Showing posts with label NSW government. Show all posts
Showing posts with label NSW government. Show all posts

Thursday, 11 January 2018

NSW Auditor-General not impressed by government agencies cyber security risk management


“Specific financial reporting, controls and service delivery comments are included in the individual 2017 cluster financial audit reports tabled in Parliament from October to December 2017.” [NSW Auditor-General, Report on Internal Controls and Governance 2017, December 2017]

On 20 December 2017 the NSW Auditor-General released the Report on Internal Controls and Governance 2017.

The Sydney Morning Herald reported on 28 December 2017:

Two-thirds of NSW government agencies are failing to properly safeguard their data, increasing the risk of improper access to confidential information about members of the public and identity fraud by cyber criminals.

The finding has emerged from an audit of dozens of government agencies, including those holding highly sensitive personal information collected from millions of citizens, such as NSW Health, the department of education, NSW Police Force, Roads and Maritime Services and the justice department.

While the report by auditor-general Margaret Crawford does not name the agencies failing to properly manage privileged access to their systems, it highlights the potential consequences.

"Personal information collected by public sector agencies about members of the public is of high value to cyber criminals, as it can be used to create false identities to commit other crimes," she says in the report.

"Despite these risks, we found that one agency had 37 privileged user accounts, including 33 that were dormant. The agency had no formal process to create, modify or deactivate privileged users."

Overall, Ms Crawford's report found 68 per cent of NSW government agencies "do not adequately manage privileged access to their systems".

In addition, she said, the audit determined that 61 per cent of agencies "do not regularly monitor the account activity of privileged users".

"This places those agencies at greater risk of not detecting compromised systems, data breaches and misuse," the report said.

The audit found 31 per cent of agencies "do not limit or restrict privileged access to appropriate personnel". Of those, just one-third monitor the account activity of privileged users.

It found that almost one-third of agencies breach their own security policies on user access.

The report warns that if agencies fail to implement proper controls "they may also breach NSW laws and policies and the international standards that they reference".

Read the full article here.

List of NSW Government Agencies Examined by NSW Auditor-General
Education
Department of Education
Family and Community Services
Department of Family and Community Services
New South Wales Land and Housing Corporation
Finance, Services and Innovation
Department of Finance, Services and Innovation * Specifically identified in report
Place Management NSW
Property NSW
Service NSW
Health
NSW Health
Industry
Department of Industry
Destination NSW
Forestry Corporation of New South Wales
Office of Sport
TAFE Commission
Water NSW
Justice
Department of Justice
Fire and Rescue NSW
Legal Aid Commission of New South Wales
NSW Police Force
Office of the NSW Rural Fire Service
Planning and Environment
Department of Planning and Environment
Essential Energy
Hunter Water Corporation
Landcom
Office of Environment and Heritage
Office of Local Government
Sydney Water Corporation
Premier and Cabinet
Department of Premier and Cabinet
Transport
NSW Trains
Rail Corporation New South Wales
Roads and Maritime Services
Sydney Trains
Transport for NSW
WCX M4 PTY Limited
WCX M5 PTY Limited
Treasury
Crown Finance Entity
Insurance and Care NSW
Lifetime Care and Support Authority
NSW Treasury Corporation
NSW Self Insurance Corporation


Some deficiencies were common across agencies

The most common internal control deficiencies were poor or absent IT controls related to:

user access management
password management
privileged access management
user acceptance testing.

The most common governance deficiencies related to:

management of cyber security risks
capital project governance
management of shared service arrangements
conflicts-of-interest management
gifts-and-benefits management
risk management maturity
ethical behaviour policies and statements.

Friday, 22 December 2017

Can you even imagine personally owing the NSW Government over $204k in unpaid fines? Somebody in the Northmead area can.


As of 30 June 2017 approximately 515,437 debtors owed the NSW State Debt Recovery Office a whopping $839,762,236 as a result of 2,524,845 fines being generated.

The nature of these fines range from penalty notices (e.g. parking fines) through to court fines, State Electoral Office fines, Sheriff Office Jury Branch fines and Bail Forfeiture Orders.

These fines are all overdue and an unknown number of these debtors are serial defaulters.

Here are the top five serial offenders:

The person owing the largest dollar amount hails from the Northmead area, the second largest has an address in the vicinity of Waterloo-Zetland, the third is somewhere in Artarmon and, the fourth & fifth seem to call the Eastern Suburbs home.

In the 2016-17 financial year the State Debt Recovery Office wrote off est. $68.23 million in  debt still outstanding.

Tuesday, 7 November 2017

Are NSW police racially profiling young offenders?


Junkee, 26 October 2017:

A NSW Police intelligence program that uses secret algorithms to identify suspects who may commit a “future crime” is disproportionately targeting young people and Aboriginal and Torres Strait Islander people, according to a comprehensive new report.

The ‘Policing Young People in NSW’ report was published by the Youth Justice Coalition, a network of youth workers, lawyers, academics and policy experts. It was written by Dr Vicki Sentas, an academic at the University of New South Wales, and Camilla Pandolfni, a solicitor at the Public Interest Advocacy Centre.

