iTnews
  • Home
  • News
  • Business
  • Strategy

NSW govt cyber security strategy emerges from the NIST

By Justin Hendry
Sep 28 2018 10:01AM

Lead. Prepare. Prevent. Detect. Respond. Recover.

The NSW government has unveiled its inaugural cyber security strategy, promising to introduce mandatory incident reporting and strengthen coordination in a bid to build a holistic approach to incident prevention and response.

NSW govt cyber security strategy emerges from the NIST

The strategy [pdf], released today, details a two-year action plan aimed at improving the state’s security posture using the government’s $20 million cyber security windfall in this year’s budget.

It sets out an integrated approach to manage cyber security risks and respond to incidents across government.

“Cyber security has emerged as one of the most-high profile, borderless and rapidly evolving risks facing governments,” the state’s government chief information security officer Maria Milosavljevic said launching the strategy in Sydney.

“Investing in strong cyber capabilities will provide confidence to citizens and business who trust us with their data.”

The strategy's debut comes as the state closes in on its target of 70 percent of government transactions through digital channels by 2019.

“As the NSW government leads the way on streamlined digital service delivery, we must also increase cyber resilience and invest to protect against cyber threats,” the strategy states.

“A priority remains to reduce the impact of cyber attacks which may have a cascading effect on the lives of citizens and the functioning of our critical infrastructure.”

The strategy contains a cyber security framework based on the NIST framework that groups initiatives under six themes: lead, prepare, prevent, detect, respond and recover.

Both the whole-of-government cyber security function - established last year and headed up by Milosavljevic - and individual agencies are expected to deliver the initiatives.

The framework seeks to address many of the key concerns held in a damning report from the state’s auditor-general earlier this year, which found cyber security practices were lacking at the majority of government agencies.

It will see the government introduce best-practice guidelines for detecting, responding and reporting cyber incidents and improve information sharing, including through the introduction of a government-wide threat intelligence platform.

Mandatory cyber incident reporting requirements will also be created, while a NSW government cyber security coordination centre will be established from the 2019-20 financial year.

In the event of a cyber attack, government cyber experts are expected to be shared between agencies.

In order to prevent or reduce the likelihood of cyber disruption, the government will strengthen its digital information security policy, create minimum cyber security standards and develop cyber assurance mechanisms for IT and infrastructure projects.

Prevention will also be addressed at the procurement level, with standard cyber security procurement contract terms to be introduced and a panel of approved cyber security services created.

A cyber risk program to upskill government employees and a cyber readiness program to test responses are other initiatives in the strategy.

ID recovery

The government is also planning to improve how it recovers to cyber attacks, in part by creating an identity recovery service for customers that have their identities compromised.

It will also review how effectively the state recovers from cyber incidents and establish post-incident review protocol to continuously improve processes and "lessen the likelihood and impact of the same issues reoccurring".

“The suite of initiatives will ensure that the government is equipped to prevent, prepare for and respond to incidents and that each agency and all staff have a clear understanding of their role,” Milosavljevic said.

“To ensure this, we have introduced whole-of-government advisories that are already improving the ability of agencies to quickly and effectively respond to emerging threats.

“We will continue to collaborate with industry leaders and research groups as well as Commonwealth and state law enforcement to ensure we maintain a collaborative approach to cyber security.”

NSW is the third state to introduce a dedicated cyber security strategy after Victoria and South Australia.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
cybernswsecuritystrategy

Related Articles

  • GPS spoofers 'hack time' on commercial airlines, researchers say GPS spoofers 'hack time' on commercial airlines, researchers say
  • In Pictures: Skybox and BT security roundtable In Pictures: Skybox and BT security roundtable
  • Browser vulnerability can be used to breach local networks Browser vulnerability can be used to breach local networks
  • Services Australia's sweeping security uplift plans for myGov Services Australia's sweeping security uplift plans for myGov

Partner Content

AI isn’t coming for your job, but it might be coming for your Intellectual Property
Promoted Content AI isn’t coming for your job, but it might be coming for your Intellectual Property
Dual Challenge: Securing Modern Enterprises While Enabling Remote Work
Partner Content Dual Challenge: Securing Modern Enterprises While Enabling Remote Work
Unlocking Cloud Potential: The Fusion5 Approach to Seamless Migration
Partner Content Unlocking Cloud Potential: The Fusion5 Approach to Seamless Migration
AFL and Okta Team Up for a Game-Changing Play in Digital Security and Identity Management
Partner Content AFL and Okta Team Up for a Game-Changing Play in Digital Security and Identity Management

Sponsored Whitepapers

Nine Ways To Prepare Your Database for a High-Traffic Event
Nine Ways To Prepare Your Database for a High-Traffic Event
How to Put AI at the Heart of Business Growth
How to Put AI at the Heart of Business Growth
Streamline Your Processes and Reduce Managed File Transfer Expenses
Streamline Your Processes and Reduce Managed File Transfer Expenses
Maximise Your Azure Investment with Fusion5
Maximise Your Azure Investment with Fusion5
CyberArk's 2024 Playbook: Identity Security and Cloud Compliance
CyberArk's 2024 Playbook: Identity Security and Cloud Compliance

Events

  • Integrate Integrate
Share on Facebook Share on LinkedIn Share on Whatsapp Email A Friend

Most Read Articles

Governments back microservices over monoliths

Governments back microservices over monoliths
Defence is making over 500 new ICT hires

Defence is making over 500 new ICT hires
Apollo, Kyndryl in bid for DXC Technology

Apollo, Kyndryl in bid for DXC Technology
NSW gov asked to employ multiple 'chief AI officers'

NSW gov asked to employ multiple 'chief AI officers'

Digital Nation

How eBay uses interaction analytics to improve CX
How eBay uses interaction analytics to improve CX
More than half of loyalty members concerned about their data
More than half of loyalty members concerned about their data
COVER STORY: What AI regulation might look like in Australia
COVER STORY: What AI regulation might look like in Australia
Health tech startup Kismet raises $4m in pre-seed funding
Health tech startup Kismet raises $4m in pre-seed funding
State of Security 2023
State of Security 2023
All rights reserved. This material may not be published, broadcast, rewritten or redistributed in any form without prior authorisation.
Your use of this website constitutes acceptance of nextmedia's Privacy Policy and Terms & Conditions.