This is the second annual statement by the Chief Information Security Officer on the government’s progress on Victoria's Cyber Strategy 2021.
There is a link to download a copy of this report below.
Delivering a Cyber Safe Victoria
The cyber threat environment in Australia continues to grow in scale and complexity. The Australian Signals Directorate (ASD) stated in its Cyber Threat Report 2022-2023 that Australians report a new cyberattack every six minutes. Out of those reports, one in every four is from Victoria.
Over the last year, we have seen more sophisticated cybercrime and attack methods. These are creating a higher level of impact and disruption. Technologies like Artificial Intelligence (AI) and Generative AI continue to develop, providing new challenges for organisations already operating in complex digital environments.
ASD report that the cost of cybercrime to individuals and communities has increased by 14 per cent from the previous year. Fraud and identity crime caused by privacy breaches continue to be a risk in the community.
In late 2021, the Victorian Government invested an initial $50.8 million into the Victorian Cyber Strategy. In 2023, the government invested a further $33.1 million to support a range of security tools and services and establish a Cyber Defence Centre to protect Victoria against cyber threats. The five-year strategy sets the government’s vision for creating a cyber safe Victoria.
We are delivering on the Victorian Cyber Strategy’s three core missions:
- Improving the safe and reliable delivery of government services
- Creating a cyber safe place to work, live and learn
- Supporting a vibrant cyber economy.
We are reducing the risk of adverse cyber security events on government systems and services
Over the past 12 months the Department of Government Services (DGS) has progressed on actions to reduce the risk of cyber-attacks on government systems and services.
DGS launched the Cyber Defence Centre in 2023 to improve our ability to identify, detect and block potential Victorian Government cyber threats. The Cyber Defence Centre also expands our capacity to respond to major cyber incidents.
DGS has continued to support Victorian Public Sector (VPS) entities to adopt the Australian Signal Directorate’s Essential 8 Maturity Model. The Essential 8 protects systems, personal, and sensitive information against common cyberattacks. The Essential 8 Maturity Model also improves our ability to recover from cyber incidents.
DGS, in partnership with the Victorian Managed Insurance Authority (VMIA), upskilled key leaders in organisations across the Victorian Government through dedicated training. We trained over 60 government board members on how to manage cyber risk in their organisation.
DGS is also improving the approach to procuring cyber goods and services by establishing a cyber State Purchase Contract. Once the State Purchase Contract is fully implemented, it will reduce complexity, cost and time and improve the quality of services used by the public sector.
DGS also consulted VPS cyber leaders and sought feedback through questionnaires, surveys and targeted sessions across government to improve Victoria’s cyber operating model. The draft operating model will refine our Whole of Victorian Government (WoVG) approach to cyber risk management.
The Cyber Incident Response Service (CIRS) continues to support public sector organisations when they experience a cyber incident. They provide timely and quality expert advice on cyber threat intelligence, cyber investigations, and cybercrime victim support. They also consult with law enforcement and national security offices.
We are boosting cyber security skills, talent, and career pathways
The Victorian Government has strengthened cyber career pathways and created job opportunities for Victorians, focusing on women, young people, and mid-career workers. This has been achieved through partnerships with Code Like a Girl and the Australian Women in Security Network.
The newly established Cyber Defence Centre internship program is giving five Certificate IV Cyber Security graduates hands-on experience in the government’s newly established Cyber Defence Centre. These programs help Victorians learn skills to transition into and progress within the cyber and digital workforce.
Victoria has a world-leading education system which is producing talented cybersecurity professionals. The Certificate IV in Cyber Security is one of the most enrolled courses under the Free TAFE initiative, with 3,600 Victorians enrolling in the course in 2023.
To create a thriving cyber economy, we need Victorian professionals with cyber security skills. The Department of Jobs, Skills, Industry and Regions is helping to ensure Victorian businesses can employ staff with the necessary skills through the Digital Jobs & Digital Jobs for Manufacturing programs. This includes opportunities for hundreds of mid-career workers to transition into cyber and IT roles.
Supporting the continued growth of Victoria’s cyber industry
Victoria is a key market for cyber security businesses to invest and employ Victorians.
In October 2023, the Victorian Government was a supporting partner of CyberCon 2023, Australia and the Southern Hemisphere’s largest cybersecurity conference. Over 5,000 people attended CyberCon 2023, providing opportunities for local and international cyber businesses and professionals to connect.
Building improved cyber security resilience for the community and across industries
DGS, and Victoria Police continue to improve the cyber security resilience of community and industry to reduce the harmful impacts of cybercrime.
DGS established a dedicated Cyber Safe Communities team to coordinate WoVG efforts to build community cyber resilience. We continue to provide support to empower Victorians to be safe online and make informed decisions about their cyber safety.
DGS worked with the Commonwealth Government, state, and territory governments to develop a coordinated approach to cyber security. This included a national approach to reducing harm to community members impacted by cyber incidents. DGS also supported Victoria Police to develop its cybercrime capability and continue to deter cybercrime in Victoria.
DGS developed and submitted two whole of government responses to the Commonwealth’s requests for feedback on its 2023-2030 Australian Cyber Security Strategy and its proposed legislative reforms. These were created collaboratively with input across the Victorian Government.
Looking ahead, I am pleased to share our next Mission Delivery Plan which outlines the strategic priorities to deliver the Victorian Cyber Strategy. This plan reflects the dynamic nature of the cyber security environment and our priorities to deliver a cyber safe Victoria.
Download a copy of this report:
Updated