Jan McClelland, Chair of the Gateway Network Governance Body (GNGB), knows first hand the damage cybercriminals are capable of, and says every player across the superannuation industry must unite in the fight against cybercrime. By BEN POWER.
In early March this year, cybercriminals stole Jan McClelland’s identity. “It was pretty frightening,” she says. “They worked very quickly. They captured a lot of information and they set up multiple accounts.”
The attack on McClelland gave her a visceral insight into importance of cyber security, which has emerged as a key threat to the Superannuation Transaction Network (STN), the vital network that processes Australians’ super transactions.
McClelland is Chair of the Gateway Network Governance Body (GNGB), the body tasked with protecting the STN’s security and integrity. “I understand cybersecurity first-hand,” she says. “It’s real. Very real. It’s not always apparent immediately what’s happened. And it takes a lot of time to unpick and find out exactly how far they have gone.”
In an increasingly dangerous cyber environment, including a surge in super scams, McClelland is now moving to bolster her resilience against cyberattacks, personally. And she is also moving to protect the STN, a key artery in the functioning of Australia’s superannuation sector, against damaging cyber disruption.
McClelland and the GNGB have a key mission: to stay one step ahead of the bad guys.
McClelland learnt resilience growing up in Blakehurst, a suburb south of Sydney. “There were a lot of young families and kids. We lived in a cul-de-sac, which we called a ‘dead end’, and we played cricket in the street with boys and girls. It was a really loving and supportive environment.”
She thrived at the local school, becoming school captain and dux.
Her father was Doug McClelland, a former court reporter who forged a high-profile political career, becoming a Senator for NSW, and a minister in the controversial Whitlam Government, where he served as Australia’s first Minister for the Media and then President of the Senate.
“As a child of a politician you got a lot of comments around your parent’s political views, particularly at election time” she says. “It makes you quite resilient.”
At the University of Sydney, McClelland majored in psychology and government. But after starting her career in Canberra in the Australian Public Service, she studied law at Macquarie University, realising it would help her better understand government decision making and policy frameworks.
McClelland climbed the public service ladder, eventually in 2002 becoming the first female Director General of the NSW Department of Education and Training, which runs the state’s schools and vocational training. There she drove the modernisation of schools, bringing in technology such as computers, broadband and online hubs.
For the past 15 years she has worked as a consultant and director across the public, private, and not for profit sectors, including Deputy Chancellor of the University of New England, the Rice Marketing Board and NRMA. (In the 2015 Australia Day Australian Honours, McClelland was awarded the Honour of Member of the Order of Australia for her service to a range of education, business, social welfare and community organisations, and to public administration.)
Despite successfully juggling multiple roles, McClelland, who has a son, says there is no secret to work-life balance. “I don’t think there is an easy answer. Everybody has a different solution. I was very lucky to have a supportive husband who was very helpful and understanding along the way, which has made it easier for me in some respects.”
In 2016 McClelland was approached to chair the GNGB, the self-regulatory body for the STN, which had been initiated by the Australian Tax Office, the superannuation industry and gateway operators. (Gateway operators are service providers which route, switch and package data messages between employers, super funds and the ATO).
The STN is a data infrastructure network that was developed to assist employers and super funds to meet their obligations under the mandatory data and payment standards that arose when the SuperStream regulatory program began to be implemented from 2012.
GNGB’s work is vital. It oversees a staggering number of transactions, including 3.5 million super contributions each month and 100,000 roll overs a month. “It’s high volume but high stakes,” McClelland says. “If the messages don’t get through, that can ultimately affect when contributions land in different funds. It’s very important to work quickly, efficiently and most importantly, that the security and integrity of the system is maintained.”
In a recent interview with Superfunds, Hans van Daatselaar the Executive Officer of ASP Services, likened the GNGB to “the engine in the car – no one travelling in the car really needs to understand exactly how the engine operates, they just want it to drive”.
“It’s the same for the GNGB. Superannuants don’t need to understand exactly how their transactions are processed and protected, but they certainly want to have trust that they are,” van Daatselaar added. “It’s a big responsibility earning that trust.”
The chair role at GNGB appealed to McClelland because it was a new challenge and built on work she had undertaken as a consultant in 2008 in reviewing the Banking Code of Practice, which stimulated her interest in the financial services sector.
But the role was also a great chance to implement the strong leadership and culture philosophy she has developed during her varied career.
McClelland says as a leader you firstly need to value and recognise what people contribute; and to empower them to do their jobs and feel good about what they’re doing. “Leadership is listening,” she says, adding “it’s important to listen to feedback about one’s own performance”.
Levity and humour are also important.
