The New South Wales government has launched Cyber Security NSW in a bid to consolidate and lift the cyber capability of state entities.
To be led by chief cybersecurity officer Tony Chapman, who will perform the functions previously undertaken by the NSW government chief information security officer, Cyber Security NSW will sit within the Department of Customer Service.
According to state government chief information and digital officer Greg Wells, the new initiative will “cement the leadership and coordination role needed to enhance cybersecurity and related decision-making across the NSW government”.
He said Chapman’s role will have a focus on digital transformation and improving customer service outcomes.
“A key component of the role will be driving a culture of risk management and awareness to support greater resilience to cyber security threats,” Wells said in a statement on Monday. “Tony and his team will build on the digital transformation work occurring across the NSW government, ensuring our digital spaces are safeguarded against cyber threats.”
Read also: How to improve cybersecurity for your business: 6 tips (TechRepublic)
Wells said Cyber Security NSW will work on enhancing whole-of-government cybersecurity capabilities and standards on behalf of NSW.
It will also work more closely with the Information and Privacy Commission on security, privacy, and the availability of systems and services during the state’s digital transformation, as well as work with other states and territories, and the federal government on identifying and harnessing best practice in cybersecurity, Wells added.
The NSW government in September released its cybersecurity strategy, taking a whole-of-government view on how to manage risk, borrowing the framework laid out by the National Institute of Standards and Technology (NIST).
See also: Essential reading for IT leaders: 10 books on cybersecurity (free PDF) (TechRepublic)
The 20-page strategy [PDF] focuses on six themes: Lead, prepare, prevent, detect, respond, and recover.
Notably, the strategy points to the creation of a mandatory cyber incident reporting scheme, inter-agency information-sharing, and cybersecurity-focused training for public servants.
The strategy followed the NSW Auditor-General in March 2018 asking the state to create a whole-of-government capability that encourages the sharing of cybersecurity and threat information.
During the Auditor-General’s probe, it was revealed that out of the 10 agencies investigated, two have good detection and response processes, four had a medium capability to detect and respond to incidents in a timely manner, and the remaining four had a low capability.
While it was found most agencies have incident response procedures, some lacked guidance on who to notify and when, while some did not have response procedures at all.