By Julian Bajkowski and Paul Hemsley
Victoria has said it will become the first state to formally develop a whole-of-government Cyber Security Strategy to bolster its digital defences and keep critical online services running – a move that could soon to be replicated by other states and have a significant flow-on effects for councils and local governments.
To be completed in 2014, the strategy appears to be the first time an Australian state government has sought to spell out clear lines of responsibility and demarcation for dealing with cyber threats and issues that have traditionally relied on a more ad hoc framework to coordinate responses between jurisdictions and agencies.
The move is a major development for both the state and the IT security sector. Agencies across all states have for more than a decade essentially been lacking a single reference point of authority in terms of cyber security – an issue that has been partly compounded by federal ownership over telecommunications law and regulation.
Under Victoria’s new strategy, the state will seek to address issues that directly affect the management, operations and security of state government’s computers, networks and other digital assets – presumably also including those increasingly supplied by private industry.
Key issues being put on the table are the ability to mitigate and manage cyber security threats; the governance of risk, accountabilities and responsibilities across the state; cyber security emergency response arrangements and capabilities; and cyber security workforce skills and expertise.
A crucial issue that all governments are facing is that the consequences of hostile exploitation of cyber vulnerabilities has been greatly amplified by the shift to providing government services and transactions online.
Although the move to an online service delivery model makes for cheaper, faster and more convenient interactions with government, it also places much greater reliance on keeping electronic channels up and running.
Victoria’s Minister for Technology Gordon Rich-Phillips revealed the Strategy this week, saying that it will be an important tool in supporting the state government’s ICT Strategy.
“The Cyber Security Strategy will set out clear lines of accountability and governance structures for cyber security within the Victorian Government,” Mr Rich-Phillips said.
A clear sign of the Napthine government’s resolve to make its cyber security strategy an effective one has been the recruitment of Alastair MacGibbon, an internationally respected authority on cybercrime, to work with the government to develop the strategy.
Mr MacGibbon is well-versed in getting buy-in and coordinating responses from multiple agencies, having been the inaugural head of the Australian High Tech Crime Centre (AHTCC), the first specialist federal law enforcement body tasked with addressing digital threats and cybercrime.
A big achievement of the AHTCC was getting retail banks to send their own online fraud and security staff to work at the body, a move that deftly weaved around the inherent tensions of sending police into banks to investigate.
The government has also timed the announcement of the cyber security strategy ahead of the Victorian Auditor-General’s Whole of Victorian Government Information Security Management Framework report that is due to be tabled in Parliament at the end of November 2013.
The Audit will assess the effectiveness if the government’s present ICT security policy and standards as well as data and system protections within the Victorian public sector.
It will also check whether selected agencies have established effective information security policy, standards and processes and will test the effectiveness of the controls in place in a number of departments and agencies.
The Victorian government’s announcement of the Strategy also follows its recently flagged plan boost to its technology leadership by creating no fewer than five executive roles to help lead the state’s implementation of its ICT agenda, policies and projects.
Leave a Reply