Finance attributes PEMS outage to disconnection for unpaid bill
A day-long outage that shut hundreds of politicians and their staff out of the now infamous parliamentary expenses management system (PEMS) has been traced back to an unpaid bill by the Department of Finance that resulted in the disconnection of a secure log-in system.
That’s the full and frank confession of the beleaguered platform’s weary owners, who have categorically ruled out any sort of cyber incident in evidence at senate estimates’ Finance and Public Administration Legislation Committee.
The outage, which hit between 5am and 8pm on 23 January 2024, knocked out the two-factor authentication system needed to access PEMS, thus locking users out, Finance’s first assistant secretary for business enabling services Tracey Carroll told the hearing.
“It was a result of an administrative issue between the Department of Finance and the software company that manages our two-factor authentication. As the issue was identified, we were working with that company, and efforts were made during that period of time to have the two-factor authentication re-established,” Carroll said, pursued by Liberal senator Jane Hume.
After “definitely” ruling out a cyberattack, Carroll was pressed as to whether the minister [Katy Gallagher] was briefed on the incident and said no briefing was provided, intriguing Hume.
“The outage was managed, the issue was worked through, the issue was clearly identified and the system was rectified,” Carroll said, prompting another Liberal senator, James McGrath, to ask what the issue was.
“The issue related to payment arrangements with the service provider,” Finance’s Carroll offered, noting “Finance had identified an issue with the billing arrangements” that needed fixing with an update rolled overnight.”
“There were moneys owed by the Department of Finance, so it was an issue that we had identified that we hadn’t been billed correctly,” Carroll said.
Hume then cashed in.
“So we didn’t pay the invoice and we got cut off?,” Hume said, prompting Carroll to respond “That was essentially it.”
“When that was being worked through, it automatically cut off the services until arrangements were put in place. We have since put in place, with the service provider, arrangements to prevent that happening again,” Carroll said.
Worse still, Finance was paying up-front. When Hume asked, “Do you get a red bill instead and that gives you the warning that you’re about to be cut off?” Carroll replied a new arrangement in place was “such that we are billed in arrears in future instead of in advance.”
There was also no warning the disconnection was coming.
“We did not know that they were going to run the fix and that the fix would automatically cut off our two-factor authentication,” Carroll said, adding that she didn’t think it was the supplier’s intention to cut off Finance.
READ MORE:
Parliamentary expenses management audit criticised in estimates
Source link