Specifically, the AEC said it requires a solution to digitise all Senate ballot papers, which includes capturing the preferences and metadata, completed in a federal election. “It is estimated this will be in the order of 16 million ballot papers for the 2021/2022 event and will grow by 5 to 10% for each federal electoral event after that,” it adds in the market notification published over the weekend. “Given the size and complexity of the project and operational phase, the AEC’s preference is to purchase an end to end solution.” Senate ballot paper digitisation must be completed by no later than 27 calendar days after election day and the first ballot papers will be available for scanning from the Tuesday after election day. The Senate ballot papers must be processed in the state for which the Senate ballot paper has been returned. “The process for the digitisation of Senate ballot papers will start once the division has finished their processing of the Senate ballot papers,” it said. “AEC is open to solutions as suggested by the provider as to the location(s) of the digitisation solution in each state and territory.” As detailed in the market notification, the successful provider must design, develop, test, build, implement, and support an accurate and secure digitisation solution for the AEC to facilitate the count of Senate ballot papers for an electoral event in compliance with the Commonwealth Electoral Act 1918. The solution must be able to process and export the data from approximately 16 million ballot papers within 27 days from election day. As part of the end-to-end mandate, the provider will be responsible for the development and implementation of the solution, including project management, business analysis, design, and build. The digitisation solution, the AEC said, must protect all data when it is at rest and when it is in transit, and adhere to all security requirements as outlined by the Australian Cyber Security Centre (ACSC). The AEC in 2018 handed Fuji Xerox Businessforce a two-year, AU$27 million contract to provide a ballot scanning system for the then-upcoming federal election. The solution was a “very similar” solution to the one used for the 2016 federal election, which the Australian National Audit Office (ANAO) called out for lacking on the security front. In particular, the ANAO said AEC ditched compliance with Australian government IT security frameworks and said insufficient attention was paid to assuring the security and integrity of the data generated both during and after operation, as the focus was on delivering a Senate scanning system by polling day – 12 weeks out from the election. AEC commissioner Tom Rogers said he was satisfied with the risks that the AEC accepted ahead of its go-live.   One of the concerns raised with Rogers was that Fuji Xerox Businessforce was handed the contract not through conducting a public tender, but rather the AEC used an existing standing deed of offer with Fuji Xerox. During Senate Estimates in May, Rogers was questioned on the ballot scanning process. “The process is that data is manually entered, and that’s matched with the automated process,” he said. “All paper is scanned when it first arrives, and, from that image, which is an image, that data is then entered, and then the data from the scan is then compared with that to make sure that they match. Where they don’t match, we undertake further processes.” It captures an image, Rogers said, and that image is then presented to the data entry operator, who enters the data from that image. “At the same time, the data-capture process – as part of capturing the image – is then compared with that manual process. Where that matches, that’s taken to be an accurate match and it’s included in the count. Where it doesn’t match, we undertake further processes,” he continued. The AEC was asked about its security posture at the Senate Estimates prior, with Rogers dismissing the proposal to allow a non-government researcher to conduct a security audit on its systems. At the time, he said the AEC works with a range of partners, including the ACSC, and that the agency has had its internal code audited and checked to assure that its systems are running smoothly. Closing day for indication of interest is 16 August 2021. See also: Australian Electoral Commission wants VR but thankfully only for education The Department of Foreign Affairs and Trade (DFAT) has also approached the market this week, seeking the delivery of a threat intelligence platform and cyber threat intelligence services. “The procurement is to include strategic, operational, and tactical cyber threat intelligence products/services to be integrated into the provided Threat Intelligence Platform, to allow the department to detect and manage threats posed by malicious actors against the government sector and the department itself; enable the department to search, explore, and investigate threats and vulnerabilities, including its IP addresses, domains, brands, supply chain or technology stack; and request custom threat intelligence products on an ad hoc basis,” it wrote in the request for quote. For the threat intelligence platform, DFAT is seeking a vendor to provide a service, either cloud-based or on-premise, for the purposes of ingesting cyber threat intelligence feeds, with the intention of using it for the management of cyber threat intelligence. The tender closes 27 August 2021. Updated 9am AEST 10 August 2021: AEC later clarified the solution is for 2024/2025 not 2021/2022.

LATEST FROM CANBERRA

Canberra asks big tech to introduce detection capabilities in encrypted communicationPJCIS asks for Australia’s ‘hacking’ Bill to gain judicial oversight and sunset clausesTwo Cashless Debit Card outages and nearly 21,000 Australians on welfare quarantineToll unsure if it lawyered up to avoid ASD assistance following ransomware attackProposed right to repair labelling scheme gets backing from Australia’s consumer watchdog