. That occurred by June, 2020. So that was all removed. Because of the size of the footprint of the remaining data, which is less sensitive data, again, still protected from a government perspective and government controlled. There was a, there is a process in place now where we are, have an evolution to move that data out. And that ties in with the additional lease, which expires in 2025.
So what is that less sensitive data?
It, it’s for a range, range of things. It could be administrative related. It could be some sort of logistic, but we wouldn’t normally discuss exactly what type of data we hold in what locations.
So there’s no risk whatsoever of the Chinese accessing it, ’cause they’re pretty good hackers.
There, there is no risk.
What, what, why can you be sure of that?
It’s, it’s based on the, the the facility itself has physical controls in place. That’s everything from, from it being a fully manned facility, it has all of the CCTV capabilities. It has, you know, alarms, it’s fully accredited. And in fact, the facility is accredited to look after more sensitive data. That hasn’t changed. So there’s a higher level of security than would normally be afforded that level of data, which is an important factor as well. In addition to that, we have ICT securities. So cybersecurity controls where we, we monitor that we have a, the defence security operations centre monitors cyber activity. And that includes that within the footprint as well. Gateway, secure gateways also assure the information. So from a defence perspective there aren’t risks related to that, Senator.
Has it been tested at all? ‘Cause the Chinese, some Chinese are very good hackers. I’m sure you know that.
Absolutely. So there are, defence has no indications at all that there’s been any compromise at all related to data held in that facility.
So it’s not a case then of the, the Fox looking after the hen house?
Not at all.
Okay.
No, but, and, and just to make sure that, I mean, that, that is why the government has, has directed defence to move all of the data by a particular point in time. Senator, we believe that the mitigation strategy that we have in place is very robust for the, for that level in, in fact, as Mr. Goedecke said, it’s, it’s much more significant wraparound than what normal data of that level would be. But we are moving out. We are, we are gonna remove absolutely any risk by, by removing ourselves from that, from that data centre. And the government has, has agreed the timeline.
Thank you. And thank you, too.
