The Victorian government has signed off on a cyber security strategy for the state and created a new whole of government chief information security officer (CISO) role to oversee its execution.
A state government Network and Cyber Security Statement of Direction was issued in August following the launch earlier in 2016 of a new ICT strategy for Victoria.
That statement of direction envisaged the development of a state government cyber security strategy to improve governance and accountability arrangements; boost coordination across government; improve the information flow for security alerts and sharing of incident data; and describe the new cyber security capabilities required to respond to the threat landscape, including the development of a Security Operations Centre (SOC) service.
The SOC would help boost cyber security across government through a shared services model, including providing a managed security services panel and access to industry specialists for forensic analysis and threat and vulnerability identification. The statement of direction also foreshadowed the creation of a cyber resilience framework for the government.
“Cyber security is a serious issue for both government and industry and this why the Victorian Government has developed a new cyber security strategy,” a spokesperson for the Department of Premier and Cabinet told Computerworld.
“The strategy will be released shortly and the newly created role of chief information security officer will be crucial to implementing it.”
The strategy is a three year plan, developed with industry, to address known and emerging issues for information security and infrastructure security, the spokesperson said.
“Cyber security is a focus for the government as the risk of attack is high and escalating. This strategy will help government and business understand and quickly respond to issues in a coordinated way.”
The new CISO position sits within the Enterprise Solutions Branch of DPC, and the government recently launched a recruitment process to fill it.
The information security chief will “lead and deliver the cyber security strategy, and associated program of actions, for whole-of-Victorian-Government to strategically build and sustain cyber resilience,” recruitment documents state.
The CISO will be the principal liaison with the federal government on cyber security matters and oversee whole-of-government response to security incidents.
She or he will also be tasked with building and leading an in-house DPC cyber security team of eight to 10 people as well as a broader “informal” team that draws on external sources to help develop security policy and standards.
The new executive will chair the Cyber Security Strategy Group and establish and chair the Industrial Control Systems/SCADA Cyber Security Working Group reporting to the State Crisis and Resilience Council.
Victoria is not the only state government to create a new CISO position as part of broader efforts to boost cyber security.
In April, the South Australian government appointed David Goodman to be the state’s first CISO. Goodman will head up the SA Department of the Premier and Cabinet’s Cyber Security and Risk Assurance team.
In New South Wales, former AUSTRAC CIO Dr Maria Milosavljevic has been appointed CISO.
Earlier this year the federal government released its first annual update to the national cyber security strategy.
Applications for the Victorian CISO position are being accepted until 30 July.