Skip to main content

Bureau of Meteorology will outsource "considerable" functions in spite of cyber risk

by Cameron Sinclair •
Free resource

A testy exchange at Senate Estimates has revealed draft plans to outsource significant work currently performed by the Bureau of Meteorology’s (BOM) Digital and Data Group, including platforms and network data centres. 

Director of Meteorology, Dr Andrew Johnson, confirmed that the BOM was proceeding with plans under questioning from NSW Labor Senator Jenny McAlister, during an appearance before the Environment and Communications Committee on Monday evening, 14 February 2022. 

Dr Johnson advised that “approximately half of the bureau's budget is deployed toward capabilities that sits in that (digital and data) group, so we are always looking to deliver them more effectively and as efficiently as we can.” 

McAlister referred to an internal BOM document (number XEM2021-09), which she characterised as “a reasonably well-developed plan to outsource a considerable number of roles and functions from the Data and Digital Group,” listing off physical platforms, network data centres, and core functions including “flood, surface water analysis, radar and upper air.”

The document apparently contains a warning that the “sourcing model could be a cause for concern for staff if consumed without context.”

Labor senators have been highly critical of outsourcing APS capability – and have indicated an overhaul of outsourcing policies if there is a change of government at the next election. 

Suppliers should take note of McAlister’s specific concerns that outsourcing could result in the weakening of governance and cybersecurity arrangements. 

The BOM was the subject to a significant cyber-attack in 2015, leading to a sensitive and secretive overhaul of IT systems, known as the ROBUST program; and in an unusual move, the government decided against releasing any budget information on this revamp. 

In response to a question on notice asked during a 2018 senate inquiry, the BOM advised that: 

“Expenditure for the measure, Bureau of Meteorology – improved security and resilience (ROBUST Program), is not for publication due to commercial-in-confidence sensitivities. Release of expenditure amounts are likely to prejudice active and future tender processes, resulting in reduced value for money.” 

The BOM is coming to the end of a five year (2017-22) corporate strategy.  

Over the five financial years from 2017-18 to 2020-21, Intermedium’s database shows more than $700 million has been spent on various ICT contracts. 

Business services provider RUBIK3 is the top supplier ($77 million), followed by UNISYS ($49 million) and NTT ($46 million). 

Labour hire firms have been significant beneficiaries, including Aurec ($40 million), Talent International ($22 million), Finite IT Recruitment ($21 million), Peoplebank ($19 million), and Hays ($ 17 million). 

As Intermedium noted in a recent contract update, Deloitte Consulting’s contract (CN3621079-A6) for 'Integration Platform' services is now almost three years old, and while it was initially for $11.7 million, it is now at its sixth amendment, and valued at $21.5 million. 

KPMG was engaged in 2019 to conduct a strategic cost analysis of the BOM budget and look for “cost efficiency opportunities.” 

Under the current organisational structure, the Data and Digital Group is led by Nichole Brinsmead, the Chief Information and Technology Officer. There are “already a number of functions within that team or capability are provided through third parties outside the bureau.” 

Dr Johnson confirmed the BOM currently has around 1500 full time and 435 contract staff. 


  • Federal
  • IT Services
  • Labour Hire
  • Industry & Investment
  • Policy