The Victorian government is set to contract out the cyber incident response services that are offered to agencies and local councils that fall victim to cyber-attacks in a bid to “enhance” recovery.
Digital Victoria, the digital arm of the Department of Premier and Cabinet (DPC), has issued a tender to find one or more private sector providers to deliver a Cyber Response Partner (CRP) service.
The CRP service is expected to be offered through the government’s Cyber Incident Response Service (CIRS) from March 2023.
The CIRS, which was established within DPC’s Cyber Security Branch in July 2018, currently supports state government agencies and councils respond to and recover from cyber security incidents. It also leads Victoria’s response to cyber security emergencies.
Services on offer include cyber incident investigation, cyber threat intelligence and indicators of compromise exchange, and identity compromise and victim support, among others.
According to tender documents, the CRP will “ensure the continuation of the existing CIRS services” and, in doing so, “enhance” the government’s ability to respond and recover from cyber-attacks.
Digital Victoria also hopes the partner will enhance CIRS’s understanding of the threat environment including and provide it with “awareness and visibility into the Deep and Dark web”.
A Victorian-based Digital Forensic and Incident Response service will be delivered by the partner, as well as other “ongoing and by-request” services for threat intelligence and “deep and dark web scanning, analysis and reporting”.
The CRP service will also deliver “training on cyber incident response and recovery, digital forensics and threat intelligence” and participate in cyber incident response exercises, where necessary.
The services will be provided directly to the government agencies in need, but Digital Victoria has said that “requests for assistance that initiate the service will cost via CIRS only”. The government has estimated 1250 hours would be required each year.
It is unclear why the government has sought to call in an external partner to deliver the services, but tender documents point to the “scale and complexity of the contemporary threat environment”.
“Government organisations … report experiencing social engineering attacks in all its variations, phishing, spam, digital fraud and impersonation, exploited vulnerabilities, malware, and ransomware,” documents state.
One-in-four of all cyber incidents reported to the Australian Cyber Security Centre are also made by Victorians who have been the victim of a cyber-attack, according to Digital Victoria.
In its cybersecurity strategy last year, the state government outlined a significant program to uplift cybersecurity resilience across the public sector and boost industry opportunities.
Earlier this month, the government’s chief information security officer John O’Driscoll was seconded to the state’s Department of Justice and Community for 12 months. DPC chief digital officer David Cullen has subsequently stepped into the top job on an acting basis.
Do you know more? Contact James Riley via Email.