Vic gov to consolidate cyber security buying power

The Victorian government will seek economies of scale in the way it buys cyber security tools and services, via a new whole-of-government sourcing arrangement.

Deputy CISO Shane Moffitt unveiled the new cyber security state purchase contract in a LinkedIn post.

State purchase contracts contain a list of approved technologies and suppliers, and are intended to maximise the state’s buying power and reduce risk by negotiating contract terms and conditions with the suppliers in advance.

The arrangement initially covers four key security domains: endpoint protection, vulnerability management, application control and third-party risk management.

For endpoint, the admitted technologies come from Fortinet, CrowdStrike and Microsoft; for vulnerability management they are Tenable and Qualys; for application control, they are Airlock Digital, Ivanti and VMware; and for third-party risk management, a single solution from CyberGRX is approved.

Moffitt wrote that setting up a cyber security state purchase contract had been “a passion project … for a long time.”

“This is the first contract of its type in Australia,” he wrote.

“I am incredibly proud of the team for achieving this outcome. 

“Following an extremely thorough vetting process a number of technologies and vendors have been selected as approved to supply [the] Victorian government.

“This consolidation of work will dramatically reduce workload on government entities, reduce time to deploy and significantly reduce costs to the Victorian government.”

A Department of Government Services (DGS) spokesperson told iTnews that the cyber security state purchase contract "is the first of its kind in Australia."

"Through this contract, we are supporting local cyber businesses and leveraging global cyber expertise," the spokesperson said.

“Cyber security has never been more important, and this contract will make it easier for government organisations to protect themselves against cyber threats.”