New South Wales is preparing to unveil its first whole of government cyber security strategy, according to the state government’s security chief Dr Maria Milosavljevic.
Milosavljevic was appointed to the newly created position of government chief information security officer in March last year as part of a push by NSW to increase the ability of departments and agencies to respond to information security incidents.
“In New South Wales we’re uniting cyber security teams,” Milosavljevic today told a NSW Government Digital Marketplace event in Sydney.
“We are working with other jurisdictions to make sure that our national arrangements are all consistent. We’re working more closely with the private sector, with academia on our hardest challenges, and we’re also trying to understand the perspective of victims because they can articulate the issues and allow us to improve how we respond when our defences do fail,” she said.
The NSW government last year developed a cyber security blueprint that laid for foundation for the new function led by Milosavljevic. That blueprint has underpinned the development of the new cyber security strategy, which the CISO said will be launched “very soon”.
Milosavljevic said that her team was working across clusters and agencies “to provide a single reliable and trusted source of truth and expert advice for whole of government cyber risk”.
“We are a central point of contact for the receipt and sharing of cyber information and intelligence across the New South Wales government and we also provide coordination of serious cyber incidents,” the CISO said.
The CISO’s office has based itself on a modified version of the security framework developed by NIST in the US.
The soon-to-be-launched security strategy follows a call earlier this year by the NSW auditor-general for urgent action to improve the ability of state government agencies to detect and respond to cyber security incidents.
“There is no whole of government capability to detect and respond effectively to cyber security incidents,” the report said.
“There is limited sharing of information on incidents amongst agencies, and some of the agencies we reviewed have poor detection and response practices and procedures.”
In its response to the auditor-general’s findings, the state government said that the creation of the GCISO role would help improve security coordination.
The 2018-19 NSW budget, handed down in June, included $20 million over four years to boost the government’s “preparedness for and response to cyber security issues across all agencies”.
In April 2017, the South Australian government appointed David Goodman to be the state government’s first chief information security officer.
Over in WA, the state government says it is working to boost whole of government security through a new cyber security team sitting within the Office of Digital Government. WA agencies have been subject to a string of unflattering security audits.
Last month the latest information security report from WA’s auditor general revealed 60,000 out of 234,0000 active accounts at a range of agencies were potentially at risk from a dictionary attack due to the weak passwords that had been used.
In 2016 the Queensland government announced it would fund a Cyber Security Unit within the state’s Chief Information Office.