Australian Prime Minister Scott Morrison has defended the delayed exit by the Department of Defence from a Chinese-owned data centre based in Sydney.
Defence made plans in 2017 to migrate all its data into a secure, government-owned facility by 2020, after the UK-based Global Switch owners sold a 49 percent stake to the Chinese consortium Elegant Jubilee in December 2016.
However, the department will remain in the current Ultimo-based data facility in Sydney until 2025 under a $53.5 million contract.
A defence spokesperson told itnews that the decision arose due to the sheer size of the department’s data holdings.
“The size of the Defence holdings made it impractical to migrate all the holdings from the data centre prior to the expiry of the Defence lease in September 2020,” they said. “Defence has developed a plan to migrate its remaining holdings cover the next three to five years, as supported by the government.”
In response to security concerns, Morrison told Parliament that defence had already “migrated its most sensitive data to a purpose-built data centre.”
“Defence data migrations of sensitive ICT data and assets was completed ahead of schedule,” Morrison said. “Defence is now progressing work consistent with the strategy to migrate less sensitive and unclassified data assets to an alternative data centre.”
Morrison added that “within the Ultimo data centre, Defence has in place strict security arrangements, including 24/7 Defence security presence, remote CCTV monitoring and regular security audits.”
Greg Moriarty, the secretary of the Department of Defence, assured Australians that Defence’s data was safe.
“The safeguarding of Defence’s data is of the utmost priority for my Department,” Moriarty said.
Global Switch Group Director Damon Reid told news.com.au the company had no access to customer data.
“All our data centres provide our customers with world-class reliability, security and flexibility,” Reid said.
Matt Warren, a professor of cybersecurity at RMIT University, told The Epoch Times the problem stemmed from the 2017 Beijing National Intelligence Law, which dictates that China-based organisations must provide data to the Chinese Communist Party (CCP) if requested.
“The issue is that there are no boundaries to the geographical location of Chinese organisations, so Chinese organisations with operations in the Western Countries still have to co-operate,” Warren said.
Warren added that there unquestionably were potential risks involved in the extension, but he hoped defence would “have effective cloud-based encryption to protect the data.”
Other agencies like the Australian Taxation Office and the Australian Securities and Investments Commission are expected to finish their migration out of the same data centre by 2022.