State governments are looking to establish dedicated Whole-of-Government (WofG) cybersecurity taskforces to monitor threats and coordinate timely responses, with the Western Australian Government the latest jurisdiction to consider such an investment.
Speaking at the 2017 CeBit Conference last month, Office of the Government Chief Information Officer (OGCIO) Chief Technology Officer Andrew Cann said that WA was considering establishing a security operations center (SOC) to improve the state’s WofG cyber resilience.
The move follows the government’s response to the WannaCry ransomware attack, which Cann described as “very reactive” despite no agencies falling victim.
“Agencies spent the whole next week patching. This is the kind of stuff that should be done prior to an event like WannaCry, not in reaction.
“Are we happy with our response? No. The Minister has asked me to provide a briefing paper to set up a security operations center in WA Government to start coordinating our response better. We just spent last week writing it. So hopefully we’ll see some changes soon”, said Cann.
WA agencies were also criticised for poor security management earlier this year, with the Auditor General revealing that two of six agencies investigated in a January 2017 audit had malware infections that “present[ed] a serious risk to the agency network, systems and data”.
Provided WA’s security operations center (SOC) is approved and implemented, it could vastly improve the state’s cyber resilience. Traditionally, a SOC monitors cyber threats and alerts, and provides coordinated and timely responses to these threats.
So far, Victoria is the only state to commit to setting up a SOC. According to the state’s ICT Network and Cyber Security Statement of Direction, a SOC will be one of the WofG services offered through the Victorian Government’s new core ICT Network.
Although not a dedicated SOC, providing “WofG threat assessments” is one of several responsibilities taken on by the Queensland Government’s Cyber Security Unit. Established in February 2016 with $12.5 million in funding over four years, the Queensland Cyber Security Unit has a broad remit, which includes ensuring compliance to cybersecurity policies and standards and providing support for cyber incidents.
Now a six-person team according to Queensland Government Chief Information Officer (QGCIO) Andrew Mills, the Queensland Cyber Security Unit has concentrated its efforts on building internal capabilities in its first operational year. Key appointments include former state Chief Technology Officer Bob Gurnett as the Government Chief Information Security Officer (GCISO).
According to Mills, Queensland’s GCISO role is similar to the equivalent position in New South Wales, which was filled by Dr Maria Milosavljevic in March 2017.
Recruitment for cybersecurity leaders also began in South Australia and Tasmania in early 2017. The South Australian government has since appointed David Goodman, former DPC Cybersecurity and Risk Assurance Acting Director, to the state's GCISO position in March 2017. The Tasmanian government readvertised the GCISO position in May 2017.