Despite a challenging threat environment in 2024, Cyber Security NSW progressed its mission towards a cyber-secure NSW Government. The agency not only continued to meet the growing demand for its suite of cyber security products and services but also introduced new initiatives to enhance NSW’s all-of-government cyber resilience.
The complex cyber threat landscape has increasingly necessitated that Cyber Security NSW offer customisation that accommodates the unique risk profiles seen across the NSW Government’s entities. True resilience can only be achieved by moving beyond compliance and maturity models to focus on robust risk management and resilience capabilities. As such, Cyber Security NSW has focused on implementing tailored risk mitigation strategies that address specific threats and challenges, which has resulted in more efficient and effective safeguarding of critical systems and sensitive data.
Since its establishment, Cyber Security NSW has led the NSW Government response to major cyber incidents and spearheaded public sector recovery efforts, protecting the public from harm by extension. This year saw the integration of ID Support NSW into Cyber Security NSW, which means the agency now assists members of the public directly as well, reducing identity theft and fostering privacy and identity resilience across NSW.
Collaboration has remained a cornerstone of our efforts, with Cyber Security NSW strengthening its working relationship with its Australian, state and territory counterparts throughout significant cyber incidents as well as through forums such as the National Cyber Security Committee, the Data and Digital Ministers Meeting, and the First Secretaries Group.
Bolstered NSW Cyber Security Policy fit for purpose
An early achievement in 2024 was the release of the updated NSW Cyber Security Policy, which now provides a clear baseline of minimum requirements expected of agencies, an assurance methodology, improved reporting metrics and a threat model framework.
Alongside the update, we provided supplementary guidance documents to address some of the more specific challenges facing our agencies. This included a framework to help identify crown jewels across the NSW Government, and guidance covering cloud, internet-of-things (IoT) and operational technology environments.
Easier reporting against the NSW Cyber Security Policy
The Cyber Portal – our centralised solution for agencies submitting their NSW Cyber Security Policy reporting – was greatly enhanced in 2024. It now has a more user-friendly user interface and offers specific customisations to improve data input, approvals and response collaboration. The next iteration of the Cyber Portal will expand its capabilities to: distribute intelligence threat briefings and vulnerability reports; gather metrics on engagement; submit incidents; and enhance PROTECTED file transfer. A key initiative for 2025 is establishing a working group to seek feedback on what features users need next.
Understanding the cyber threat landscape facing NSW
In November, Cyber Security NSW released its third annual NSW Government Cyber Threat Report. The report reviews and examines every cyber event and incident reported by departments, agencies and local councils over the past financial year. Through comprehensive analysis, it highlights trends and insights on cyber threats and incidents impacting the NSW Government.
Last year’s report found that phishing remains one of the most prevalent and successful types of cyber attack. Phishing attacks have grown in sophistication through the use of artificial intelligence (AI) and other readily available online tools. Meanwhile, the number of incidents stemming from systems owned or managed by a third party almost tripled, and data breaches associated with third-party compromises are increasing as well.
Cyber Security NSW is using the insights derived from the NSW Government Cyber Threat Report to guide its strategies and initiatives.
Given the sensitive nature of the report, it is restricted to an audience of relevant government stakeholders.
Enabling swift responses through proactive intelligence
Cyber Security NSW has developed an extensive suite of intelligence products that are tailored for the NSW context. By keeping government entities across emerging trends and sharing specific threats or security issues of concern, these products enable them to proactively mitigate risks. Cyber Security NSW’s intelligence team also works with entities to proactively monitor the cyber security of key events such as Vivid and elections.
In 2024 Cyber Security NSW circulated over 110 intelligence products and responded to more than 400 notifications to assist NSW Government entities in responding to cyber threats and incidents.
Leading fast and effective incident response for NSW
Cyber Security NSW and ID Support NSW continued to coordinate the NSW Government’s response to significant cyber incidents and data breaches impacting NSW in 2024.
When NSW Government entities experience a cyber incident, Cyber Security NSW provides comprehensive support to ensure they are protecting their digital assets. This involves: issuing timely advisories; sharing indicators of compromise to enhance situational awareness; offering expert guidance on mitigation and remediation strategies; conducting detailed threat and log analysis; performing network investigations to identify malicious activity; and working towards identifying threat actors through attribution efforts.
By delivering actionable insights and technical expertise, Cyber Security NSW helps entities respond and perform gap analysis to ensure containment, eradication and recovery from cyber threats, while strengthening overall security resilience. Over the past year, Cyber Security NSW responded to over 200 cyber incidents.
On the data breach side, ID Support NSW provides the centralised response function for the NSW Government, lowering the risks associated with identity theft and making it easier for individuals to seek assistance if their personal information or government proof-of-identity credentials are stolen or fraudulently obtained.
