Report finds that majority of SA government agencies are not prepared for a natural disaster
THE majority of South Australian government agencies are not prepared for a natural disaster with the risk that crucial infrastructure and services could be affected.
CRITICAL State Government agencies have failed to safeguard against natural disasters, exposing their services - and the public - to potentially catastrophic consequences, a report has found.
The Auditor-General’s report found that 19 departments, including transport and emergency services, do not have disaster recovery plans for their crucial computer systems.
The review, which followed the statewide blackout in September 2016, warns several critical pieces of infrastructure were at risk of effectively grinding to a halt in a disaster.
It warns data centres storing information crucial to running the state are vulnerable to blackouts, flooding, earthquakes and fire and, in many cases, there is no back-up in place.
The report warns that in the event of a disaster:
COMPUTERISED train controls and rail traction systems under Transport Department control may be affected.
KEY BUSINESS systems used by SA Water are not covered by recovery plans.
EDUCATION data and functionality may be lost.
Alarmingly, even the South Australian Fire and Emergency Services Commission, which oversees the response to natural disasters, does not have a disaster recovery plan.
Of the 19 State Government agencies audited as part of the report, six did not have a disaster plan in place for all or part of their computer system.
A further 10 had plans that were either still in a draft phase or are requiring review.
A State Government spokeswoman said the report findings were being addressed through the State Emergency Management Committee with many of the agencies strengthening their disaster response infrastructure.
The report was released almost a year after the Burns Report into the September 28 blackout was made public.
As of September this year, only 19 of the 62 recommendations of the Burns Report had been actioned while others were “under way”, the State Government spokeswoman said.
Associate Professor Dr Mark Gregory, from the RMIT school of Engineering, said the fallout from a natural disaster with no planning ranged from small delays to dire consequences.
“It could vary from a minor inconvenience to consumers and agencies through to something very serious,” he said.
“When it comes to education and health especially, it could be a very serious outcome. It could vary but the outcomes could be very significant.
“One of the reasons this report occurred was because of this power outage, that happened September 2016. It is now December 2017 - over a year and these organisations are still “strengthening their recovery arrangements”. It does not take a year to do this, not if you want to do it.”
The report showed only one State Government agency had conducted full disaster recovery training while two others had not completed any testing of their data recovery procedures.
An unnamed State Government agency told auditors it was so underfunded and lacking resources it was not able to address its “control deficiencies”.
The consequences of State Government agencies losing computer function for even a few hours can range from a mild inconvenience to serious data land functionality loss.
Dr Gregory said the report showed the State Government was not willing to pay the upfront cost of installing necessary data protection infrastructure.
The Government spokeswoman said audits were being undertaken by most agencies.
“All agencies are expected to undertake regular audits and independent reviews as part of the Government’s policies for ICT and regularly review and make improvements based on available new technologies and any newly identified risks,” she said.
“Government agencies have been reviewing the findings of the Auditor General’s Report and are responding to the recommendations.”