The NSW Government is taking an integrated approach to preventing and responding to cyber security threats across the state, to safeguard our information, assets, services and citizens.
The NSW Government Cyber Security Strategy, released in September 2018, guides and informs the safe management of government’s growing cyber footprint.
The Strategy is built around the following principles to achieve a connected, protected and trusted cyber safe NSW.
Secure
Government systems are secure and resilient to evolving cyber incidents. Non-negotiable minimum security standards are applied across the sector. Our approach is risk-based with an emphasis on securing high impact information and services.
Integrated
NSW Government agencies coordinate and collaborate with other agencies, jurisdictions and the private sector within a federated framework, acknowledging that they are interdependent and cannot operate in isolation. Security is not an afterthought, but is integrated into all ICT assurance processes to ensure that our systems are secure-by-design.
Responsive
Agency capability is lifted through collaboration, training and support. Strong and agile teams are embedded across the sector to ensure a timely response to cyber threats and incidents.
Holistic
Our technical and human capabilities are interconnected and interdependent. From a cyber risk perspective, they operate as one system. We have a ‘joined-up’ mindset, recognising that everyone takes responsibility for cyber security. This requires deep collaborative relationships across sectors and jurisdictions.
To obtain a copy visit https://www.digital.nsw.gov.au/cyber-security-strategy
Industry response includes:
Jason Baden, Regional Vice President, Australia and New Zealand, F5 Networks
“This is a very positive step in the right direction, and it’s great to see the government show they are taking cyber security threats and needs seriously. Initiating a proactive approach to cybersecurity comes at a time when the government landscape has overhauled, following the federal government’s move to also scrap the entire cybersecurity ministry. Demonstrating a major step forward for NSW, the new focus will provide government organisations with a secure digital foundation to build their services upon. For Australia to move in the right direction, this could be the stepping stone needed to set the precedent for our other states to follow suit, while introducing new ways to cost-efficiently deliver dynamic new services.
Today, digital transformation sits at the core of Australian industries, including the rapid evolution within the banking and financial services sectors. The NSW government’s approach reiterates the need for both public sector organisations and corporate businesses to embark on digital transformation projects while simultaneously focusing on security strategies, rather than tackling these challenges in silos. It is great to see the government leading by example with this initiative.”
Darryn McCoskery, General Manager, Rackspace ANZ
“The announcement to roll out a government-wide cyber strategy comes at a critical time, as Australia was recently ranked fifth in the world for data breaches for 2018. In its announcement, the NSW government has addressed calls for “stronger practices to improve their detection and response capabilities” based on an internal, heavily audited report. This is a critical process to address, given the average time to patch a vulnerability spans between 99-180 days. Hackers will continue to exploit common, unpatched vulnerabilities in order to gain access to critical personal data held by both private and public sector organisations. In other words: patch or perish.
Today’s news highlighted the alarming fact that some government agencies lack appropriate response procedures, while others don’t know who to notify if a breach occurs, or have no procedure in place at all. Clearly, the NDB amendment that came into effect earlier this year has not communicated to government agencies and private sector the appropriate steps to take in the event of a breach.
Moving forward, this new government-led strategy is addressing exactly what Australia needs right now: to empower and train the next-generation of information security graduates on the critical capabilities necessary to stay ahead of cyber security attacks in the future.”
