The Western Australia Parliament has been forced to shut down its phone, email and internet systems after a computer virus successfully penetrated the government firewall, it has been revealed.
It emerged that an internal memo sent to MPs admitted that a so-called 'Trojan virus' had circumvented the IT network – forcing all computers and communication systems into isolation until the exploit could be contained.
The full memo to MPs explained: "Currently, IT staff are working jointly with external IT specialists on a solution to return the network to normal operating status.
"The Parliament prepares for these types of events and has a number of contingencies in place to deal with interruptions to network and communications and to ensure ongoing facilities management is effective. To prevent further virus infiltration, computers and phones have been isolated and are therefore currently inoperable. We will be progressively restoring systems once we are confident that it is safe to do so."
As first reported by ABC News, Speaker Michael Sutherland told the chamber that a number of operations would be impacted by the cyber incident. "The Parliament's IT network is currently offline, which has affected a number of house operations including Hansard publications, the preparation and processing of questions on notice and answers to questions on notice," he said. "In addition, Parliament House telephones and building paging systems are not operational. It is expected that we will be fully operational again by this afternoon."
Meanwhile, Labour Member for Midland, Michelle Roberts, indicated the Parliament had little experience with dealing with high-level cyber-attacks. "[The breach] shows that there's a new era in vigilance required, not just on the personal security level, but especially in terms of cyber security," she told ABC news. "I expect there are people who have got access here to all kinds of important information that does need to be secure."
The self-imposed communications blackout occurred on 16 February and it remains unclear if any government data was stolen or compromised in the attack – which has all the standard signs of being a spearphishing-style hit.