NSW Police to establish 24x7 SOC in cyber security overhaul

NSW Police is building an around-the-clock cyber security operations centre (SOC) to protect its critical IT systems and data holdings from attack as part of a new multi-year program of work.

The SOC, which is expected to come online from May, will be central to the force evolving its active defence capabilities – a key objective of the cyber security transformation program.

According to the Australian Cyber Security Centre, active defence involves an organisation proactively implementing a spectrum of security measures to strengthen its networks and systems.

Chief information and technology officer Gordon Dunsford told iTnews the program kicked off at scale in December thanks to additional funding provided to the force in the digital restart fund.

The fund – which was first established up in 2019 – was topped up with $1.6 billion over three years in last year’s state budget to accelerate the government's digital transformation.

Around $240 million of this is set aside for cyber security initiatives, including $60 million for the government-wide cyber security office, Cyber Security NSW, to expand its remit and staffing levels.

Dunsford said the SOC is a “natural extension” of the active defence capabilities that NSW Police has been developing, with planning and construction of the SOC now underway.

It follows a review of the force’s cyber security capabilities “against industry benchmarks and trends” and a “series of tactical acquisitions of solution and tools to evolve these”.

“[NSW Police] will evolve its cyber security capabilities beyond passive or reactive defence to active defence,” Dunsford told iTnews.

“This will provide [the force] with improved threat intelligence and predictive response opportunities."

The cyber security program will also involve the creation of a security by design (SBD) architecture practice to ensure that all IT projects benefit from modern security assurance practices at all stages.

According to Dunsford, the program is expected to result in a “substantial increase” in the size of NSW Police’s cyber security team, led by chief information security officer Michael Marsden.

Marsden is currently looking for six new technical staff, including security solutions architects, enterprise security architects, project architects and security engineers, to deliver the program.

“This is an exciting opportunity for anybody interested in large scale, advanced cyber security technologies and operational practices in the law enforcement sector,” he said in a LinkedIn post.

NSW Police’s cyber security transformation is happening alongside an equally new cyber security program at the Department of Communities and Justice (DCJ), the ‘cyber refresh program’.

The department has engaged the CSO Group to deliver a number of key services for the program over the next four years under a $16.4 million contract.

“The DCJ is committed to the protection of its clients’ identity, safety and privacy,” a spokesperson told iTnews last month.

"Cyber security requires continuous improvement to manage new challenges. The contract with CSO Group will assist with this effort.”