The report is the first comprehensive look at the Suspect Targeting Management Plan (STMP), a NSW Police program that “seeks to prevent future offending by targeting repeat offenders and people police believe are likely to commit future crime”.

The STMP involves the use of “risk assessment tools” and algorithms that take into account a series of “risk factors” to identify potential future criminals. Suspects in the program are categorised on a scale from “low risk” to “extreme risk” and then targeted by police officers through regular house visits and the use of stop and search powers.

The criteria used to identify suspects is not publicly available, and individuals targeted through the STMP are not notified of the reasons behind their risk categorisation. The whole program is managed internally by the police and there are no specific laws or regulations governing its operation.


The preliminary findings based on this research are:

* Disproportionate use against young people and Aboriginal people: Data shows the STMP disproportionately targets young people, particularly Aboriginal and Torres Strait Islander people, and has been used against children as young as ten.

* Patterns of ‘oppressive policing’ that may be damaging relationships between police and young people: Young people targeted on the STMP experience a pattern of repeated contact with police in confrontational circumstances such as through stop and search, move on directions and regular home visits. The STMP risks damaging relationships between young people and the police. Young people, their families or legal representatives are rarely aware of criteria used to add or remove people from the STMP. As the case studies show, young people experience the STMP as a pattern of oppressive, unjust policing.

* Increasing young people’s costly contact with the criminal justice system and no observable impact on crime prevention: The STMP has the effect of increasing vulnerable young people’s contact with the criminal justice system. Application of the STMP can be seen to undermine key objectives of the NSW youth criminal justice system, including diversion, rehabilitation and therapeutic justice. The research has identified several instances where Aboriginal young people on Youth Koori Court therapeutic programs have had their rehabilitation compromised by remaining on the STMP. There is no publicly available evidence that the STMP reduces youth crime.

* Encouraging poor police practice: In some instances, the exercise of police search powers in relation to a young person on the STMP have been found unlawful by the courts. The STMP may be inadvertently diminishing police understanding of the lawful use of powers (set out in the Law Enforcement Police Powers and Responsibilities Act 2002 (NSW) (LEPRA)) and thereby exposing police to reduced efficacy and civil action. * No transparency and an absence of oversight, scrutiny or evaluation: The operation of the STMP is not transparent or accountable. Criteria for placement on the STMP are not publicly available, individuals cannot access their STMP plan and it is unclear what criteria are used by police to remove a person from the STMP…..

Based on the research and findings presented here, the report recommends that:

1. NSW Police discontinue applying the STMP to children under 18. Children suspected of being at medium or high risk of reoffending should be considered for evidence-based prevention programs that address the causes of reoffending (such as through Youth on Track, Police Citizens Youth Clubs NSW (PCYC) or locally based programs developed in accordance with Just Reinvest NSW), rather than placement on an STMP.

2. NSW Police make the STMP policy and operational arrangements publicly available to enable transparency and accountability.

3. NSW Police amend the STMP policy so that any person considered to have a ‘low risk’ of committing offences not be subject to the STMP.

4. NSW Police amend the STMP Policy to mandate formal notification by police to any individual placed on a STMP, including reasons for placement on the STMP and the date of next review. Subsequent notifications to individuals on an STMP should outline the outcome of the review and reasons for the STMP being maintained or discontinued.

5. NSW Police make data on the STMP publicly available through the NSW Bureau of Crime Statistics and Research (BOCSAR). Available data should include demographic information (age, Aboriginal or Torres Strait Islander status, ethnicity, Local Area Command LAC), as well as data on the length of time enrolled in the STMP and the category of risk determined.

6. NSW Police commission BOCSAR to evaluate whether the STMP is reducing youth crime.

7. NSW Police provide all police officers with formal training on the STMP which:

i. Clarifies its status as an intelligence tool;

ii. Provides guidance on the criteria for inclusion and exclusion from the program and the alternative programs available;

iii. Sets out its operational requirements, and limits; and iv. Provides guidance on the relationship of the STMP to the law. For example, training should clarify that a persons’ inclusion on an STMP cannot provide a basis for grounding a reasonable suspicion (either on its own or together with a number of other factors) under LEPRA.

8. The Law Enforcement Conduct Commission (LECC) conduct a comprehensive review of the STMP.1 The terms of reference of the recommended LECC review should include consideration of whether the STMP:

i. is effective and appropriate in dealing with the risk of offending in young people under 25 and children;

ii. is effective and appropriate in dealing with the risk of offending in adults;

iii. is effective and appropriate in relation to other vulnerable people (as defined in clause 28 of the Law Enforcement (Powers and Responsibilities) Regulation 2016), including those with impaired intellectual or physical functioning, Aboriginal and Torres Strait Islander peoples and persons from non-English speaking backgrounds;

iv. is consistent with NSW policy and practice for juvenile justice including principles of diversion from the criminal justice system as well as NSW law, including the Young Offenders Act 1997 (NSW), and the Law Enforcement (Powers and Responsibilities) Act 2002 (NSW); and

v. is consistent with NSW Police policies and practices for policing children and young people, including the NSW Police Force Youth Strategy, as well as the Aboriginal Strategic Direction and Aboriginal Action Plans, the NSW Domestic Violence Strategy, the NSW Police Disability Inclusion Action Plan and all other policies and procedures regarding vulnerable persons.

