The Victorian government has launched a new five-year cybersecurity strategy to build resiliency against cyber threats and ensure government information, services, and infrastructure are protected and personnel are ready should the situation arise. Under the Cyber Security Strategy released on Friday, the state government is aiming to protect sensitive citizen and other data against loss, malicious alteration, and unauthorised use, in the first instance. The strategy [PDF] explains the state also wants government services, systems, and infrastructure to be capable of bouncing back during and following "serious cyber incidents". As such, the state has a whole-of-government approach to how it will respond to threats against infrastructure, with the strategy highlighting cybersecurity capability across the public sector needs to be improved to become consistent, less fragmented, based on industry practice, and appropriate to the risk profile of each organisation. It may also see the establishment of whole-of-government subscriptions for internet security and information security services.
The Australian Signals Directorate (ASD), through its Australian Cyber Security Centre (ACSC), recommends that all organisations implement its Essential Eight controls for mitigating cyber attacks. The clue is in the name. A whole-of-government response to a long-running parliamentary inquiry, released early this month, merely "notes" the inquiry's recommendation to mandate the Essential Eight controls for all government agencies, but declines to move beyond "strongly recommending" just four of them. "The Essential Eight represents ASD's best advice on the measures an entity can take to mitigate the threat of a cyber incident and manage their risks. However, the government will consider mandating the Essential Eight when cyber security maturity has increased across entities," the response said.
The federal government last year created a new superministry, combining the functions of the Australian Security Intelligence Organisation (ASIO), Australian Federal Police (AFP), Border Force, Australian Criminal Intelligence Commission (ACIC), Austrac, and the office of transport security, into the Department of Home Affairs. While the new portfolio is overseen by Minister for Home Affairs Peter Dutton, Minister for Law Enforcement and Cyber Security Angus Taylor used his time at the Technology in Government conference in Canberra on Tuesday to tout the creation of the new department as paving the way for government entities to work more "collaboratively". As big data, the IoT, and social media spread their wings, they bring new challenges to information security and user privacy. "There hasn't been a single program, update, threat report, or incident response in my eight months in this job that was handled by one agency acting alone," Taylor said. "The agencies of the federal government need to be integrated and working together in a way that they never have before, and that's starting to happen."
The Australian state of Victoria has announced the appointment of Sven Bluemmel as its inaugural information commissioner. In his new role, Bluemmel will oversee the state's data protection laws, freedom of information regime, and the privacy of its departments and agencies. Special Minister of State Gavin Jennings said in a statement that the information commissioner would also provide advice and improve how Victoria manages its data. Prior to his appointment, Bluemmel had been Western Australia's information commissioner, and has held various positions in the WA and Commonwealth public service. "It is a great privilege to be undertaking this role -- the government's collection, use, and disclosure of information has very real impacts on the lives of each one of us," Bluemmel said.