An opposition senator has launched a blistering attack against the public servants responsible for a scandal-plagued security upgrade at Parliament House in Canberra.
Labor's Kimberley Kitching has asked the auditor-general to investigate the department responsible for overseeing the bungled $75 million security works.
Senator Kitching accused the Department of Parliament Services of lacking the skills and experience needed to handle the critical project.
"It is my strong view that the department is absent senior personnel who are qualified and possess adequate expertise to manage a capital works project of this size," she wrote to the auditor-general late last week.
"The most disturbing discovery in Senate Estimates was the gross inadequacy of the financial management of this project by the department."
One subcontractor in deep financial strife has bombed out of the rebuild, causing massive cost blowouts.
Senator Kitching also blasted a contract signed with the head contractor, which was silent on guarding against liquidated damages.
"Extensive information about the department's wilful blindness in entering into a contract with the head contractor is now apparent," she wrote.
"Given the total value of the project, it is unconscionable that the department failed to ensure the Commonwealth was protected and would be duly compensated from delays caused by the head contractor."
Senate President Scott Ryan has previously described the 15-month blowout as embarrassing.
A DPS spokeswoman said the work delays were due to the liquidation of one subcontractor responsible for a "small part" of the entire "highly complex" project managed by Lendlease.
She said the Australian National Audit Office had already flagged a potential audit of the security works, which DPS understands remains under consideration.
Senator Kitching also wants the auditor-general to examine the department's handling of a cybersecurity breach of Parliament House networks earlier in 2019.
The hacking attack by a foreign actor brought systems down for several hours.
"It was unsatisfactory that the department's chosen method of communication in alerting users of the outage that had taken down the entire APH network was to send an email," she wrote to the auditor-general.
The DPS spokeswoman said the parliamentary network was disconnected from the internet during the attack, not taken down by the hack.
"The cybersecurity breach that occurred in January 2019 was managed by DPS working closely with security and intelligence agencies," the spokeswoman said in a statement to AAP.
"The Department of Parliamentary Services became aware of the incident on 31 January and DPS and the Australian Signals Directorate acted immediately to monitor activity and plan an effective remediation. Removal of the attacker occurred on 8 February.
"As has been stated publicly, the timing of communication to users of the network was actively considered and approved by the Presiding Officers. DPS has no further comments to add to those made by the Prime Minister, President and Speaker in various parliamentary fora."
Senator Kitching pointed out the DPS planned to spend significant money on technology, network and connectivity projects in the near future.
"There have been variable timelines in relation to these projects," she wrote.
Australian Associated Press