Programs and Initiatives

The NSW Government is dedicated to growing our cyber security workforce, resilience, innovation and businesses. Here are some of the things underway to help us achieve our vision and what’s on the horizon: 

Filter by strategic principle:

Improve NSW Government’s cyber resiliency

Cyber Security NSW

Since its establishment, formerly the Office of the Government Chief Information Security Officer, the whole-of-government cyber function has grown in capacity, service offering and expertise. Cyber Security NSW has expanded to showcase a range of skills and backgrounds, encompassing the technical, policy, governance and intelligence spheres of cyber security. The team is also surpassing the proportion of women in the global cyber security workforce, which was estimated to be 20 per cent by the end of 2019. 50 per cent of Cyber Security NSW’s staff are female, with two-thirds of the senior leadership team also being female. 

These services include: 

  • Coordinating incidents across whole-of-government 
  • Monitoring and assessing cyber security issues and vulnerabilities 
  • Dissemination of threat intelligence 
  • Delivering research on key cyber security trends and risks 
  • Assisting with strategy, procedures and policy development 
  • Assessing compliance against the Cyber Security Policy 
  • Developing cyber security purchasing arrangements 
  • Assisting with risk appetite model rollouts 
  • Developing and facilitating cyber security exercises 
  • Delivering cyber security training and awareness
  • Facilitating whole-of-government cyber security governance groups such as the  Chief Information Security Officer’s (CISO) Cyber Security Steering Group

NSW Cyber Security Policy

In February 2019, the NSW Government launched the NSW Cyber Security Policy. This created new requirements for all NSW Government agencies to have robust, risk-based cyber security in place. As part of the NSW Cyber Security Policy, NSW Government agencies are now required by 31 August each year to assess their maturity against the Australian Cyber Security Centre’s ‘Essential 8’. Additionally, government agencies need to identify and report their ‘crown jewels’ (critical assets) and high and extreme risks and report against an expanded set of mandatory requirements. Each reporting period will enable the NSW Government to have a better understanding of our whole-of-government cyber maturity, and allow for greater, and more targeted, cyber security uplift.   

NSW Cyber Security Incident Emergency Management Sub Plan

Cyber security poses a state-wide risk which needs to be managed as a whole-of-government threat. As such, in 2018, the NSW Government published its first ever Cyber Security Incident Emergency Sub Plan (pdf). This Sub Plan sits under State Emergency Management Plan (EMPLAN) and is the whole-of-government plan for significant cyber security incidents or crises affecting NSW Government organisations. The Cyber Security Incident Emergency Sub Plan aims to protect the NSW Community from potential consequences of a significant cyber security incident or crisis. It describes the interaction between the Cyber Security community, business continuity personnel and the emergency management sector to reduce impacts to NSW Government services, assets and infrastructure, coordinate information flow between agencies, and communicate to the public in relation to these events.

DMARC

In 2018, the NSW Government commenced implementation of a Domain-based Messaging, Authentication, Reporting and Conformance (DMARC) and brand protection solution across government. This ongoing project is crucial to protecting customers of NSW Government services. Working with cyber security teams in all clusters, this project will increase the resilience of our government infrastructure by making it harder for cyber criminals to send fake emails and impersonate NSW Government websites.

NSW Government TahSec

In early 2020, a whole -of-government Capture the Flag (CTF) Cyber Security Team was officially formed in NSW. A capture the flag (CTF) contest is a special kind of cybersecurity competition designed to challenge its participants to solve computer security problems and/or capture and defend computer systems. NSW's CTF Team (TahSec) was born out of a smaller group established by the former Department of Justice. TahSec, now has 14 members representing 3 NSW Government Clusters. In 2019 the CTF team placed third in Australia and in the top 98th percentile in the entire world. In 2021, TahSec is fighting hard to be amongst the best in Australia and to place competitively against global CTF teams. The success of TahSec is due to the passion and skills that exist within cyber security professionals within the NSW Government. In order to grow our next generation of cyber professional, the NSW Government will support TahSec to compete and train towards future CTF competitions.

Mandatory Data Breach Scheme

The NSW Government has committed to establishing a Mandatory Notifiable Data Breach scheme intended to improve data handling practices and management of incidences of breaches likely to result in harm by agencies. Introduction of a mandatory scheme will improve transparency and accountability of agencies; increase citizen trust in government agency handling of data breach incidents and provide citizens with the information needed to protect themselves following a serious data breach event. When implemented the scheme will create requirements for all NSW Government agencies for reporting and notification. As the scheme is implemented the Information and Privacy Commission (IPC) will continue to work with relevant areas of NSW government in the implementation of reporting requirements under the scheme to enable citizen rights and elevate agency awareness of and responses to data breach incidents, reporting and notification.

Last updated