NSW Electoral Commissioner John Schmidt has told a Parliamentary Committee that urgent cybersecurity fixes are required to 50 NSW electoral systems in an appeal for additional funding submitted to the NSW Government.
A 2020 audit revealed that the Electoral Commission has made thirteen funding proposals totaling $33.8 million in the past, but received only an $8.4 million increase in funding due to a NSW Treasury cap on funding requests.
The submission also appeals for funding to ensure that the existing systems are capable of delivering the 2023 state election and long-term critical system planning for future safeguards. According to Schmidt, the Commission needs budget funding to mitigate the risks associated with its dependency on over 50 internal business systems that are critical to election delivery. Schmidt claims that ‘system issues’ directly impacted voters’ polling at early voting centres.
In 2019, a report from the University of Melbourne revealed decryption vulnerabilities in the NSW iVote digital voting system. This report came after two cybersecurity experts were able to hack into the iVote system during the 2015 elections. Following this report, the NSW Electoral Commission ordered an independent review of the security of the iVote system. While the review identified risks, iVote will continue to be used.
All jurisdictions recognise the importance of cyber security, with NSW allocating $240 million of the $1.6billion Digital Restart Fund to cyber security. Over $163.8 million has been allocated to Australia’s Cyber Security Strategy 2020, including $128.1 million for the Australian Federal Police, the Department of Home Affairs and the Australian Transaction Reports and Analysis Centre to enhance their capabilities to fight cybercrime.
In the last Federal Budget, the Australian Electoral Commission received funding to modernise its election system and on 12 October 2020 issued a Pre-Release Notice PRN on Austender, alerting supplier who can provide Systems Integration, Enterprise Integration and Service Management, and Business Process Management services and infrastructure that it intended to approach the market for ‘Tranche 1’ of the AEC’s modernisation program, which will implement “Initial and Foundational Capabilities. it indicated that the RFT would be released before the end of 2020, with $12.6m in funding provided for the rest of FY2020-21. However, it appears that this RFT is yet to issue.