The Victorian government has unveiled its new five-year cyber security strategy to boost resilience across the public sector and boost industry opportunities.
The launch of the 'Cyber Safe Victoria' program follows a $50.8 million investment in whole-of-government cyber security in this year’s budget, and specific funding for the Department of Health, Ambulance Victoria and State Parliament.
In order to expand the focus of the former strategy, which was primarily focused on establishing a whole-of-government approach to tackling cyber security and uplifting internal capability the updated strategy focuses on three core pillars: the safe and reliable delivery of government services; a cyber safe place to work, live and learn; and a vibrant cyber economy, according to Government Services Minister Danny Pearson.
“The Victorian government must play a key role in supporting industry and community groups to reduce their cyber risk,” the strategy states, adding the government must “lead by example”, Minister Pearson said.
The strategy also takes into account the unprecedented change of the past 18 months, which the government said has magnified cyber risks that require a strategic and co-ordinated response.
Under the first mission delivery plan, the government outlined that it planned to “strengthen the defence of Victorian government networks and service equal to the current and emerging threat”.
The mission delivery plan reveals that the government will ensure the IT systems it uses implement a range of baseline information security controls, namely the 'Essential Eight'.
“This mission will protect the confidentiality and integrity of sensitive information and support the reliable delivery of IT-dependent government services to the Victorian community,” it states.
Critical services will be required to meet a higher minimum standard, which are fit-for-purpose and highly resistant to cyber attacks under the updated plan.
The government plans to improve the adoption of the Essential Eight by issuing guidance on their successful implementation and introducing an “status monitoring program”.
It also wants to make it easier for agencies to procure “Essential Eight-related goods and services” by establishing a simple procurement process.
Standing offer arrangements are similarly planned for anti-malware service providers and security operations centres for critical services.
Other actions on the roadmap include implementing domain-based message authentication reporting and conformance (DMARC) across all email services using the vic.gov.au domain.
The government is aiming to roll out cyber education program for government executives in critical service operations, but the specific training will not extend to all staff.
With one-in-four of reports to the Australian Cyber Security Centre made by Victorians, an “expert advisory panel” will be established to tackle cyber crime.
The panel is expected to report to government on ways to enhance cybercrime messaging and education programs, including legislative reform opportunities for police to combat cyber crime.
Victoria Police is planning to develop a new cyber crime strategy that will also boost its capability to prevent, disrupt and prosecute cyber crime.
The government will also create a similar advisory panel to “provide insight on current and future cyber capability uplift opportunities and digital economic growth”.
Minister Pearson added that this “focus on strengthening security for government online services and communications” would take place in the first year.
"This strategy re-focuses on protecting Victorian's data and government systems while growing jobs and supporting cyber businesses,” he said.
[Related: Stax revamps team ahead of global expansion]