NSW government sets up cyber and privacy resilience group to keep customer data safe

As part of a response to a cyber breach from earlier this year.

The New South Wales government has set up a dedicated cyber and privacy resilience group as part of its vow to keep customer data safe.

The formation of a so-called, dedicated taskforce that will focus on cyber resiliency and privacy risks across government was in response to the cyber attack the state government suffered earlier this year, according to NSW Department of Customer Service Secretary Emma Hogan, who is the chair of the new group.

The breach resulted in 73GB of data, which comprised of 3.8 million documents, being stolen from staff email accounts. The breach impacted 186,000 customers.

"Since the breach was discovered in April, we've invested heavily in both helping customers recover and also in understanding what went wrong, how a hacker was able to access so much customer data entrusted to us, and how we can make sure this never ever happens again," Hogan said, speaking at the Privacy Enhancing Technologies Summit for Data Sharing on Tuesday morning.

See also: Unknown commercial entity blamed for NSW driver's licence data breach

Alongside setting up the group, Hogan added that the state government is also working with the Information and Privacy Commission NSW to "embed privacy principles within the way we work".

"We've embraced the concept of 'privacy by design' to ensure that provisions and protections are built into our projects right from the start. Central to this is for agencies to undertake a privacy impact assessment for projects that might have privacy implications, together with a robust privacy reporting regime," she touted.

She continued, saying that the state government has started to "incorporate elements of privacy enhancing technologies", but admitted there was "obviously scope to do more".

"So whenever you apply for some of that AU$1.6 billion [Digital Restart] funding, you will also need to be able to demonstrate how privacy enhancing technology measures will participate in it. Privacy enhancing technologies will continue to be a major part of our privacy measures now and into the future," Hogan said.

In June, the state government announced its intentions to stand up a sector-wide cybersecurity strategy, which would supersede the cybersecurity strategy that was last updated in 2018.

The plan to create a new security document followed a AU$240 million commitment to improve NSW's cybersecurity capabilities, including investments towards protecting existing systems, deploying new technologies, and increasing the cyber workforce.

Under that commitment, the NSW government announced it would stand up a cybersecurity vulnerability management centre in Bathurst, 200kms west of Sydney.

To be operated by Cyber Security NSW, the centre would be responsible for detecting, scanning, and managing online vulnerabilities and data across departments and agencies. 

Of that AU$240 million commitment, AU$60 million would also be spent to create an "army" of cyber experts. Minister for Customer Service Victor Dominello said at the time, the creation of a cyber army would see the scope of Cyber Security NSW broadened to incorporate small agencies and councils.

"The AU$60 million is not only a four-fold increase in spending on cybersecurity but allows Cyber Security NSW to quadruple the size of its team in the battle against cyber-crime," Dominello said.

"Cyber Security NSW will train the next generation of cybersecurity experts and ensure there is a cross-government coordinated response, including advance threat intelligence sharing, cybersecurity training, and capability development."

Related Coverage