NSW Gov unveils first cyber security strategy


The New South Wales Government has released the state’s first cyber security strategy, revealing an integrated plan to boost public sector agencies’ capacity to prevent and respond to cyber threats.

The two-year action plan includes an integrated, whole-of-government approach to manage cyber risk and respond to cybersecurity threats, as well as safeguarding citizen information, assets, and services.

“The Strategy sets out the NSW Government’s $20 million cybersecurity action plan to create a cyber safe NSW,” said Maria Milosavljevic, appointed as the inaugural NSW Government chief information security officer (GCISO) in March last year.

“Cybersecurity has emerged as one of the most high-profile, borderless and rapidly evolving risks facing governments. Investing in strong cyber capabilities will provide confidence to citizens and business who trust us with their data,” Milosavljevic said.

The 2018-19 NSW budget, handed down in June, included $20 million over four years to boost the state’s “preparedness for and response to cybersecurity issues across all agencies”.

The cyber strategy comes as a result of feedback received earlier this year from the NSW auditor-general which urged Government action to improve state agencies’ ability to detect and respond to cyber security incidents.

The strategy’s action plan encompasses six core elements, namely to “lead, prepare, prevent, detect, respond and recover,” each consisting of an ideal result for this action.

For example, one of the key initiatives of the ‘recover’ element will be identification recovery, with the aim of creating an efficient recovery service for customers that have their cyber identities compromised.

Of the ‘prepare’ action, the Government will enlist the NSW Department of Industry to develop a cyber skills pathway model for NSW Government agencies.

Milosavljevic said this “suite of initiatives will ensure that the government is equipped to prevent, prepare for and respond to incidents and that each agency and all staff have a clear understanding of their role.”

Service and data integration will form a crucial part of the overall cyber strategy. This includes the creation of a new inter-agency information sharing protocol and whole-of-government threat intelligence platform that will provide regular notifications, security advisories and incident alerts to all agencies.

New South Wales will be the third state, after Victoria and South Australia, to introduce a cybersecurity strategy.