In 2024, ID Support NSW responded to 101 data breaches and sent nearly 56,466 notifications to NSW customers to inform them that their information had been compromised.
With ID Support NSW joining Cyber Security NSW in September last year, we have bolstered our ability to safeguard the confidentiality, integrity and availability of systems, services and data for NSW. This unification has enabled greater coordination, placing us in an even stronger position to protect NSW’s critical infrastructure and communities.
Collaboration for a more cyber-resilient public sector
The year saw major incidents with significant impacts for NSW, including the Outabox/Clubs NSW unauthorised access cyber incident and the CrowdStrike IT outage. In these instances, Cyber Security NSW collaborated with federal, state and territory cyber security agencies and law enforcement, including the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) and the NSW Police Force, providing services to affected NSW Government entities and communicating relevant warnings and insights.
ID Support NSW engaged numerous organisations and peak bodies, including banks, federal government agencies, the Council of Small Business Organisations Australia and the Ethnic Communities Council of NSW to develop new ways of reaching communities and supporting customers impacted by identity misuse. Our ongoing work with Transport for NSW has progressed several initiatives to help protect customers from identity theft and fraud where a driver licence is involved.
ID Support NSW signed a memorandum of understanding with the NSW Police Force that established a framework for collaboration and information sharing to prevent and disrupt identity crime and reduce harm to crime victims in NSW. Another was signed with Service NSW to set out the principles for their collaboration in assisting customers whose identity documents have been compromised.
Embedding cyber security in contractual agreements
Last year, the National Cyber Security Committee requested Cyber Security NSW help establish a consistent approach to stipulating contractual clauses around cyber security. This involved formulating clauses for over 20 information security controls and developing Tier 1 and 2 supplier security control checklists for ICT implementation services. Cyber Security NSW also assisted NSW Government agencies with their master ICT agreement framework negotiations, uplifting the collective cyber security clauses. This included working on a number of new procurements.
Ready for cyber emergencies
Last year, Cyber Security NSW completed an extensive update of the State Cyber Security Emergency Plan, which sets out the emergency management arrangements specific to the prevention of, preparation for, response to and recovery from cyber incidents that constitute an emergency in NSW, as defined by NSW’s Emergency Management arrangements.
We are now adding arrangements specific to IT incidents that constitute an emergency to the State Cyber Security Emergency Plan. Initial consultation on these arrangements took place at the end of 2024 and are expected to be implemented this year after incorporating feedback from the State Emergency Management Committee.
Cross-sector insights through Ministerial Cyber Outreach sessions
In 2024, Cyber Security NSW held two Ministerial Cyber Outreach sessions with the Hon Jihad Dib MP, Minister for Customer Service and Digital Government, and cyber security experts and leaders from government, business and academia.
These sessions explored emerging trends in identity theft and data breaches, how government can support small- and medium-sized enterprises (SMEs) to protect personal information, how the NSW Government and private sector can reduce the risk of data breaches, the challenges of mitigating cyber threats and raising cyber security awareness, and potential strategies for uplifting cyber hygiene in our communities.
A common thread in both sessions was the identification of shared objectives between the private and public sectors and the potential for greater collaboration to enhance the cyber security of NSW citizens.
These sessions were a positive step forward in achieving the objectives outlined in the Cyber Security NSW Strategic Plan, specifically in fostering partnerships and strengthening collaboration with the public and private sectors to manage cyber risks and threats, and promoting training and cyber hygiene practices that reduce the likelihood of successful cyber attacks.
Fostering a cyber-aware culture
To fortify a cyber-aware culture across the NSW Government, Cyber Security NSW developed cyber awareness communication toolkits, which included drafted weekly messages along with collated resources from Cyber Security NSW, Home Affairs, the ASD’s ACSC and other state, territory and federal government organisations to provide topical messaging, events and resources. These were supplemented with online awareness materials, including cyber security posters and guides tailored for general staff, senior leaders and councillors. Cyber Security NSW held quarterly meetings that brought together cyber security awareness staff from across the NSW Government to foster knowledge sharing and collaboration, and generate innovative ideas for raising cyber security awareness.
In 2024, Cyber Security NSW delivered cyber security awareness training to 213,851 NSW Government staff, with 211,620 e-module and 2,231 live training sessions completed. Staff were equipped with fundamental awareness training and valuable resources, such as cyber hygiene checklists, tips for detecting phishing and more. Additionally, we provided updated awareness training decks for entities to deliver tailored awareness sessions within their organisations, with a new e-module released for local government councillors.
