NSW cyber security agency plans further local government action

Cyber Security NSW is planning industry roundtables which it hopes will bolster security in the local government sector.

NSW Chief cyber security officer Tony Chapman

Local governments faced criticism in 2021, again in 2023, and in another sampling audit this year, leading the state government’s cyber security agency seek solutions for the sector, not just more point-in-time audits.

The agency’s latest year in review, published this week by chief cyber security officer Tony Chapman, stated that running roundtables will draw on the public and private sectors as well as academia “to discuss and develop potential solutions to common challenges.”

The NSW cyber security strategy will also be updated this year, Chapman said, “to have a greater focus on government resiliency.”

The government’s separate cyber security policy has already had an update, with the sixth version [pdf] published in February.

That update added assurance assessments to help organisations that need to report against the policy; threat-based requirements and metrics; and a best practice guide for cloud and operational technology environments.

The agency’s security assessment services were kept busy, with 33,587 external vulnerabilities detected in 2023, 691 of which were medium severity or higher.

Cyber Security NSW also provided more than 500 cyber insecurity reports to government entities, “including vulnerability disclosure reports, third-party risk assessments and dropped domain notification and penetration test reports.”