in

Services Australia working on WPIT overhaul cyber concerns

The Department of Human Services over five years ago kicked off the program of work to basically replace the then-30-year-old Income Security Integrated System (ISIS) that is used to distribute welfare to Australians.

The project, known as the Welfare Payment Infrastructure Transformation (WPIT) program, was slated to cost around AU$1.5 billion and run from 2015 to 2022.

The Australian National Audit Office (ANAO) last month handed down its examination of WPIT, finding the former department, now known as Services Australia, had “largely appropriate arrangements” in many areas, but was lacking on the cyber and cost monitoring fronts.

Agency representatives told Senators last week that it was currently working on the recommendations made by ANAO.

“We would agree with the ANAO report at that time that there were components of the system that have not been accredited, we have an approved program of work that is going through that accreditation program now,” Services Australia general manager cyber services Tim Spackman said.

“I think it’s worth noting that there is a number of components to that system and even small changes require re-accreditation throughout that process — it’s not a set and forget scenario.”

Spackman said the department has worked closely with the Australian Cyber Security Centre and that it has a “really good capability” in its 24/7 cyber operation centre.

Specifically, Spackman said the department is currently looking at the ISIS component and has “done the lion’s share of that work”. He said completion is due before the year is out.

“I would like to stress though, that the accreditation piece does not mean that nothing’s happening in the interim, we are continually looking at maturing our cyber capability,” he continued. “We just need to accept some of the mitigations and put that into a program of work.

“The system is large and changes of that scale shouldn’t be done quickly or done in an ill-planned way, so it does take some time to ensure that we don’t disrupt services.”

Providing an update of where WPIT is up to, deputy CEO for transformation projects Charles McHardie said Services Australia is currently in tranche four of the project.

He said the agency has been funded to deliver across five key priorities in the final two years of the program. The first, he said, is reusable technology.

“That is rolling out what we call a new payment utility capability, which allows us to replace the current payment capability that sits in the ISIS system, pushing the payment out to the Reserve Bank. So we’re replacing that,” he said.

Services Australia released one payment through that program six weeks ago, the parenting allowance, and coming on Tuesday is scheduled to be pensions.

“That’s been developed in what we call the SAP S4 HANA technology capability,” he said.

The second one is the entitlement calculation engine, which McHardie has called the “heart of the ISIS system”.

“The ISIS system has about 30 million lines of code, so quite complex, and around 4 million lines of that code base is related to entitlement calculations,” he said. 

“This is basically where a customer submits a claim to us, tells us the circumstance of their situation, the system takes that circumstance, any information we already know about them in the core database that supports it, plus any additional information that’s been input by staff as part of that claim process, and comes up with an entitlement calculation based on social security legislation rules, which sit in that system.”

He said based on that, the payment utility would make the payment through the Reserve Bank.

The agency has outsourced this to systems integrator Infosys and is utilising technology from Pegasystems.

“Over the period from now all the way through to the end of 2022, we will replace all of our entitlement calculations with that new capability,” he said. “So they’re what we call the two pieces of reusable tech.”

It is expected Services Australia will use the technology for aged care reform and veteran-centric reform, too.

The agency will then be implementing automation, claim transformation, circumstance updates, and a “data and enabling capability”.

“The main thrust there is to replace all of the screens that our staff use when they process new claims, and when they deal with claim maintenance activity on a daily basis,” McHardie said.

HERE’S MORE


Source: Information Technologies - zdnet.com

US Cyber Command exposes new Russian malware

CERT/CC launches Twitter bot to give security bugs random names