Queensland government commits AU$12.5m to fight cybercrime

The Queensland government has announced a AU$12.5 million commitment to tackling cybercrime and potential threats made against the state's IT infrastructure.

Over four years, the multimillion-dollar investment will be used to form a new Cyber Security Unit and keep it running to provide further protection of the government's systems.

Speaking at the bipartisan Utilities, Science and Innovation Committee in Canberra on Wednesday, Queensland Minister for Innovation, Science and the Digital Economy Leeanne Enoch said it was critical to continue to build the armoury against cybercriminals who use increasingly sophisticated forms of computer technologies and techniques.

"A safeguard is needed to continue the protection of the government's data and systems into the future because we are not immune to this sort of crime. In fact, governments globally are often a target for perpetrators," Enoch said.

"We want to protect against future cyber attacks of government systems and data, provide leadership and support to agencies, and strengthen their capability to respond to potential security threats."

Enoch expects that the unit will see the greater monitoring of future trends in cybercrime from around the world.

"These are not necessarily criminals from our own backyard, potential threats could come from anywhere in the world and we need to understand these threats as they arise," she said.

The state government's CIO Andrew Mills said the Cyber Security Unit, which will operate out of the Chief Information Office, would provide independent expert advice to the government.

"Agencies will remain responsible for their information security and the central cybersecurity team will provide support and guidance as well as leadership," Mills said.

In November, TAFE Queensland experienced a breach that resulted in the personal details of thousands of the state's TAFE students exposed.

Playing down the breach, Queensland Attorney General Yvette D'Ath insisted that the breach did not uncover sensitive information such as financials or credit card details.

"[We're] confident that the information available that has been hacked is very low-level information in the majority of cases," D'Ath said. "In that this information is information that would be otherwise found on other public websites such as the White Pages and so forth."

However, D'Ath said for security reasons, the government would not confirm exactly what information had been hacked.

It was alleged in December that the Australian Bureau of Meteorology (BOM) had suffered from a large breach.

The BOM said its systems were fully operational and reliable in response to allegation, but at the time, it was tight-lipped.

Earlier this month, however, representatives from the BOM faced the Senate Environment and Communications Committee, probed on the reported breach, with BOM CEO Rob Vertessy saying that there had been no disruption at all to the BOM services owing to any security breaches.

"I can say a few things, the first is that there have been no security-related disruptions to our service delivery, to our ICT systems at all -- that's the first thing," he said.

"The second is that it is well known throughout the internet and the systems that we all run in government and business that there are a range of threat actors out there that require gradually improving security posture for those agencies to minimise the risks of the violations.

"All departments have them from time to time, and that's been pointed out by the Australian Signals Directorate and is the underlying imperative for us all to put in place sharpened security arrangements."