Victoria’s Department of Premier and Cabinet is pushing ahead with plans to reform the way it monitors cyber security and manages its internal network assets, with two major business cases currently under development.
Ernst & Young has been commissioned to draft both strategic documents.
Grahame Coles, the DPC’s chief enterprise solutions officer, told industry members in Melbourne this week that the first of the two pieces of work was due back to government in January.
This chunk of work will create the parameters for a whole-of-government cyber security monitoring and response capability.
The state is likely to go to the private market to outsource the function, which will be responsible for monitoring and addressing network intrusions across the whole Victorian public sector.
The business case will also address ways Victoria can improve the security of the state government’s external internet gateways and boost general security expertise within the Victorian government.
The state has been criticised in the past for a lack of clarity and coordination when it comes to the security of its systems and infrastructure.
In 2013, auditor-general John Doyle complained that the state had no consistent mechanism to detect intrusions across the whole public service, and only addressed threats on an agency-by-agency basis.
The DPC has also been given the green light to write up a coordinated response plan for a serious cyber attack on public or private infrastructure.
Coles and his team have been given 12 months to devise a strategy for how Victoria would respond to a critical attack. The document will be handed to the State Crisis and Resilience Council, the state’s peak emergency management council.
The plan is expected to identify lead agencies and critical responsibilities in the emergency response, alongside strategies to combat an electronic assault on public or private infrastructure.
The second business case to be put together by Ernst & Young will champion the idea of establishing a whole-of-government network management function, to coordinate and get the most out of the disparate communications assets owned and run by Victorian agencies.
The incoming Labor government ditched the the Liberal’s ‘VicConnect’ network procurement strategy after coming to power in late 2014.
The new plan, if endorsed by Ernst & Young, will see either an internal or private sector entity appointed to be the state’s central network operations manager, elimiating the currently siloed approach to maintaining communications infrastructure.
Public sector organisations like CenITex and rail operator VicTrack already run significant internal network infrastructure and are likely to be in the running for the work, alongside private sector bids.