At a state and federal level, government is now the most under siege industry when it comes to cyber attacks.
The Australian Cyber Security Centre recently revealed that of all recorded cyber incidents in 2016-17, 33% were targeted at federal parliament.
State and territory governments were victim to another 14%.
So how are governments ensuring they are equipped for whatever comes their way?
“As prepared as government may be, we are still ill-prepared for where we need to be – and that’s okay to say,” said Victorian Minister for Trade & Investment, Innovation & the Digital Economy and Small Business, Philip Dalidakis.
“We have to acknowledge that government is no different to the private sector in this aspect.”
Dalidakis was speaking at the ACS Cyber Panel event in Melbourne.
Joining him on the panel was NSW Government Chief Information Security Officer, Dr Maria Milosavljevic.
And while the two state government figures engaged in interstate rivalry – debating who is leading the country when it comes to innovation – they could agree on one thing.
“When it comes to cyber security policy, it’s a joint ticket,” continued Dalidakis.
“We can’t afford to have anything less because attacks on our systems don’t care about borders. They come from anywhere and everywhere around the world.”
For Milosavljevic, the panel came just weeks after she unveiled the NSW government’s inaugural Cyber Security Strategy.
The strategy is built on six themes: prepare, prevent, detect, respond, recover and lead.
“Leadership is really about making sure we have the right people at the table,” she said. “At NSW we now have a new governance committee for cyber security which has the business risk owners at the table.”
“We’re starting to have genuine discussions around the acceptance of risk and normalisation, driving home that message that your CIO cannot simply tell you that a breach will not happen.
“You need to accept the risk. Accepting the risk isn’t simply a decision at a meeting, it’s also saying ‘so what do we do when that happens and how do we respond?’”
What education can do
In terms of cyber security, a resilient government only comes when there is a wealthy talent pool to pick from.
The Victorian government recently added the Box Hill Institute’s Certificate IV in Cyber Security to its list of free Tafe priority courses.
“We want to encourage the industry here to know that we appreciate we need to have a greater level of supply,” he said.
“We are sending a very clear message to people that this is an industry they should consider working in.
“Obviously, something that is free is quite attractive to a young person or someone looking to change industries.”
Also speaking was Optus Chair of Cyber Security at La Trobe University and Director of Cyber Resilience Initiatives for ACS, Professor Jill Slay.
Slay, who has spent time in academia and defence throughout her career, shared her views on the importance of cross-sector collaboration for the Australian cyber security industry.
While academia struggles to retain cyber talent, collaboration ensures Australia’s overall cyber security posture can benefit, she explained.
“We should be grateful for the trends we see and the way we’re working together,” she said. “We’ve moved from a place where there was resistance towards working together.”
The ACS Cyber Panel event also marked the launch of the Information Age Cyber Experts Series publication, which features interviews with 15 of Australia's top cyber security experts.
