Shadow Minister for Technology Adem Somyurek said the "damning" Auditor-General’s report into the Whole-of-Victorian-Government Information Security Management Framework showed the Government is three years too late to begin developing a cyber-security strategy.
“Denis Napthine and Technology Minister Gordon Rich-Phillips have failed to take the threat of cyber-security seriously,” Somyurek told reporters.
“Minister Rich-Phillips has spent the best part of this year spruiking the Coalition’s ICT Strategy, yet only announced the development of a cyber-security strategy to protect departmental and agency ICT assets last week before the Auditor-General released its damning report.
“Cyber-security is a vital aspect of ICT, yet Denis Napthine’s strategy does not acknowledge how the state can protect its ICT interests.
“The Auditor General’s report found that the Government accounts for the second highest rate of cyber-attacks incidents amongst Australian jurisdictions.
“Denis Napthine has been spooked into action by the Auditor-General, when security should have been a priority upon entering Government.”
Somyurek said the Auditor-General’s report found Government agencies have not effectively implemented information security policy and standards, potentially exposing them to cyber-attack.
He told journalists the current information security policy has "not been endorsed by Government" and there are no current arrangements to brief Ministers if a major cyber threat affects the public sector’s ability to deliver services.
“More than 500 outer Whole-of-Victorian-Government agencies are not required to conform to any specific policy or standard.
“The Napthine Government should act immediately to implement the Auditor-General’s recommendations to ensure there is a Whole of Government approach to coordinating cyber threats.”
Premier Napthine has been contacted for comment.