Cyber Security NSW maintained numerous knowledge-sharing forums, bringing together cyber experts, leaders and enthusiasts from across the NSW Government through both the Cyber Security Community of Practice and Cyber Security Council Forums. These forums give members access to the latest resources, threat updates and cyber events, enabling cyber professionals to share insights, ask questions and learn from others in the field.
More than 33,000 community members, business owners and government employees received training and awareness on identity resilience from ID Support NSW in 2024. ID Support NSW held 87 in-person events and 71 webinars, reaching seniors’ groups, government staff, regional organisations and small businesses, as well as culturally and linguistically diverse communities via translated sessions. Attendees learned about online safety, scam detection, identity document protection and where to get help.
ID Support NSW developed internal online training programs for Revenue NSW and Service NSW to educate staff on the importance of keeping customer information safe and the impact of data breaches and how to report them.
The team designed and released a new online teachers’ toolkit to provide NSW high school students with the tools and guidance to spot scams and protect their personal information, with interactive activities, quizzes, videos and case studies.
Supporting members of the public affected by identity fraud
In 2024, ID Support NSW received 23,295 calls from NSW customers looking for help and made over 10,900 proactive outbound calls to those affected by identity fraud, including 1,400 ReportCyber referrals. The team managed some 27,266 cases and offered remediation advice for 15,476 credentials.
In collaboration with Cyber Security NSW, ID Support NSW continues to sweep the dark web on a regular basis to identify leaked datasets that may contain stolen credentials belonging to NSW citizens. Customers are proactively notified when their personal information is at risk of being misused. In 2024, ID Support NSW sent 905 notifications as a result of such dark web searches.
ID Support NSW continues to achieve high levels of customer satisfaction, with an average satisfaction score of 4.87 out of 5.00 from over 1,000 responses.
New data breach tools for businesses and members of the public
During 2024’s Scams Awareness Week, ID Support NSW unveiled two new tools to combat data breaches and help impacted customers check the legitimacy of breach notifications.
The ID Support NSW Data Breach Portal enables people who think they might be the victim of a data breach to check whether an email they received from ID Support NSW is authentic.
The second was the Personal Information Risk Assessment Tool (PIRAT) for those wanting to better understand their potential risks in holding customer data. The tool can be used proactively and in the wake of a data breach to assess risk based on the information’s usage and its appeal to cybercriminals.
Promoting sector development and future career opportunities
Our Cyber Security Traineeship program – designed to equip participants with practical skills and knowledge in cyber security through theoretical studies and hands-on work experience across various departments – concluded in 2024. The initiative was run in partnership with Training Services NSW, other NSW Government agencies and a group training organisation. Cyber Security NSW will build on the success of the program for future initiatives.
Partnering with the ASD’s ACSC, Cyber Security NSW delivered a privileged user training course to 47 NSW Government staff in 2024. The course covered security practices, tools and techniques for preventing cyber attacks and safeguarding information.
Cyber Security NSW continued to administer access to an external learning platform, allowing 300 NSW Government staff to access over 600 accredited short courses and pathways to micro-credentials.
Preparing for cyber incidents through exercises
In 2024, Cyber Security NSW held 17 cyber incident exercises for NSW Government entities as part of our exercise-as-a-service offering. By regularly conducting exercises, organisations can strengthen their cyber incident response, improve their cyber resilience and reduce the harm that may arise from cyber incidents.
To address a growing demand for greater customisation, Cyber Security NSW launched 11 additional scenarios as part of the build-an-exercise resource packs. Over 40 entities requested build-an-exercise resources in 2024, giving them the tools to effectively identify gaps, validate capabilities, and inform and develop cyber arrangements and processes.
Best practice advice and guidance to uplift cyber security
In 2024 Cyber Security NSW published revised guidance documents on multi-factor authentication (MFA) to include updates on: the ACSC Essential Eight and Information Security Manual (ISM); common threats; and a comparison of MFA options available.
Initially released in 2021, Cyber Security NSW revised its password manager guidance, adding a high-level security assessment of five popular password manager vendors, along with an overview of the password manager application as a security tool, recommended security controls and best practice feature settings.
In addition to detailed guidance, Cyber Security NSW regularly produces fact sheets as a succinct way to support users and entities in adopting best practice.
Last year, Cyber Security NSW addressed best practices for QR codes, providing advice on identifying suspicious QR codes, and outlining the benefits and security considerations associated with their use.
To improve password security, we released guidelines that offer practical advice based on the fourth revision of the National Institute of Standards and Technology (NIST) 800-63B guidelines. This resource was explicitly designed for NSW Government entities and technical stakeholders responsible for implementing secure password management practices. It contains a comparison of the NIST password guidelines with the ACSC ISM and the Essential Eight framework, ensuring comprehensive guidance for secure password practices.
