A Greens senator warns there is “no way of knowing” if Australian MPs and government officials have been spied on using cameras that have been found to be vulnerable to hackers.
It was revealed in Senate estimates this week the electorate offices of 88 Australian federal MPs had been outfitted with Chinese-made cameras that have been banned by governments in the United States and the United Kingdom because they have been deemed to pose a national security risk in those countries.
“The nature of this security risk means we have no way of knowing if members of Parliament or senior government officials have been spied on,” Greens Senator David Shoebridge told Crikey.
“This is why the previous failure to act is even more troubling.”
His comments came after a heated back-and-forth in estimates with Australian Signals Directorate (ASD) director-general Rachel Noble, who defended her agency’s actions after it was revealed it gave a two-sentence response to concerns raised about the cameras in 2021.
“Vendor choice is a matter for individual government departments and entities. ASD provides technical advice and assistance, including supply chain guidance which is available on cyber.gov.au,” the response read.
“ASD has published guidance on identifying supply chain risks which is available on cyber.gov.au.”
Shoebridge suggested to Noble the cameras had been allowed to continue operating for more than a year after the November 2021 advice because the ASD had “dodged the question”.
“ASD has fulfilled the role required of it to provide technical advice about the threats of internet-of-things devices … and I believe that we have acquitted our responsibility in that regard,” Noble responded.
CCTV cameras made by two Chinese manufacturers are of concern: Hikvision and Dahua.
ASD did publish a “critical” warning about Hikvision products on its website in September 2021, saying a vulnerability had been identified that “could allow a cyber actor to take full control of the vulnerable device”.
The alert went on to advise that the cameras should be taken off the internet in order to mitigate the risk.
Dahua published a similar security warning about some of its products in June 2022.
“We know that security alerts were issued for these products on more than one occasion last year but it appears the government failed to pay attention until the issue found its way to the media,” Shoebridge said.
“It’s hard to have faith in the capacity of the Commonwealth to protect our online privacy and safety when the official advice from its main IT agency was ‘nothing to see here’.”
Noble said during her estimates appearance that “ultimately, the choice of equipment and vendors is a matter for individual government departments”.
The federal government said earlier this week it was in the process of getting rid of all vulnerable devices from electorate offices and that 45 offices still had cameras that needed to be removed.
Chinese foreign ministry spokesperson Wang Wenbin told reporters this week Australia was overreacting and said Beijing hoped Chinese companies would be treated in a “fair, just and non-discriminatory” way.
“We oppose erroneous practices of over-stretching the concept of national security and abusing state power to discriminate against and suppress Chinese companies,” he said.
