The South Australian Government issued a Cyber Security Plan 2018-2021 last week, setting out its programme of work for the next three years to strengthen its cyber security posture.
This follows its appointment last April of its first ever chief information security officer, public sector cyber security veteran David Goodman, whose remit was to develop a whole-of-government information security strategy, and create a cyber security centre of excellence for service provision.
The newly-launched comprehensive plan comprises three strategic themes:
1.Influence Leadership: Strengthen the role of government in providing sound governance and clear accountabilities for a whole of government approach to cyber security.
2. Build Resilience: Strengthen the approach to the prevention of, detection of, response to and recovery from cyber security threats and incidents.
3. Share Responsibility: Cultivate a collaborative approach that brings together all levels of government with academia and the private sector to cyber security.
The plan aims to deliver more responsible data sharing for social change, better protect the safety and prosperity of South Australians, and enhance the government’s digital engagement with the business community.
“As more government services transition to digital platforms, the risk of cyber security incidents grows with the ability to impact service delivery, cause economic loss and harm the public’s confidence in government services,” said the plan.
Data has shown that the number of cyber security incident reports in the SA government has been on the rise in the past few years, increasing from 319 in 2014 to 1098 last year.
“From a service delivery perspective, there has been an increased reliance on cloud services and managed service providers to deliver services to government agencies and the broader community. With most agencies connected to a single network, an incident in one agency has the potential to rapidly affect all agencies, putting citizen services at risk. Fortifying internal policies and practices will help address this vulnerability,” noted the plan.
“Consistency across agencies is another challenge, evidenced by differing online environments, diverse risk profiles and varied information security expertise. Acknowledging that our capability and capacity need to increase, we need to continue to collaborate with the private sector and other stakeholders to stay abreast of security trends and further develop the skill sets of ICT professionals across government.”
The South Australia government also recognises collaboration at a national level and with industry partners as a key component of the approach.
The first 12 to 18 months of the strategy will see a significant amount of work undertaken across three strategic themes. This initial period will form the foundation for the future deliverables and inform the first strategic plan review in early 2019.