NDIS - Optus Hack and Trustwave Cybersecurity Services/Support
Dear National Disability Insurance Agency,
Like millions of Australians, I've very concerned about the Optus data breach and loss of PII (Personally Identifiable Information). Optus seem to have their own security operations centre, run by a company named Trustwave. Ironically, it appears to be a cybersecurity company, owned by Optus. So, my questions are:
1. Has the NDIA/NDIS every used or paid Trustwave for any form of support, services, consulting, analysis or 'work'?
2. Has Trustwave conducted any work or services for the NDIA/NDIS in the past 2 years?
3. Has Trustwave conducted or provided any form or cybersecurity services to the NDIA/NDIS, such as threat assessments, penetration testing, network assurance, etc?
4. Has Optus ever provided cybersecurity advice, products or services to the NDIS/NDIA?
5. Has SingTel, or any company they own or control ever provided cybersecurity advice, products or services to the NDIS/NDIA?
6. If so, can I request a copy of the vendor, 3rd party risk assessment/analysis? This includes the project risk assessment and procurement risk assessment.
Cyber Security is our top priority - Optus
"The new Sydney-based Advanced Security Operation Centre (ASOC), co-located and integrated with the Optus Network Management Centre is a state of the art, highly secure facility that delivers customer service, advanced threat detection, threat intelligence, incident response and security device management."
https://web.archive.org/web/201710141700...
Optus opens Advanced Security Operations Centre powered by Trustwave
"The Optus ASOC, powered by Trustwave (owned by Optus’ parent company, Singtel), leverages Optus’ network security capabilities and is part of Singtel/Trustwave’s globally federated network of ASOCs, protecting Australian organizations from threats regardless of origin."
https://disruptive.asia/optus-security-o...
Singtel, Optus, Trustwave and NCS combine to create mega security MSP
https://www.channelasia.tech/article/650...
2018 Trustwave global security report
https://www.optus.com.au/enterprise/acce...
Yours faithfully,
Gladys
Thank you for your email to the National Disability Insurance Agency
(NDIA) Freedom of Information (FOI) team.
If your email relates to an FOI application made under the Commonwealth
Freedom of Information Act 1982 (FOI Act), the Agency will respond to you
as soon as practicable.
This email address is for applications under the FOI Act only. The Agency
is unable to respond to non-FOI related enquiries sent to this email
address. Any correspondence received that is not an information access
request will not be responded to or forwarded.
If you are seeking to access your personal documents, please consider
submitting your request through our [1]Participant Information Access
(PIA) web-form, which will allow the matter to be processed
administratively.
Should you have a query unrelated to FOI, please contact us by emailing at
[2][email address] or via webchat at [3]NDIA Web Chat (ndis.gov.au).
Alternatively you can also contact us by phoning 1800 800 110.
If you have any questions about making an FOI request, or to enquire about
a current FOI request, please email us with your phone number and a
preferred time for us to call you, and an FOI Decision Maker will call you
back.
Kind regards
Freedom of Information team
Parliamentary, Ministerial & FOI Branch
Government
National Disability Insurance Agency
Email: [4][NDIA request email]
References
Visible links
1. https://aus01.safelinks.protection.outlo...
2. mailto:[email address]
3. https://aus01.safelinks.protection.outlo...
4. mailto:[NDIA request email]
Dear Gladys
Freedom of Information Request: Acknowledgement
Thank you for your request of 1 October 2022, made under the Freedom of
Information Act 1982 (FOI Act), for copies of documents held by the
National Disability Insurance Agency (NDIA).
Scope of your request
You have requested access to the following documents:
1. Has the NDIA/NDIS every used or paid Trustwave for any form of support,
services, consulting, analysis or 'work'?
2. Has Trustwave conducted any work or services for the NDIA/NDIS in the
past 2 years?
3. Has Trustwave conducted or provided any form or cybersecurity services
to the NDIA/NDIS, such as threat assessments, penetration testing, network
assurance, etc?
4. Has Optus ever provided cybersecurity advice, products or services to
the NDIS/NDIA?
5. Has SingTel, or any company they own or control ever provided
cybersecurity advice, products or services to the NDIS/NDIA?
6. If so, can I request a copy of the vendor, 3rd party risk
assessment/analysis? This includes the project risk assessment and
procurement risk assessment.
Unless you advise otherwise, we will take it that you agree to the names
and contact details of NDIA staff being excluded from the scope of your
request (that is, the information will be treated as irrelevant).
Processing timeframes
A 30-day statutory period for processing your request commenced from 2
October 2022 in accordance with section 15(2A)(c) of the FOI Act. You
should, therefore, expect a decision from us by 31 October 2022.
This period may be extended if we need to consult with third parties or
for other reasons. We will advise you if this happens.
Charges
We may apply a processing charge to your request and will advise you as
soon as practicable if a charge is payable.
Disclosure Log
Information released under the FOI Act may be published on the NDIA’s
disclosure log located on our website, subject to certain exceptions.
If you have any concerns about the publication of information you have
requested, please contact us.
Further help
Please contact us at [1][NDIA request email] if you have any questions or need
help.
We will contact you using the email address you provided. Please advise if
you would prefer us to use an alternative means of contact.
Kind regards
Freedom of Information Officer
Parliamentary, Ministerial and FOI Branch
Government Division
National Disability Insurance Agency
E: [2][NDIA request email]
[3]Title: NDIS delivered by the National Disability Insurance Agency
[4]LGBTIQA+ rainbow graphic
The NDIA acknowledges the Traditional Custodians of Country throughout
Australia and their continuing connection to land, sea and community. We
pay our respects to them and their cultures and to Elders past, present
and emerging.
[5]Aboriginal and Torres Strait Islander flags graphic
References
Visible links
1. mailto:[NDIA request email]
2. mailto:[NDIA request email]
4. https://aus01.safelinks.protection.outlo...
Dear Gladys
Thank you for your request for information.
Please find attached correspondence in relation to your request. If you
require these in a different format, please let us know.
Please contact us at [1][NDIA request email] if you have any questions or
require help.
Thank you.
Kind regards
Freedom of Information Officer
Parliamentary, Ministerial and FOI Branch
Government Division
National Disability Insurance Agency
E: [2][NDIA request email]
[3]Title: NDIS delivered by the National Disability Insurance Agency
[4]LGBTIQA+ rainbow graphic
The NDIA acknowledges the Traditional Custodians of Country throughout
Australia and their continuing connection to land, sea and community. We
pay our respects to them and their cultures and to Elders past, present
and emerging.
References
Visible links
1. mailto:[NDIA request email]
2. mailto:[NDIA request email]
4. https://intranet.ndiastaff.ndia.gov.au/h...