Skip Ribbon Commands
Skip to main content
MENU
On Thursday 3rd April 2025, 6:00pm to 7:00pm (AEST), this website will be undergoing maintenance and you may experience delays during that time.
Skip Navigation LinksHome Legislative Assembly House Papers Question and Answer Tracking Details

Question and Answer Tracking Details

3302 - CYBER SECURITY GOVERNMENT AGENCIES

Hornery, Sonia to the Minister for Customer Service

Considering that cyber criminals recently compromised 47 Service NSW employee accounts, what steps is the Government taking to ensure that New South Wales government agencies are protected from cyber-attacks?

 
Answer -

On 18 June 2020, the Premier announced a critical investment for state-wide cyber security maturity uplift, which will see up to $240 million of the $1.6 billion Digital Stimulus package reserved for programs to strengthen cyber security. With this funding, clusters will be better prepared to deal with expected increases in the frequency, extent and sophistication of cyber-attacks. Several clusters have drafted business cases to uplift their cyber security capabilities and all clusters are expected to invest in system protections by implementing the Australian Cyber Security Centre's Essential 8 mitigating controls and the mandatory requirements of the NSW Cyber Security Policy.

The Government undertakes a number of ongoing measures to ensure agencies are protected from cyber-attacks. These steps are mandated as mandatory requirements in the NSW Cyber Security Policy and are being taken by individual agencies, supported by Cyber Security NSW, the whole-of-government cyber security function that provides leadership and coordination across all departments and agencies.

To protect against cyber-attacks, agencies maintain and improve their resilience and ability to detect and respond appropriately to cyber incidents by:

  • having cyber incident response plans that are tested regularly,
  • deploying monitoring processes and tools to allow for adequate incident identification and response,
  • reporting incidents to the whole-of-government cyber security function, Cyber Security NSW, and
  • participating in regular agency and whole-of-government cyber security exercises.

Agencies are also required to build and support a cyber-security culture to help prevent and minimise the impact of an incident. Steps include:

  • implementation of cyber security education programs for staff that increase awareness of cyber security risk,
  • fostering a culture where cyber security risk management is an important and valued aspect of decision-making,
  • ensuring that people who have access to sensitive or classified information or systems have appropriate security screening and ensuring information on security threats and intelligence is shared with Cyber Security NSW.

The NSW Cyber Security Policy requires agencies to manage cyber security risks to safeguard and secure their information and systems. Steps to achieve this include:

  • the requirement to implement an Information Security Management System or Cyber Security Framework,
  • implementation of the Australian Cyber Security Centre's Essential 8 mitigation strategies,
  • classifying information and systems according to their importance,
  • ensuring cyber security requirements are built into procurements, and
  • ensuring new ICT systems or enhancements include processes to assess the accuracy and integrity of data including processes for internal fraud detection.

Clusters and agencies are required to report against 25 mandatory requirements and the Essential 8 mitigation strategies. Maturity assessments against these requirements and mitigation strategies are reported to Cyber Security NSW annually.

 

Question asked on 4 June 2020 (session 57-1) and printed in Questions & Answers Paper No. 65
Answer received on 9 July 2020 and printed in Questions & Answers Paper No. 69

The Parliament of New South Wales acknowledges and respects the traditional lands of all Aboriginal people, and pays respects to all Elders past and present. We acknowledge the Gadigal people as the traditional custodians of the land on which the Parliament of New South Wales stands.