Australia's New South Wales (NSW) government has introduced its first cyber security strategy, that will see agencies across the state taking an integrated approach to prevent and respond to cyber threats, reported ARNnet.
The strategy was developed to ensure that services offered by the NSW Government agencies are connected and protected while meeting the needs of the government, business and citizens. It says that individual agencies are responsible for maintaining security of their own systems, services and infrastructure.
NSW government chief information security officer (GCISO) Maria Milosavljevic, who was appointed to the newly created position in March 2017, said that the strategy sets out a $20 million two-year cyber security action plan to create a cyber-safe NSW.
“Cyber security has emerged as one of the most-high profile, borderless and rapidly evolving risks facing governments. Investing in strong cyber capabilities will provide confidence to citizens and business who trust us with their data,” said Milosavljevic at the strategy’s launch in Sydney.
The strategy features a cyber security framework based on the US National Institute of Standards and Technology (NIST) framework that groups initiatives under six themes: lead, prepare, prevent, detect, respond and recover. The strategy aims to address many of the key concerns in a report earlier this year by the NSW auditor-general that found cyber security practices were lacking at the majority of government agencies.
As part of the action plan, the government will introduce best-practice guidelines for detecting, responding and reporting cyber incidents and improve information sharing, including through the introduction of a government-wide threat intelligence platform.
There will also be mandatory cyber incident reporting requirements, and a NSW government cyber security coordination centre will be established from the 2019-20 financial year.
The GCISO will provide coordination, advice and threat intelligence, law enforcement agencies will conduct investigations and provide victim support, while NSW Department of Industry and training provider TAFE NSW will provide industry and skills development. Meanwhile, government agency Infrastructure NSW and the GCISO are collaborating to ensure internet of things (IoT) devices have cyber security risk assessments built in as part of a comprehensive assurance process, reported ARNNet.
The Australian Cyber Security Centre (ACSC) and the Joint Cyber Security Centre (JCSC) also have their roles in the strategy, as well as Data61, the NSW Cyber Security Network and the Cyber Security Cooperative Research Centre.
The cyber security strategy’s introduction comes as NSW approaches its target of 70% of government transactions through digital channesl by 2019.
“As the NSW government leads the way on streamlined digital service delivery, we must also increase cyber resilience and invest to protect against cyber threats,” the strategy states.
NSW is the third Australian state to introduce a dedicated cyber security strategy after Victoria and South Australia.