WA government hopes to address state’s history of cyber woe
- 19 June, 2018 13:13
Western Australia’s Office of the Government Chief Information Officer will officially cease operations at the end of June. The OGCIO is being transformed into the Office of Digital Government, which will be a discrete business unit sitting within the Department of the Premier and Cabinet.
The OGCIO was established under the previous government. The WA government revealed last year that it would continue funding the office for 12 months, with funding expiring on 30 June 2018.
The WA budget, handed down in May, revealed that the OGCIO function would be transferred to DPC. Budget papers said the move would provide “a stronger mandate for the Government’s digital transformation agenda and ensuring that information and communications technology (ICT) performance, data sharing and cyber security are strengthened”.
Giles Nunis, who in September 2015 was appointed WA government CIO, earlier this year departed the OGCIO for a role at Deloitte Consulting.
The government intends to recruit a new CIO who will lead the Office of Digital Government.
The WA government said that the shift from the OGCIO to the Office of Digital Government and its move to DPC would give the office a more focused role and a whole-of-government mandate in a number of specific areas, including cyber security.
“Creating this office within DPC ensures that digital capabilities are embedded within the McGowan government's public sector renewal program, and are better co-ordinated and implemented,” innovation and ICT minister Dave Kelly said in a statement.
The minister said that cyber security had been neglected by the previous state government.
“As the business of modern government becomes increasingly driven by technology and data, government must be prepared for the growing threat of cyberattacks,” Kelly said.
The WA government said that it would earmark $7.4 million to fund the new office, which would include more than $500,000 for a cyber security team that would focus on whole-of-government initiatives.
The government said it was launching a Cyber Security Reference Group, which would bring together nine public sector agencies to promote information security. The government is also partnering with Edith Cowan University to strengthen security.
ECU has signed a memorandum of understanding with the OGCIO.
“We welcome the opportunity to work with the state government to grow the state’s cyber capabilities and educate the next generation of cyber security professionals,” said ECU Vice-Chancellor Professor Steve Chapman.
ECU is a participant in the Cyber Security Cooperative Research Centre and last year the university received funding from the federal government for the Academic Centres of Cyber Security Excellence (ACCSE) program.
The WA government’s focus on security follows a string of unflattering audits of government agencies that have highlighted major information security problems.
The WA Office of the Auditor General in June 2017 released its ninth information systems report. In it, the state’s then auditor general, Colin Murphy, expressed frustration at the neglect of security within government agencies.
“Disappointingly, I must again report that many agencies are simply not taking the risks to their information systems seriously,” Murphy wrote in his overview.
“I continue to report the same common weaknesses year after year and yet many agencies are still not taking action. This is particularly frustrating given that many of the issues I have raised can be easily addressed. These include poor password management and ensuring processes to recover data and operations in the event of an incident are kept updated.”
In fact, Murphy’s report found that compared to the previous year’s report a number of agencies had gone backwards when it came to security.
(The report’s revelations included that WA Police were transferring sensitive information in clear text via the Internet.)
The same week as the report was released the state government issued new information security guidelines, updating the Digital Security Policy originally published in May 2016.
In early 2016, a malware infestation affected key ICT systems used by WA’s parliament.