But, perhaps most importantly, leaders must respect and value diversity. Diversity is not just about gender, race, culture and language, McClelland says, but also diversity of thinking and contribution. “For me diversity is a richness. You get different perspectives and I think you get better decision making from it.”
For me diversity is a richness. You get different perspectives and I think you get better decision making from it.
McClelland believed she could particularly make a strong contribution at GNGB by bringing people together, working towards outcomes, and recognising and managing diversity.
The GNGB board includes representatives from the Financial Services Council (FSC), ASFA, the Australian Institute of Super Trustees (AIST), employers, the software industry via the Australian Business Software Industry Association (ABSIA) and gateway operators.
“It’s a self-regulated environment,” McClelland says. “So you’ve got to have the cooperation between players to make it work. That’s been one of the things that we have been very successful at doing and demonstrating.”
Other players in the financial services transaction environment often look to GNGB as a role model for collaboration and cooperation, McClelland notes.
GNGB works because “all the key players are in the room together and are making decisions that have a collective benefit for the security and integrity of the STN. That’s much easier than having to go off here and there, and somewhere else, and trying to work out who you have to talk with to make things happen.”
GNGB works because “all the key players are in the room together and are making decisions that have a collective benefit for the security and integrity of the STN.
McClelland says there is a lot happening in the space of electronic payment related transactions, including the electronic processing of invoices, or ‘e-invoicing’, and single touch payroll (STP) established by the ATO to enable faster facilitation of payroll payments.
The GNGB works very closely with the nine gateway operators, and McClelland says there is a strong feedback and continuous improvement loop. Gateways can make suggestions as to where processing standards need to be tweaked and GNGB helps put them into effect.
GNGB has also played a key role when gateway or government systems have gone down. “We have strong business continuity processes and we undertake regular scenario planning and practice exercises. This helps to ensure a calm, measured and coordinated approach to managing issues such as the stockpile of transactions that need to be processed.
“It’s very much about continuous improvement, working collaboratively. We work very closely with the ATO, with gateways, and associations to make sure this happens.” Photography by Aran Anderson.
The biggest issue GNGB is grappling with is cybersecurity, which creates serious financial and privacy risks. “We’re trying to take a leading role in this because it’s so critical to the space we operate in.”
Cybercrime has been surging. In 2018, according to the Australian Cyber Security Centre (ACSC), some 6.09 million—or one in four—Australians were the victims of cyber crime or cyber enabled crime.
But cybercrooks are increasingly targeting superannuation.
According to the Australian Competition and Consumer Commission, in 2019 Australians lost over $6 million to superannuation scams. Those aged 45-54 lost the most in super scams. During the current COVID-19 crisis, scammers have stolen personal information, then set up fake myGov accounts to fraudulently access superannuation funds under the Government’s early release scheme.
The Superannuation Transaction Network (STN) has not yet been targeted. But the risks are rising. “They [cyber threats] are becoming more and more sophisticated and closer and closer to home,” McClelland says, adding that attacks can come from different sources, including very simple ways such as phishing emails to end users which can compromise whole systems and networks.
GNGB is well prepared for an attack with protocols and mechanisms in place to manage any incursion. If gateways see any suspicious activity, they report it to GNGB who then alerts other parties.
But McClelland says her organisation is beefing up preparedness.
Last year, and just recently in June, GNGB ran a cyber security incident response day. The gateways, the ATO, and other players, war-gamed various cyberattack scenarios and responses. “It’s been really helpful in identifying just simple things like communication strategies and responsibilities that are so critical when an attack occurs.”
GNGB has also set up forums/discussions around those topics, and in 2019 it established a Security Committee to ensure GNGB was at the forefront of strategy and thinking in relation to security and integrity of the STN. The Committee has reviewed the information security requirements (ISR) of the STN to ensure they align with best practice.
“It is truly a matter of just keeping on top of it, and keeping the communication going and co-ordinating discussion around it.”
McClelland says the key focus of GNGB over the next short to medium term is to further develop the threat sharing capability both within the STN, and with broader industry and government. Photography by Aran Anderson.
McClelland says she will have succeeded in her role as Chair of GNGB by positioning the organisation to continually improve, to constantly stay “one step ahead of the bad guys”.
Staying ahead of the bad guys is what McClelland has done after this year’s personal cyberattack. By moving quickly, she was able to follow the trail of the cybercriminals and minimise the extent of the financial loss. She has enhanced personal security, changing account details, and keeping watch for any unusual activity.
McCelland says with cybercriminals becoming more powerful and pervasive, every player across the entire superannuation industry must unite in the fight against cybercrime.
“In the superannuation environment, the end-to-end value chain is complex with many different parties playing a role in processing an individual members’ data.
“It is essential that security is a priority at every step along that value chain. Every organisation and individual can play a role in ensuring data security.”