Peter A Clarke

There are no shortage of cyber strategies being announced and even re announced by governments and agencies and sometimes governments and agencies together .

The The Victorian Government has announced its first Cyber Security Strategy.  It is the first Australian state to do so. The 32 page strategy is found here.

The announcement provides:

The Andrews Labor Government is getting on with Victoria’s first ever Cyber Security Strategy to ensure government services and information are kept safe from cyber threats.

The Special Minister of State Gavin Jennings joined cyber experts and IT industry representatives today to launch Victoria’s Cyber Security Strategy – the first state in Australia to do so.

Government networks across the world are regularly targeted by cyber-attacks, with an increasing shift from unsophisticated lone cyber hackers towards organised criminals, political ‘hacktivists’ and even foreign governments using cyber space to infiltrate, steal from and disrupt government services.

The scale of incidents and attempted disruption is unprecedented, with the methods used to attack digital services increasing in complexity and sophistication.

The Cyber Security Strategy shifts from an agency by agency approach, to a whole of government approach, as we seek to sustain strong and resilient cyber security defences that protect the delivery of public services in Victoria.

As part of the Cyber Security Strategy, the Labor Government will:

• Appoint a Chief Information Security Officer within Department of Premier and Cabinet to oversee the government response to the ongoing cyber threats and co-ordinate cross government action
• Develop cyber emergency governance arrangements with Emergency Management Victoria, so that risks are better understood and planned for as part of ongoing work to protect government assets and services
• Strengthen partnerships across all levels of Government and the private sector to share best practice, intelligence and insights
• Rationalise and better co-ordinate the procurement of proven cyber security services
• Develop a workforce plan to attract, develop and retain skilled cyber security public sector workers
• Present a quarterly cyber security briefing to the Victorian Secretaries Board and the State Crisis and Resilience Committee, so Government is better informed of cyber security issues and assessments

The strategy builds on the work being undertaken by the Labor Government to ensure Victoria has the best new digital technology to deliver the modern services expected by the community and that these services and the citizen data they contain are resilient against cyber-attacks.

To find out more about Cyber Security Strategy and ongoing work to roll out the Information Technology Strategy 2016-2020, visit enterprisesolutions.vic.gov.au.

Quotes attributable to Special Minister of State Gavin Jennings

“As organised crime and others become more sophisticated in hacking and disrupting digital services, it’s crucial government steps up to better protect against these cyber security threats.”

“Victoria’s first ever Cyber Security Strategy ensures we can stay ahead of the cyber criminals and develop the infrastructure, systems and processes needed to protect government services and information.”

“This is also good for jobs and our economic prosperity, as we build upon Victoria’s position as the tech capital of Australia and a world-leader in tackling cyber-threats.”

Quotes attributable to Minister for Small Business, Innovation and Trade Philip Dalidakis

“Victoria is already a hub of digital innovation, so it makes sense that we use our existing tech knowledge and talent pool to be a hub of cyber security as well.”

“The cyber security industry is growing quickly and will surpass $100 billion in value in the next few years. It’s an industry that will create jobs and boost our economy and we need to be a big part of it.”

Strategies do not equate to action.  They can be an excellent road map to effective change and improvement.  Or they can be expensive, glossy window dressing.  Just another tick in another box.  The real issue is always ensuring that the strategy is implemented and breaches dealt with and, where appropriate, there are consequences for non compliance.  In that regard the experience in Australia has been disappointing.  The regulation of existing legislative framework has been timid and generally ineffective.  At the Victorian level the decisions in the Victorian Civil and Adminstrative Appeals Tribunal for claims of interference with privacy brought under the Information Privacy Act and its successor Privacy and Data Protection Acts do not inspire optimism so far.