December 24, 2022
The National Disability Insurance Agency is about to replace its head office security surveillance system out of security concerns about China-linked devices, and Liberal senator James Paterson is urging all government departments to follow suit and immediately "rip them out".
The United States and the United Kingdom have restricted the sale and use of equipment from Hikvision and Dahua, along with several other Chinese companies, on national security grounds. The British government has told its departments to stop installing such devices at sensitive buildings.
Earlier this month, Dahua cameras were identified in the security system at the Home Affairs headquarters in the Parliamentary Triangle. Senator Paterson cites intelligence experts who say the devices could be used as spyware even when users think they are turned off.
"I launched an audit of all Australian government departments and agencies because Home Affairs was not able to tell me how many cameras were installed or where they were," the opposition's cyber security spokesman told The Canberra Times.
"Although only some answers have been received, I am concerned by how many of these cameras are in operation across public service sites."
"They have no place in any Australian government site. We should follow the lead of our AUKUS allies and rip them out immediately."
In answers to Questions on Notice from Senator Paterson about the use of Hikvision and Dahua security cameras, intercom systems, access control systems and other such devices has identified hundreds across departments, some apparently linked to networks.
The Minister for Social Services has advised a Hikvision closed circuit television (CCTV) system with 132 cameras and four recorders which started operating in March 2019 is about to be replaced at the Geelong national office of the National Disability Insurance Agency.
"This infrastructure will be replaced in the first quarter of 2023 with Australian government Security Committee equipment catalogue approved CCTV and NVR equipment," the answer provided by the Minister for Social Services read.
The Minister representing the Minister for Government Services Don Farrell has advised 127 Hikvision and Dahua devices have been found on 45 Services Australia premises.
"An initial assessment indicates that a majority of these devices are not connected to the Services Australia network but we are undertaking further investigation," the Minister said in the answer.
"The agency is also approaching the whole-of-government property services provider for confirmation that the relevant firmware upgrades have been applied to mitigate the cyber vulnerability advised by the ACSC (Australia Cyber Security Centre)."
The Minister said he was advised that some of these devices may have been installed prior to the agency moving into the building.
Finance Minister Katy Gallagher said 122 devices have been found at 88 Department of Finance sites but she provided no further information.
The Resources Department has a Dahua recorder, with 13 cameras, installed at a departmental site, while the National Offshore Petroleum Safety and Environmental Management Authority has several Dahua cameras and recorders. The systems are advised they are operating as standalone devices without external or wireless connectivity.
Senator Paterson wants them gone.
"These companies are subject to China's national intelligence law which compels them to share information with Chinese intelligence agencies, and are actively involved in the surveillance and repression of persecuted ethnic minorities including Uyghurs in Xinjiang," he said.
Questions asking about China-linked surveillance devices at departments such as Defence, Health, Climate Change, Veterans Affairs, Treasury and Prime Minister and Cabinet have not yet been answered.
It comes after three top federal government agencies were marked as having "not fully effective" cyber security arrangements by the Australian National Audit Office.
The Foreign Affairs Department, along with the Australian Taxation Office and the Australian Federal Police all scored dismally on cyber security management, despite a renewed focus on beefing up digital protections in the wake of a string of high-profile cyber attacks.
