Cyber Attacks – Are you CSP Compliant?

In recent weeks there has been considerable media coverage regarding Cyber Attacks and IT Outages relating to NSW Government Agencies

What is the extent of these attacks?

According to a 19 June 2020 article in the SMH, China-originated cyber attacks have targeted critical infrastructure including hospitals, local Councils and state-owned corporations and Transport for NSW has experienced a malicious hack causing a massive system outage.

NSW and Australian Government response

The NSW Government is developing a sector-wide cyber security strategy to replace its existing scheme and the NSW Cyber Industry Development Strategy and will allocate $240 million to cyber security.

The Minister for Customer Service, Victor Dominello said that the 2020 NSW Cyber Security Strategy will ensure the NSW Government continues to provide secure, trusted and resilient services and address the cyber workforce and skills gaps in the post-COVID-19 climate. 

The PM, Scott Morrison has pledged invest $1.35 billion to counter the wave of hacking attempts against the country.

What are NSW Government Agencies required to do?

All NSW Government agencies and cluster Departments are required to attest to the Cyber Security Policy (CSP) by 31 August. This attestation is in relation to the agency’s Information Security Management System (ISMS).

How can we help?

Centium can:

• Review and update your ISMS, based on risk and risk appetite, so that your ISMS is bespoke and fit for purpose yet in line with the CSP
• Identify the gaps which may prevent you from providing a positive CSP attestation by 31 August
• Guide you on how to fix the gaps in the CSP’s 25 mandatory requirements • Enable you to positively attest to the CSP by the deadline
• Prepare your Essential Eight maturity assessment 
• Supplement internal audit capabilities in this area
• Conduct a technical assessment of your cybersecurity defences
• Conduct your ISMS independent internal audits per CSP requirements
• Develop and/or test your Cyber Security Incident Response Plan
• Develop and/or test your Business Continuity and ICT Recovery Plans
• Assist with cybersecurity education

Centium has extensive experience in assisting agencies to ensure compliance with this requirement, as set out here.