One year after the flagship NSW Government delivery site at Service NSW was breached, the state has unveiled a cybersecurity strategy that puts industry development and capability-building in cyber at the centre of government tech policy.
The sector-wide cybersecurity strategy is an acknowledgment of the importance of bringing together industry policy in relation to cyber with government resilience in relation to cyber.
The thinking is that a focus on building a strong local cyber industry inevitably leads to improved cyber skills, cyber capability and ultimately the resiliency of cyber infrastructure – including in government.
The strategy is focused on four key commitment including improved state government cyber resilience, industry assistance to help NSW cyber businesses to grow, uplifting the cyber security workforce and skills, and supporting cyber research and innovation.
NSW Digital Minister Victor Dominello claimed NSW was already leading the nation in the cybersecurity sector. Improving cyber resilience across the economy required the involvement of all sectors – citizens, businesses, government, and researchers. But government needed to lead.
“Increasing overall cybersecurity resilience is about ensuring the safety and security of citizens and communities online. Government is absolutely pivotal to this as part of its overall responsibility to protect its citizens,” Mr Dominello said.
“In a post COVID-19 environment, we need to adapt our way of living and working to embrace the digital future,” he said.
“Our post COVID-19 ‘new normal’ will bring incredible opportunities as we adapt to greater reliance on connectivity, remote working and importance of data.
“It is important that the NSW Government maximizes the state’s existing capabilities and develops the local cybersecurity industry into a globally competitive, innovative ecosystem that drives economic growth.”
The NSW government has spent the last year working through its cybersecurity structures following a breach at Service NSW.
A parliamentary inquiry into the breach released earlier this year recommended an overhaul of cyber practices – including the strengthening of the mandate and resources of Cybersecurity NSW, and moving the agency from the Department of Customer Service to Premier and Cabinet.
NSW is also set to become the first Australian state or territory to introduce a mandatory data breach notification scheme, following a serious cyber incident last year.
But it is the recognition of the direct link between the strength of the local cyber industry and overall cyber resilience across the economy – including government – that is most interesting about this strategy. And the industry development initiatives recognise that link.
NSW Jobs and Investment Minister Stuart Ayres said the state would partner with the cyber sector to grow the local industry, leverage academic strengths, and drive international competitiveness.
“Under this strategy, Investment NSW will establish a NSW Cyber Hub, delivering a range of initiatives to accelerate the growth of NSW cyber businesses, maintain and attract the right talent to create the fluid, dynamic workforce needed to address skills gaps,” Mr Ayres said.
“NSW already has an incredible depth of talent however we need to continue to foster, cultivate and grow this pipeline to ensure our industry thrives. This strategy builds on our strengths whilst seeking to grow new ones and will help the NSW digital economy thrive.”
“The export opportunities for cybersecurity industry are enormous. From Bondi to Broken Hill, cybersecurity businesses can export to any location around the world from any city or town in NSW.”
The public consultation and industry engagement finished in late 2020. The new strategy replaces the existing NSW Cyber Security Strategy and the NSW Cyber Industry Development Strategy, combining both into one overarching cybersecurity strategy.