The Department of Defence has strongly rejected claims a key official at the Australian Signals Directorate involved in assessing cyber security for cloud computing was removed from her position because of an internal rift over how Microsoft gained its certification.
Melissa Osborne, who had been a key industry contact point within the IRAP program at ASD, revealed she was leaving Defence last week after 24 years.
Her move was reported to have been triggered by a refusal to sign off on Microsoft gaining ‘protected’ security classification level accreditation on the certified cloud computing list.
“The Australian Signals Directorate can confirm the information related to the alleged removal of the individual is incorrect. The ASD will not comment further on the employment status of its personnel,” a statement from Defence provided to iTnews said.
“The Australian Cyber Security Centre [ACSC] works collaboratively with cloud service providers to meet prescribed security standards within the Protective Security Policy Framework and the Information Security Manual.
“Microsoft met the prescribed security standards.”
Osborne herself has also strongly disputed assertions made in recent reporting about her departure that centred around an internal “brawl” within ASD on social media.
Defence’s rebuttal came amid claims by the Greens Senator and digital communications spokesperson Jordon Steele-John that there was “a stunning culture of multinational corporation preference” within ASD.
“The government appears willing to shift their own employees if they dare question the intentions of multinational corporations, which could risk the Australian public's right to security of our data.”
"Waiving through [sic] Microsoft's application shows a preference for multinational corporations over Australian companies who are willing to remove senior officials from roles in order to keep the money rolling in,” Steele-John said in a statement.
Steele-John went on to say that it seemed there was “one rule for multinational corporations, and another rule for Australian businesses, who are yet to get a look in to providing protected cloud services to the Australian Public Service.”
"Australians have a right to know that the corporate interest is not being put ahead of the security of our data."
While Microsoft was the first multinational cloud vendor accredited to ‘protected’ level on ASD’s certified cloud services list in April, its listing followed previous and standing accreditations for local providers including Macquarie Government, Sliced Tech, Vault Systems and Dimension Data.
Microsoft’s protected-level accreditation was also accompanied by a new advisory for government users that prompted a flurry of speculation amongst competitors and wider industry.
Comment has been sought from Senator Steele-John’s office.
