Get InQueensland in your inbox Subscribe

Auditor-General slams state water authorities over cyber security weaknesses


Queensland’s accounting watchdog has slammed the state’s water authorities for lax security of their information systems, saying they are leaving themselves vulnerable to fraud and other errors.

Print article

Auditor-General Brendan Worrall said weaknesses in the information systems of entities like Seqwater and Sunwater that he had identified in earlier reports had persisted.

He also warned the high cost of necessary upgrades to infrastructure such as dams would have an impact on the entities’ finances.

“Our only recommendation for the water entities this year is that they address the security of their information systems,” the Auditor-General’s report on the water authorities said.

It said this was one of its recommendations in its audit last year “and has become even more important this year as several entities have introduced new systems and there has been a recent cyber breach in one of the water entities’

“We continue to identify significant control weaknesses in the security of information systems. All entities must have strong security practices to protect against fraud or error, and significant reputational damage,” it said.

Overall, the Auditor-General gave the entities a tick, saying their internal controls were “generally effective” but could be improved.

However, it stressed that their information technology systems were significant weakness, pointing to a cyber breach of a web server by hackers sometime between August 2020 and March 2021.

While no customer or financial information was lost, the Auditor-General warned the use of more cloud-based services meant that vulnerabilities and risks needed to be constantly assessed.

It also said that the true cost of dam upgrades is usually not known until works starts, citing as an example the planned improvements to Lake Macdonald Dam near Noosa, which had blown out from its original $127 million budget.

More News stories

Loading next article