Auditor General’s Report – NSW Government Cyber Security Demands Urgent Action
Today’s NSW Auditor General’s report Detecting and Responding to Cyber Security Incidents focusing on the cyber security awareness of state agencies makes for sobering – indeed frightening – reading, Macquarie Government’s Managing Director Aidan Tudehope said today.
The Auditor General’s report found no coordinated detection and reporting of cyber security events, with ineffective information sharing meaning breaches and vulnerabilities could be more harmful than necessary.
The Auditor General Margaret Crawford said, “I am concerned that incidents will go undetected longer than they should, and opportunities to contain and restrict the damage will be lost.”
Governments everywhere are struggling with cyber security
Aidan Tudehope said “Governments everywhere are struggling to come to terms with the huge, ever-changing and growing task of dealing with cyber security risks and attacks.
“The NSW Government is actually arguably ahead of the curve because it has at least systematically tried to investigate and report on the depth of its problems.”
Mr Tudehope said a positive aspect of the report was that it benchmarked the performance of NSW agencies it examined against standards for control of cyber security developed by the Australian Signals Directorate (ASD), the Information Security Manual (ISM).
“The Directorate is the leading source of expertise in government cyber security standards and practices in Australia.
“Requiring state agencies to operate against these standards that the ASD has developed for the Federal Government over many years is the quickest, most effective way to bring consistency to all the public-sector services that citizens rely on – no matter which tier of government is responsible.
“NSW Government should be commended for putting a spotlight on these problems and for taking a step toward addressing them by appointing a Chief Information Security Officer for the state, Maria Milosavljevic.” Ms Tudehope said.