Programs and Initiatives

Since its establishment, formerly the Office of the Government Chief Information Security Officer, the whole-of-government cyber function has grown in capacity, service offering and expertise. Cyber Security NSW has expanded to showcase a range of skills and backgrounds, encompassing the technical, policy, governance and intelligence spheres of cyber security. The team is also surpassing the proportion of women in the global cyber security workforce, which was estimated to be 20 per cent by the end of 2019. 50 per cent of Cyber Security NSW's staff are female, with two-thirds of the senior leadership team also being female.

These services include:

• Coordinating incidents across whole-of-government
• Monitoring and assessing cyber security issues and vulnerabilities
• Dissemination of threat intelligence
• Delivering research on key cyber security trends and risks
• Assisting with strategy, procedures and policy development
• Assessing compliance against the Cyber Security Policy
• Developing cyber security purchasing arrangements
• Assisting with risk appetite model rollouts
• Developing and facilitating cyber security exercises
• Delivering cyber security training and awareness
• Facilitating whole-of-government cyber security governance groups such as the Chief Information Security Officer's (CISO) Cyber Security Steering Group

In February 2019, the NSW Government launched the NSW Cyber Security Policy. This created new requirements for all NSW Government agencies to have robust, risk-based cyber security in place. As part of the NSW Cyber Security Policy, NSW Government agencies are now required by 31 August each year to assess their maturity against the Australian Cyber Security Centre's 'Essential 8'. Additionally, government agencies need to identify and report their 'crown jewels' (critical assets) and high and extreme risks and report against an expanded set of mandatory requirements. Each reporting period will enable the NSW Government to have a better understanding of our whole-of-government cyber maturity, and allow for greater, and more targeted, cyber security uplift.

Cyber security poses a state-wide risk which needs to be managed as a whole-of-government threat. As such, in 2018, the NSW Government published its first ever Cyber Security Incident Emergency Sub Plan (pdf). This Sub Plan sits under State Emergency Management Plan (EMPLAN) and is the whole-of-government plan for significant cyber security incidents or crises affecting NSW Government organisations. The Cyber Security Incident Emergency Sub Plan aims to protect the NSW Community from potential consequences of a significant cyber security incident or crisis. It describes the interaction between the Cyber Security community, business continuity personnel and the emergency management sector to reduce impacts to NSW Government services, assets and infrastructure, coordinate information flow between agencies, and communicate to the public in relation to these events.

In 2018, the NSW Government commenced implementation of a Domain-based Messaging, Authentication, Reporting and Conformance (DMARC) and brand protection solution across government. This ongoing project is crucial to protecting customers of NSW Government services. Working with cyber security teams in all departments, this project will increase the resilience of our government infrastructure by making it harder for cyber criminals to send fake emails and impersonate NSW Government websites.

In early 2020, a whole -of-government Capture the Flag (CTF) Cyber Security Team was officially formed in NSW. A capture the flag (CTF) contest is a special kind of cybersecurity competition designed to challenge its participants to solve computer security problems and/or capture and defend computer systems. NSW's CTF Team (TahSec) was born out of a smaller group established by the former Department of Justice. TahSec, now has 14 members representing 3 NSW Government departments. In 2019 the CTF team placed third in Australia and in the top 98th percentile in the entire world. In 2021, TahSec is fighting hard to be amongst the best in Australia and to place competitively against global CTF teams. The success of TahSec is due to the passion and skills that exist within cyber security professionals within the NSW Government. In order to grow our next generation of cyber professional, the NSW Government will support TahSec to compete and train towards future CTF competitions.

The NSW Government has committed to establishing a Mandatory Notifiable Data Breach scheme intended to improve data handling practices and management of incidences of breaches likely to result in harm by agencies. Introduction of a mandatory scheme will improve transparency and accountability of agencies; increase citizen trust in government agency handling of data breach incidents and provide citizens with the information needed to protect themselves following a serious data breach event. When implemented the scheme will create requirements for all NSW Government agencies for reporting and notification. As the scheme is implemented the Information and Privacy Commission (IPC) will continue to work with relevant areas of NSW government in the implementation of reporting requirements under the scheme to enable citizen rights and elevate agency awareness of and responses to data breach incidents, reporting and notification.

Cyber Security NSW works closely with ID Support NSW to lead the state’s recovery from significant cyber security incidents and data breaches. For example, following a major data breach, Cyber Security NSW will monitor the dark web for leaked personal information, conduct analysis, develop assessments and share intelligence with ID Support NSW.

ID Support NSW provides support to:

• NSW Government agencies when they have experienced a data breach or to help them prepare their breach response plans
• individual NSW customers if their government-issued identity credentials have been compromised
• NSW communities through its cyber education program

Contact ID Support NSW online or call 1800 001 040.

Established by the NSW Government to develop strategies and policies to diversify its ICT/digital partnership ecosystem and spend. The Taskforce will ensure small and medium enterprises (SMEs) can compete on an equal footing in digital technology procurement. It will also enable increased number of government supply opportunities targeting SMEs and the potential for increased spend on SMEs will include indigenous suppliers, start-ups and disability suppliers.

