It is Cyber Security Awareness Month and Cyber Security NSW is continuing its work to keep customers safe from cyber-attacks, build stronger cyber resilience and lead the nation with security training for government employees.
NSW Chief Cyber Security Officer Tony Chapman said it was important to highlight the preparations and protections in place to ensure Cyber Security NSW and the NSW Government were prepared in the event of a cyber-attack.
“This year’s theme is ‘Do your Part. #BeCyberSmart’ and the NSW Government has taken a number of steps to tackle the increasing threat of malicious cyber-attacks,” Mr Chapman said.
“According to the 2021 State of IT report, NSW is the only state or territory in Australia to have a mandated and rigorous cyber security training program for all public servants.
“A significant cyber security incident can impact community safety, critical infrastructure services and the state’s economy so it’s vital the NSW Government also regularly tests the resiliency of its cyber security emergency response plans and procedures.”
Heads of NSW Government Departments recently took part in Exercise Greenpatch to ensure they were prepared to respond to a significant cyber incident.
The event tested each agency’s procedures, including decision-making and education on types of cyber incidents and potential impacts.
“It is important during a cyber incident impacting multiple government organisations that coordination between Cyber Security NSW and other agencies is swift and seamless,” Mr Chapman said.
“There will always be vulnerabilities in the online environment and ensuring we are vigilant and respond to these is how Cyber Security NSW increases resilience, prevents incidents and protects our systems.
“The number of potential vulnerabilities is significant. For example, more than 15,000 common vulnerabilities and exposures have been released on the publicly disclosed list of security flaws in 2021 to date.
“Cyber security is not set and forget. It is important for all government agencies to continue to focus on cyber resiliency and improve how to detect and prevent an attack, as well increasing the speed of a response.”
NSW Government measures its cyber security maturity each year against the NSW Cyber Security Policy. Not just against the Australian Cyber Security Centre Essential Eight technical controls, but also against people and process controls.
The NSW Cyber Security Policy is currently being reviewed by an independent third-party and industry partners before release of the 2022 version.
This review will address recommendations from the NSW Parliamentary inquiry into cybersecurity and digital information management in NSW and the Audit Office of NSW.