The Andrews Labor Government in Victoria has appointed its first Chief Information Security Officer (CISO) as the next step in keeping government services and information safe from cyber threats.
The appointment of a CISO is a key component of the Victorian government’s first ever Cyber Security Strategy released in August 2017. The strategy shifts Victoria’s cyber security approach from an agency by agency approach to a whole of government approach, to better protect public services and information.
According to the strategy document, the CISO will not replace the individual responses and accountability within each government agency to address risks in the cyber landscape, nor will it assume responsibility within these agencies to address the standards issued by the Office of the Victorian Information Commissioner.
The Chief Officer will focus on leading collaboration across Victoria’s departments and agencies helping with ongoing work to assess, monitor and respond to cyber security risks, as well as engaging with Commonwealth and private sector experts to deliver a resilient and cohesive cyber security environment.
The Special Minister of State Gavin Jennings today announced that Mr. John O’Driscoll had been appointed to the role. Mr. O’Driscoll has 20 years’ experience in information technology, with a focus on cyber security in financial services and the public sector. He was previously the Senior Manager, Information and Technology Risk at ANZ (Australia and New Zealand Banking Group). Prior to that Mr. O’ Driscoll occupied senior IT security positions at financial services company, AMP and the Commonwealth Bank of Australia.
Government networks across the world are regularly targeted by cyber-attacks, with an increasing shift from unsophisticated lone cyber hackers towards organised criminals, political ‘hacktivists’ and even foreign governments using cyber space to infiltrate, steal from and disrupt government services.
The CISO will also lead the following key actions from the Cyber Security Strategy:
- Develop cyber emergency governance arrangements with Emergency Management Victoria, so that risks are better understood and planned for as part of ongoing work to protect government assets and services
- Strengthening partnerships across all levels of government and the private sector to share best practice, intelligence and insights
- Rationalising and better co-ordinating the procurement of proven cyber security services
- Developing a workforce plan to attract, develop and retain skilled cyber security public sector workers
- Presenting a quarterly cyber security briefing to the Victorian Secretaries Board and the State Crisis and Resilience Committee, so government is better informed of cyber security issues and assessments.
Special Minister of State Gavin Jennings said, “John O’Driscoll’s extensive experience working across information technology and cyber security make him ideally suited to be Victoria’s first Chief Information Security Officer, as we seek to secure government services.”
“As organised crime and others become more sophisticated in hacking and disrupting digital services, it’s crucial government steps up to better protect our public services and information – John will help us do just that,” he added.
Several Australian states have recently appointed or are looking to appoint CISOs. In March this year, the New South Wales government appointed Dr. Maria Milosavljevic as its first CISO. She was previously the Chief Information Security Officer and Chief Innovation Officer at AUSTRAC. The South Australian government appointed public sector cyber security veteran, David Goodman, as its CISO in April 2017. Before that, he had worked for nearly a decade in IT security for the state's health service. The Tasmanian government has also been looking for a CISO.