Industry welcomes NSW Cyber Security Strategy

Representatives of the IT security sector have welcomed the newly announced NSW Government Cyber Security Strategy, and urged other states to follow NSW’s example with their own integrated strategies.

The strategy, announced late last month, lays out a $20 million action plan for transitioning to a whole-of-government approach to managing security risks and responding to threats.

It includes the adoption of a strengthened government-wide cybersecurity policy — including non-negotiable minimum standards that must be met across government — and the introduction of new standardised incident reporting and response arrangements.

Ping Identity APAC Regional Director Geoff Andrews welcomed the new initiative and praised the approach being taken by the state government.

“In particular, we agree that the secure-by-design approach being considered will enable NSW Government and its agencies to build upon the benefits of a federated architecture with sensitive data encrypted at all points at rest and in motion,” he said.

NCC Group Head of Asia Pacific Julian Davies also applauded the approach being taken by the state government.

“What we find refreshing about this strategy is its inclusivity and focus on citizens and smaller organisations. Shared cybersecurity terminology is important for the inclusion of all organisations as they undergo their journey to cybersecurity maturity,” Davies said.

“There’s a high degree of cybersecurity maturity in many government agencies compared to much of the private sector, and the Cyber Security Strategy’s focus on increased collaboration between government, industry and education will help drive skills within the sector to best meet local business needs in the quickly changing cybersecurity landscape.”

Aura Information Security Australia Country Manager Michael Warnock likewise called the strategy “a significant step forward for the state of New South Wales as it moves the needle in the pursuit of cyber resiliency. As outlined in the plan there are elements that need to come together to create an effective program...Other states must follow suit.”

LogRhythm Director of Sales for APAC Simon Howe meanwhile endorsed the six key themes laid out in the strategy — lead, prepare, prevent, detect, respond and recover.

But security sector representatives also expressed beliefs that the strategy in places does not go far enough and should be expanded.

WatchGuard Technologies ANZ Regional Director Mark Sinclair noted that while the strategy is certain to improve the data security of personal information for the public’s interactions with government, “it is local government and small-medium businesses in New South Wales which are often greater targets for cyber attacks. Overall, this initiative falls short in offering extra protection to these organisations.”

LogRhythm’s Howe suggested there is room for improvement in terms of alignment with the threat lifecycle management framework advocated by his company.

“The NSW government may ... want to consider formalising a minimum Threat Lifecycle Management maturity level for all dependent initiatives and operations while establishing state government/agency level CERTs and practice responding to predictable threats,” he said.

Image credit: ©iStockphoto.com/pearleye

Please follow us and share on Twitter and Facebook. You can also subscribe for FREE to our weekly newsletter and quarterly magazine.