In the course of the review, the LECC should consult with other professional disciplines such as mental health practitioners, Family and Community Services Managers, the Department of Justice, and community workers about best practice in diversion, crime prevention and the needs of young people.
Finally, this report is the first publicly available study about the STMP. The unjustified secrecy around the STMP has prevented appropriate, transparent, program evaluation and more thorough examination of the impact the STMP is having on young people, crime prevention and police practice. This report’s conclusion that the operation of the STMP is likely to be having damaging effects on young people is compelling grounds for further investigation and external scrutiny.

Wednesday, 15 March 2017

Liberal disunity on show in NSW


Echo NetDaily, 10 March 2017:

NSW Premier Gladys Berijiklian is without a parliamentary secretary after the shock resignation of Lennox Head-based Liberal MLC Catherine Cusack.

Divisions within the government are beginning to show, with the premier’s office on Thursday announcing it had accepted Ms Cusack’s resignation after an explosive email was leaked to the media.

The email, sent by Ms Cusack to the premier following a factional meeting on Wednesday night, strongly criticised the makeup of Ms Berejiklian’s new cabinet.

‘If the situation was not already offensive enough, if you ever say again you made these decisions “on merit”, I swear I will resign from the Liberal Party and join the cross bench’, Ms Cusack reportedly wrote.

She also took aim at Energy Minister Don Harwin, whose controversial promotion to cabinet has already ruffled feathers within the party.

ABC News, 10 March 2017:

Outspoken NSW Liberal MP Catherine Cusack has withdrawn her threats to move to the crossbench, but is standing by her criticism of Premier Gladys Berejiklian's Cabinet appointments.

Late on Wednesday night, Ms Cusack sent a furious email to Ms Berejiklian criticising her ministerial line-up, saying it was based on factions rather than merit.

"If you say one more time that the Cabinet is based on merit, I will resign from the Liberal Party," Ms Cusack wrote in the email.

The Upper House MP, who yesterday quit as parliamentary secretary, said she now regretted sending the damning email, calling it a huge error of judgement. But she said she stood by her comments about Don Harwin being selected as the state's new energy minister.

Ms Berejiklian suggested Ms Cusack's fiery email may be a case of sour grapes after being overlooked for a position on the Government's frontbench.

"I don't blame people for being disappointed for not being in Cabinet," she said.

"She is entitled to her opinion, but I don't support her views; all of my colleagues have my full support."

Social Housing Minister Pru Goward rejected Ms Cusack's suggestion that the Cabinet was selected based on factions rather than merit.

Friday, 17 February 2017

North Coast marine species protection record of NSW Coalition Government a very sad affair in 2017


One dead Great White Shark and 30 dead in non-target/ innocuous marine species. The NSW Coalition Government has a worse by-catch kill rate than many super trawlers.

Report period: 8 Jan 2017 – 7 Feb 2017

Over 8 Jan – 7 Feb 2017 nets were deployed on 27–31 days at five beaches and each checked 28-39 times (Table 1). The contractors are required to check the mesh nets twice a day, but if the weather or bar conditions prevent safe access, then fewer checks are made.

Table 1: The number of days that mesh nets were deployed at each beach, and the number of times each mesh net was checked over 8 Jan - 7 Feb 2017.
Beach
Number of days net deployed
Number of time net checked
Seven Mile, Lennox Head
27
28
Sharpes, Ballina
27
28
Shelly, Ballina
27
29
Lighthouse, Ballina
27
29
Main, Evans Head
31
39

During the second month, 72 individuals across 11 species were caught in the mesh nets

56% were released
44% were deceased and had tissue samples retained for analyses (Table 2).
of the three target shark species (White, Tiger and Bull Sharks), one White Shark was caught in the mesh nets at Sharpes Beach; the animal was deceased and retained for analysis.

      Table 2: The numbers of each species caught in the mesh nets that were alive and released, or dead at each beach.
Beach
Species
Number alive
Number dead
Seven Mile, Lennox Head
Cownose ray
1
0

Loggerhead turtle
1
0

Manta ray
0
1

Whitespotted guitar fish
1
0
Sharpes, Ballina
Cownose ray
1
0

Great hammerhead shark
0
2

White shark
0
1

Green turtle
0
1

Manta ray
2
3
Shelly, Ballina
Bottlenose dolphin
0
1

Cownose ray
3
2

Great hammerhead shark
0
1

Manta ray
0
1

Spotted eagle ray
3
0
Lighthouse, Ballina
Cownose ray
3
2

Great hammerhead shark
0
4

Ocellated eagle ray
1
0

Spotted eagle ray
1
0
Main, Evans Head
Cownose ray
17
7

Great hammerhead shark
0
3

Loggerhead turtle
0
1

Manta ray
0
1

Ocellated eagle ray
1
1

Spinner shark
1
0

Spotted eagle ray
4
0
Total

40
32