report

Information Systems Audit Report 2019

New Land Registry – Titles

Introduction

The New Land Registry – Titles (NLR-T) application is used by the Western Australian Land Information Authority, trading as Landgate, to manage property ownership and location information records for Western Australia. The NLR-T partially automates the previous paper-based land registration process. The NLR-T was developed and is maintained as part of an outsourced ICT arrangement using public cloud infrastructure. This arrangement is jointly managed by a Landgate subsidiary co-owned with a third party vendor.

Conclusion

The NLR-T application works as intended and allows Landgate to effectively manage land title transactions. However, Landgate’s management of user access and information could be improved to protect the confidentiality and integrity of information in the NLR-T. Data verification and external network security reviews will further strengthen the security of the system and information.

Background

Landgate is one of the oldest state government entities. It manages property and land information and maintains the State’s official register of land ownership under the Transfer of Land Act 1893 (the Act).

Landgate uses the NLR-T to manage land title information, including transfers of ownership, mortgages, and discharge of mortgages. In 2017, the NLR-T processed over 1.4 million titles and $36.2 billion worth of transactions.

Prior to 2015, Landgate used the Smart Register system to manage land ownership. However, the aging technology became costly to maintain and lacked the flexibility needed to suit business needs.

The application was built by the jointly-owned subsidiary using modern principles and is maintained on a cloud platform. Implementation started in June 2015 and was completed in January 2017. The NLR-T was delivered in stages to minimise the impact on Landgate’s business. The NLR-T replaced the old Smart Register system.

Government has announced its intent to partially commercialise Landgate’s automated functions including the NLR.

Audit findings

Changes to land information are not reviewed

Landgate does not review transactions in the NLR-T for accuracy. It stopped these reviews in 2016. From a review of 8 land transactions in 2018, we identified 2 land title changes that were made without appropriate delegation. This increases the risk of erroneous or inappropriate changes to NLR-T information, and is a breach of the Act. However, we found the 2 transactions had appropriate documentation to support the changes.

Inadequate user access controls could lead to unauthorised access or misuse of information

We found weak user access controls that pose an increased risk of unauthorised access and misuse of information given the NLR-T uses cloud infrastructure and is built for use by multiple tenants. Special attention should be given to how privileged access rights are managed. We identified weaknesses in the following areas:

  • Inadequate segregation of duties Two staff had been assigned excessive privileges allowing them to perform end-to-end land title transactions. It is a basic security principle that a person who initiates a request should not be the one to authorise it. Without adequate segregation of duties, there is an increased risk of errors not being detected and that unauthorised or fraudulent activities may occur and result in inappropriate changes to land title information
  • Excessive user access rights – We found 7 users were granted ‘Assistant Registrar’ highly privileged user rights, which can be used to bypass system checks, when they only needed basic rights to perform their duties. The privileges were given due to there being no basic access role in the system
  • Irregular user access reviews – User access rights and permissions are not regularly reviewed to confirm they are still required and appropriate. Over time this allows users to accumulate excessive privileges, potentially leading to unauthorised or inappropriate access to information. In 1 instance we found that a former Landgate employee still had access to the network and NLR-T system.

Lack of external Network Penetration testing may result in vulnerabilities going undetected

While Landgate performs internal vulnerability scans of application source code and infrastructure, it has not tested the adequacy and effectiveness of controls to detect and prevent external network attacks on the NLR-T since it went live. A failure of these controls may impact the confidentiality, integrity and availability of land information. These tests are particularly important as parts of the application are publicly accessible and reside in a shared cloud environment. Tests should be performed regularly to keep pace with evolving cyber threats.

Credit card data is at risk of exposure

Landgate is in breach of its own ICT Acceptable Use Policy which prohibits credit card details being stored using insecure methods, such as email. We found payment forms containing credit card information stored in long term backups without appropriate masking of the details.

Storing credit card details without appropriate levels of protection is also a breach of the Payment Card Industry Data Security Standard. The Standard sets guidelines and requirements for organisations that store credit card information. Landgate does have a process to ensure compliance with the Standard and provides training to staff that deal with credit card information, however the controls failed for this process.

Contracted IT services have not been reviewed

Landgate has not had its outsourced ICT services reviewed since the Master Agreement was signed in November 2016. The agreement recommended review of delivery and the cost of services after 12 months. Landgate does not know if the services being delivered meet contractual obligations.

It will be important in any future commercialised arrangements that Landgate maintains visibility of appropriate controls and obtains appropriate assurance over their ongoing effectiveness to protect the security and integrity of NLR-T data.

Recommendations

Landgate should:

  1. review its access policies, procedures and controls to ensure they are implemented effectively
    Landgate response: Agreed
    Implementation timeframe: by July 2019
  2. assess the risks around not performing land registry transaction reviews and ensure implemented controls align with this assessment
    Landgate response: Agreed
    Implementation timeframe: by July 2019
  3. enhance the vulnerability management process to include external vulnerability assessments
    Landgate response: Agreed
    Implementation timeframe: by July 2019
  4. establish appropriate controls to protect sensitive information, particularly credit card information
    Landgate response: Agreed
    Implementation timeframe: by July 2019
  5. consider a review of delivery and the cost of services under the Master Agreement, and ensure appropriate controls and assurances are maintained in any future commercialised arrangement.
    Landgate response: Agreed
    Implementation timeframe: by July 2019

Response from Landgate

Landgate acknowledges the recommendations and has implemented changes to the business processes and practices that support the NLR-T to further enhance the access controls of the application and Landgate’s overall ICT environment. All recommendations will be completed by June 2019.

Landgate has extended its security framework to further strengthen its infrastructure, taking additional steps to mitigate risks:

  • ICT Security monitoring extended to 24/7 coverage;
  • Additional vulnerability-detection software deployed to bolster internal testing;
  • A provider for external penetration testing is currently being procured.

Access to NLR-T is now independently managed via Landgate’s Service Now application ensuring an audit trail of access and approvals, including appropriate authorisation.

The recommendation regarding the protection of sensitive information, including credit cards, relates to a business control that is not specific to the NLR-T. Changes have been made to how Landgate captures the submission of customers credit card details with long-term back-ups now encrypted.

Landgate has renegotiated its Master Services Agreement with ICT service provider, Advara Ltd. The new agreement has been reviewed independently. The governance framework requires all services to be reviewed monthly for performance and delivery outcomes, with comprehensive service level agreement reporting.

 

Back to Top