‘Circle of hell’: NSW Electoral Commission cyber funding frustrations reach fever pitch

Uncertainty about cybersecurity funding for NSW electoral systems means that it is too late to implement some corrections in time for the 2023 state elections, the election commissioner revealed.

John Schmidt expressed frustration over what are now four failed offers of funding to protect electoral systems from threats.

Schmidt described the process as “Kafkaesque” and a “circle of hell” in last week’s budget estimates.

He warned that even with the money, the corrections are “impossible” to implement before the delayed municipal elections to be held on December 4, and that the financing door is rapidly closing for future elections.

Schmidt first raised the alarm about the commission’s precarious cybersecurity posture in April 2021, saying that more than 50 electoral systems required “urgent” fixes to comply with the government’s cybersecurity policy.

At the time, he said the lack of funding for systems and staff meant that the commission “does not comply, and cannot comply in the foreseeable future, with … mandatory cybersecurity policies.”

The commission is one of several agencies in this position, and the NSW Audit Office revealed late last month that “low levels of cybersecurity maturity are a major concern” across state government.

Despite Schmidt’s public call, this year’s budget contained no new funding for the commission to address the issues, making it the fourth year in a row that the government has rejected an offer.

The government’s apparent unwillingness to fund the fixes comes at a time when it has set aside $ 240 million for cybersecurity between 2020-21 and 2022-23 and is raising defenses at various agencies.

Speaking at a budget estimates hearing last week, Schmidt said a business case for $ 22 million for cybersecurity improvements was filed over four years as part of this year’s budget process.

He said that “in discussions with the Treasury … the decision was made to refer [the proposal] to the digital reset fund, ”which is providing $ 2.1 billion for IT projects between 2020 and 2024.

“That was discussed with the organization and that was, I suppose, because money is very scarce in the Covid situation,” he said.

But since the Digital Reset Fund (DRF) is primarily for short, sharp digital projects of common value, Schmidt said there was confusion as to why the offer had been submitted in that area.

“One of my officers was in the first meeting with some of the people from the department and he asked himself the question, ‘Why are you bringing this here? It does not meet the criteria, “and this is true, we do not meet the DRF criteria,” he said.

“The digital reset fund is intended to provide funds for a limited time. We do not seek financing for a limited time; we are looking for continued operating financing. “

While the Customer Service Department, which owns the DRF, “agreed to consider the request, Schmidt said a decision is unlikely to be made until February 2022, making some changes difficult.

“I will be quite honest: it is too late to take some of the measures now that we would have liked to implement for the state general election because we had planned that the funding … will come to us on July 1,” he said. .

“Now we are in November and it may be February [2022] before the money starts to flow. “

Schmidt also noted that the amount of funding the commission had sought through the DRF had been reduced “in part because the $ 20 million business case requirements were too onerous … so we are now taking a case approach. of lean business “.

“I don’t want to say this lightly, but some of this has a Kafkaesque feeling at some point,” he said, then added that the process was “a circle, a circle from hell.”

“One of the criticisms of the business case was that it did not have a proper cost-benefit analysis, including the economic impact on the state of a failed election,” said Schmidt.

“I can tell you that it costs a lot more. It costs more than $ 100 million to re-run a state election. I thought that would have spoken for itself, but no. “

When asked by Labor MLC Mark Buttigieg if it was possible for the commission to meet cyber standards in four weeks if Perrottet was successful in funding, Schmidt replied “no, [it’s] impossible”.

Prime Minister Dominic Perrottet has promised to meet with Schmidt to discuss funding issues as a matter of urgency.

Electronic voting through the commission’s iVote system will be available to citizens for the first time in this year’s local council elections.

Leave a Comment