Established in November 2018 to facilitate connection and collaboration across the cyber security industry and other key industry sectors. Program participants are informed and connected to government run activities such as funding programs, consultations, expressions of interests to business opportunities, case studies, international missions, networking events, capability building workshops and information such as key sector reports and resources. Cyber Security Connect will be expanded to feature cyber communities to promote activities to stimulate broader community connections to share insights and best practice.

The NSW Government's Business Connect program supports small businesses to start, run, adapt or grow. Businesses can access practical business advice and events to understand cyber security threats and take action to protect their business from cyber threats.

In partnership with industry, the NSW Cyber Hub will work to grow the NSW cyber security ecosystem. The partnership will facilitate collaboration and communication between businesses, academia and government, and facilitate connections between NSW cyber security SMEs and other priority industries. The partnership will also work to share knowledge and uplift business cyber capability.

A NSW Cyber Hub will be established to help NSW cyber businesses grow by delivering a range of industry support initiatives in partnership with other agencies and industry. The Hub will act as a front door for cyber industry support and will absorb the functions previously delivered by the NSW Cyber Security Innovation Node. The NSW Cyber Hub will:

• Establish the Industry Partnership Program
• Introduce the following initiatives:
  • Accelerator in Residence Program
  • Cyber Security Industry Placement Program
• Deliver and expand the following programs:
  • Workforce Development Program
  • Cyber Connect Program
• Leverage NSW place-based precincts to connect industries, innovators and academics to generate new ideas and collaborate across industry sectors.

The Accelerator in Residence Program is designed to attract new participants to NSW and build local innovation and scaling capability in technology and cyber. The program aims to scale and grow the number of cyber companies in NSW, create more high value cyber jobs, attract investment into these businesses and facilitate export opportunities in global networks.

Proposals will be sought through an Expression of Interest process from applicants that bring value to a cyber focused program or accelerator. This approach will enable unique, industry led solutions to be established in NSW.

NSW Cyber Ambassador Program is a program to support cyber security skills and workforce development. The program has engaged a select group of businesses, academics, professionals and secondary students to promote the cyber security sector. Ambassadors undertake outreach to schools, communities, career advisor networks, education and training providers to help showcase cyber security careers, provide feedback within curriculum, share their personal experience, and opportunities to mentor students.

The Cyber Security Open P-Tech is a partnership between IBM, the NSW Cyber Security Innovation Node and the NSW Department of Education, leveraged on the STEM Industry School Partnership (SISP) initiative. IBM's Open P-TECH (Pathways in Technology) platform provides online learning resources on emerging technologies, including cyber security, cloud computing and design thinking. SISP program provides an education model that supports teachers to engage students, inspire them to study STEM and prepare them for STEM careers.

The industry-education collaboration will bolster STEM educational capabilities in regional NSW, as well as providing content alignment to industry's needs. Under the 2021 Cyber Strategy, SISP program and the NSW Cyber Node will collaborate to onboard NSW schools to Open P-Tech, thereby expanding the talent pipeline and the skills footprint.

TAFENSW Cyber Security Micro-Learning is a partnership between TAFENSW, the NSW Cyber Security Innovation Node and various industry representatives. Released in June 2020, the online cyber security micro-learning program was designed to help retrain and upskill workers during COVID-19.

Nine industry-aligned training modules provide skills uplift across a range of topics including detecting, protecting and responding to cyber-attacks. Under the 2021 Cyber Security Strategy, cyber security micro-learning will be further developed based on industry needs.

A state-wide cyber skills study and pathway mapping will provide the NSW Government with updated understanding on cyber skills and workforce gaps. The evidence-based insights will help to inform the design, and to calibrate, workforce development initiatives and curriculum. Collaboration with the Federal Government will support the development of a coordinated, national pathway for cyber careers.

The Cyber Checkme is a pilot initiative which seeks to better link university undergraduates to field experience for improved business and education outcomes. The initiative will provide a mechanism for NSW University cyber undergraduates to visit SMEs and understand their businesses.

The Cyber Security Industry Placement Program will incentivise industry to provide work placements that complement cyber security training, to address the industry identified skills gaps that exist between formal training and the workplace/industry standards. By enabling students to work and be trained in cyber roles, the Cyber Security Industry Placement Program will enhance cyber security skills and workforce capability across NSW.

The Program will support more businesses, particularly SMEs and start-ups, to invest, train and retain early cyber talent and encourage larger corporates to increase their cyber intake and grow the capability and size of the cyber security workforce. Eligible businesses will benefit from a wage subsidy over a placement period.

Boosting Business Innovation Program provides small innovative businesses access to engage with research organisations, thereby supporting local business communities to create innovation departments and economic growth. The program is delivered in partnership with 11 NSW Universities and CSIRO to provide a range of new innovation spaces (including research infrastructure and access to clean rooms) for business communities.

The NSW Government is committed to creating the biggest technology hub of its kind in Australia. Tech Central will provide up to 50,000 square metres of affordable space for start-ups and scaleups in the heart of Sydney.

As part of the NSW Government's 20 Year Economic Vision for Regional NSW, Special Activation Precincts will be created to deliver industrial and commercial infrastructure projects in dedicated regional areas that will strengthen the innovation ecosystem, attract investment, build innovation and grow jobs.