As a follow up to the NSW Government TikTok guidance released in 2023, we produced separate security and configuration guidance on the use of the TikTok Pixel for analytical purposes.
To address the increased use of AI, Cyber Security NSW expanded on its 2023 guidance paper on AI-generated content for end users in the NSW Government, with practical advice and further information on ethical use within the government workplace.
Research and development to overcome common cyber challenges
Cyber Security NSW’s ongoing collaboration with the Cyber Security Cooperative Research Centre advanced the work on six research and development projects in 2024. The projects aim to address key challenges in resilience, capability improvement, executive gamification, strategy formulation and improving the cyber posture of SMEs. Cyber Security NSW launched the Cyber Security Capability Self-Assessment Framework as a service offering based on the outcome of one of these projects.
In order to help local councils overcome cyber security resourcing challenges due to funding or hiring constraints, Cyber Security NSW conducted an in-depth review of potential Chief Information Security Officer (CISO) models. It focused on two options: the shared CISO model, where local councils pool resources to fund a CISO that serves all of them; and the virtual CISO model, where local councils pool resources to have access to an external CISO consulting service. Through interviews and case studies from local councils and CISOs, the report assessed the benefits and challenges of these options, drawing insights for other local councils looking to overcome similar constraints.
Detecting vulnerabilities before they can be exploited
In 2024, Cyber Security NSW expanded its security assessment services to include Active Directory penetration testing, complementing its existing passive and intrusive external scanning, internal scanning, and external network and web application penetration testing.
Through its cyber security weekly summary, 25,963 unique common vulnerabilities and exposures were reported to entities, with over 9,000 of those being of high or critical severity. A total of 127 cyber security reports were disseminated to NSW Government entities, comprising vulnerability disclosure reports, external and internal scan reports, and penetration test reports. Each report provided tailored technical and remediation advice specific to the entity’s infrastructure.
Continuous vulnerability monitoring for early action
Access to Cyber Security NSW’s continuous external attack surface management tool was expanded in 2024, with 82 local councils onboarded to the platform. The service provides external network and attack surface monitoring capabilities with access to vendor risk assessment tools.
The continued uptake of the service supports our objective to proactively manage cyber risks and threats, and is a positive step forward in improving resilience across individual NSW Government entities.
Our Health Check service, which covers all eight strategies under the Essential Eight maturity model, helped three entities assess their maturity level through a technical lens.
Preventing malicious actors from impersonating government entities
We continued our work with defensive domains to mitigate the risk of malicious actors acquiring addresses to impersonate NSW Government websites. Building on the last two years of efforts to proactively register NSW Government .au second-level domains, Cyber Security NSW has implemented a new, internally developed service to track dropped domains. This service has provided 130 alerts to entities regarding domains that have appeared on a dropped list for action.
Cyber Security NSW embarked on further enhancements to email security infrastructure in July, by beginning the implementation of a canonical name (CNAME) reporting redirect for NSW Government entities. The transition to CNAME records significantly reduces the number of domain-based message authentication, reporting and conformance (DMARC) records in use across the NSW Government, minimising the time and resources required to make all-of-government DMARC updates.
Providing expert advice to the ICT Digital Assurance Framework (IDAF) gateway reviews
Cyber Security NSW continued its involvement with the Department of Customer Service digital strategy, investment and assurance team and the IDAF process in 2024, with staff serving as independent cyber security subject matter expert reviewers in five IDAF gateway reviews and assessing the cyber risk scores of 55 ICT and digital project registrations.
We also provided advice on assurance and prioritisation of NSW Government cyber security budget bids referred by NSW Treasury, utilising our assurance framework to enable consistency across government.
What’s next?
Work is well under way on multiple major pieces of work from Cyber Security NSW. For example, we have already held initial consultations on the updated NSW Cyber Security Strategy, to be released in 2025, which will have a greater focus on government resiliency and more closely align to the overarching NSW State Digital Strategy and the 2023-2030 Australian Cyber Security Strategy. With ID Support NSW now integrated into Cyber Security NSW, we are also ramping up our community engagements, preparing for face-to-face regional visits to take place later this year. In addition, the agency is looking to revamp its service catalogue, to ensure it is providing the best possible services and products to support a cyber-secure NSW Government.
It has been an honour to lead Cyber Security NSW through a complex and challenging time, and I look forward to seeing Cyber Security NSW continue to excel under the leadership of incoming NSW Chief Cyber Security Officer, Marie Patane, who has a wealth of experience leading organisations’ cyber security uplift across the public and private sectors.
For more information, please visit Cyber Security NSW or contact info@cyber.nsw.gov.au.