The Department of the Prime Minister and Cabinet (PM&C) is undergoing a comprehensive upgrade of its security practices, procedures and culture following a review by former Secretary of Defence, Ric Smith.
The review followed the unauthorised disclosure of Commonwealth documents discovered in February 2016, which were suspected of originating in PM&C.
Secretary of PM&C, Martin Parkinson (pictured) has now released Mr Smith’s report, which he received in March.
“This is to ensure the widest possible awareness of Mr Smith’s findings across the Australian Public Service (APS),” Dr Parkinson said.
He said he had “wholeheartedly” accepted all the recommendations of the Smith Review.
“My Department has been working in recent months to implement these recommendations and I have established a dedicated team to strengthen PM&C’s protective security practices, procedures and culture,” Dr Parkinson said.
He said the Department had put in place a system to digitally track the movement, custodianship and disposal of secure cabinets; had implemented new security training packages; and was refreshing all policies, guidelines and procedures.
“I have given strong direction to all PM&C officers on their responsibilities to manage and report potential sources of security failures,” Dr Parkinson said.
“I have personally dealt with and sanctioned a number of officers for their roles in this security breach.”
He said it was important the APS heeds the lessons from the disclosure incident.
“The Attorney-General’s Department will henceforth collate and disseminate lessons learnt from system success and failures across the Service,” Dr Parkinson said.
“The Australian Signals Directorate will support this by facilitating further exchanges of information on cybersecurity.”
At the same time the Smith report was released, Dr Parkinson announced the findings of an Australian Federal Police (AFP) investigation into the unauthorised disclosure.
“The AFP found that the unauthorised disclosure resulted from a culmination of human errors in the recordkeeping, movement, clearance and disposal of document storage containers by PM&C,” Dr Parkinson said.
“The AFP found that the breach was not a deliberate act motivated by criminal or malicious intent.”
He said that, in accordance with standard practice, the full AFP report would not be made public.
Mr Smith’s 45-page report can be accessed at this PS News link.
