Eamon Ryan
Ceist:132 Mr. Eamon Ryan asked the Minister for Social and Family Affairs the factors that caused a bill of ?300,000 in telephone calls through the hacking of her Department's telephone system. [24299/03]
Written Answers. - IT Security Systems.
As reported recently in the 2002 Annual Report of the Comptroller and Auditor General, one of my Department's telephone systems was accessed illegally at a cost of €294,136.43, including VAT, over a five week period in July and early August 2002. The intrusion used a facility of the telephone system that enables remote access. This type of access is used typically for maintenance purposes. The facility could, however, be used to allow remote callers make international calls through the Department's telephone system. Departmental staff were unaware that the facility existed on the telephone system or that it was enabled. As telephone billing is received in arrears, it was not possible to immediately identify the unusually high usage and it was only through prompt notification from the telephone supplier that the breach was identified and corrective action immediately taken. When the notification was received, the facility which had allowed the intrusion was detected and disabled.
The other 19 similar telephone systems were checked and the feature was found enabled on three others which were immediately disabled. All of these systems have been in place for a considerable period of time. It was also determined that the Department's more numerous smaller telephone systems had a related, although lesser, risk.
Contracts were placed in November 2002 to upgrade all 220 telephone systems to the latest versions of software and, where necessary, hardware. This work began in January 2003. The majority of these systems have now been upgraded and ten remain to be done. A full review of all perimeter security on the Department's voice and data network is being carried out.
My Department is a major user of information and communications technology, ICT, for the provision of customer services and internal administration. The majority of the schemes administered by my Department are computerised and most staff at all levels conduct their day to day communications using computer facilities. To support its 4,500 staff in carrying out those critical business requirements, my Department has an extensive telephone and data computer network linking all 220 Department offices.
My Department reacted swiftly to the intrusion and has since embarked on a major hardware, software upgrade and installation programme to ensure continued adherence to the highest available security standards. External resources are also being deployed to guarantee a consistently high level of security on the network.