Senior sources have told The Advertiser last November’s cyber attack on the State Government network was believed to have emanated from China.

The government has declared it responds “to hundreds of cybersecurity incidents each year” but declined to respond to questions about the major cyber attack, deeming this not “in the best interests of the community”.

It is understood the State Crisis Centre, which the Premier can activate during a major emergency or disaster to provide a co-ordination point for ministerial advice and decisions, was last year activated only for bushfires, the coronavirus pandemic and the November cyber attack.

Opposition treasury spokesman Stephen Mullighan is demanding to know whether personal data, such as credit card or licence information, was accessed in the hack.

A government chief information security officer is now being recruited – a role ICT and digital government director Dr Eva Balan-Vnuk described in the job ad as “very senior”.

“We are under cyberattack from all sources and protecting the state’s information, the state’s people and the state’s interests is of paramount importance,” Dr Balan-Vnuk says in a recruitment video for the role.

Prime Minister Scott Morrison last June declared a “sophisticated state-based cyber actor’’ was waging a cyber attack targeting Australian businesses, political organisations, education and health providers and all levels of government.

At the time, Premier Steven Marshall said cyber criminals were attacking sensitive South Australian data every day and declared the state wanted to be a national leader in cybersecurity.

A government spokesman did not answer detailed questions about the nature of November’s cyberattack, including whether confidential information was compromised or the extent of any lasting impact.

“The South Australian Government responds to hundreds of cyber security incidents each year, with more than 1600 reported in 2020 alone,” the spokesman said, in a written statement.

“It does not comment on the specifics of cyber security incidents, unless it is in the best interests of the community.”

The spokesman said the chief information security officer would be responsible for “delivering a range of cyber security standards, policies and frameworks to keep the state’s information and assets secure”.

Contrary to Dr Balan-Vnuk’s suggestion in the recruitment video that the job had been repurposed as an “internal-facing role to government”, the spokesman said the role “was first created in 2017 and is not a newly created position”.

Mr Mullighan said activating the State Crisis Centre showed the cyber attack was a major event and questioned why Mr Marshall had kept it secret.

“South Australians give a lot of their personal data to the State Government and Steven Marshall must answer whether anyone’s personal data has been stolen,” he said.

“The government’s registration and licensing system includes hundreds of thousands of names, addresses and photographs and, in many cases, credit card information.

“This is highly sensitive data and South Australians deserve to know if any of it has been compromised.”

The Advertiser last July reported a 500 per cent surge in cyber attacks on State Government departments and agencies in the previous five years.

This prompted a directive from the Department of Premier and Cabinet reminding public servants of their reporting responsibilities and warning failure to be vigilant could result in misconduct findings.

More Coverage

SA firm in face of cyber onslaught

Steve Rice

US link to Australian cyber attack claims: China

Tamsin Rose, Clare Armstrong, Staff writers, AAP

Originally published as Major cyber attack on South Australian government computer network