Victoria will work towards a whole of government cyber operations model to improve risk management across the state’s public service.

The objective is contained in the state’s two-year Cyber Strategy Mission Delivery Plan which outlines work that will begin in 2022-23 to help increase cyber safety in the state.

The Victorian government released the state’s $50.8 million, five-year Cyber Strategy late in 2021.

The brief two page delivery plan released last week has as its stated aim boosting cyber resilience in the public sector and lowering the risk of adverse attacks on government systems and services, as well as building cyber-safe communities.

It proposes a Victorian Public Sector (VPS) cyber hubs model supported by a central Victorian government cyber defence centre, to improve governance, technology, resource management and interoperability across the public service.

The plan commits to simplifying and streamlining the procurement of cyber goods and services and supporting the scaling and re-use of common cyber capabilities.

It also aims to support the adoption of baseline cyber controls and cyber skills across the VPS, and provide incident coordination and operations support, while helping departments and agencies improve their incident management capability.

The mission delivery plan says the government will establish a “clear and trusted voice” to advise the community on cyber risk in consultation with the Australian Cyber Security Centre and the states cyber industry.

Growing cyber threat environment

Australia’s cyber security threat environment is continuing to grow in scale and complexity, according to a progress report from Victoria’s Government Services Chief Information Security Officer dated February 17.

“Three years ago, the Australian Cyber Security Centre released landmark statistics indicating that a new cyber-attack was reported in Australia every 10 minutes,” the statement says.

“Fast-forward to 2022, and the time between cyber-attacks has reduced to 7 minutes, with almost one-in-four of these attacks causing harm to someone in Victoria.”

The statement says since the launch of the Cyber Strategy the government has established its first Security Operations Centre, introduced automated threat intelligence sharing and bolstered the Cyber Incident Response Service.

The implementation of Domain-based Message Authentication, Reporting and Conformance (DMARC) capability across government domain email services has also improved the integrity of public sector digital services, the CISO says.

“Looking ahead, I am pleased to release our next mission delivery plan and share the strategic initiatives and priorities that guide our future delivery of Victoria’s Cyber Strategy. This plan reflects the dynamic nature of the cyber security environment and highlights our adaptive approach towards building a cyber safe Victoria,” the statement says.

Comment below to have your say on this story.

If you have a news story or tip-off, get in touch at editorial@governmentnews.com.au.  

Sign up to the Government News newsletter