Best of 2019: LGPA calls for federal aid in tackling cyber threats
Councils want Canberra's help to adopt a five-point plan to improve their cybersecurity posture.
Local Government Professionals Australia has appealed for federal government assistance in tackling cyber threats at the local government level. In a submission to the government’s 2020 Cyber Security Strategy consultation, the peak body representing the local government sector has identified five ways the government could support local government in improving its security posture.
The first of these involves developing a minimum set of standards and compliance certifications for local government, or extending existing federal standards to local government.
The peak body is also calling for an increase in government-provided incentives and training encouraging the recruitment of skilled IT workers in the cybersecurity field, particularly in regional and remote areas.
The third recommendation involves providing resources and training assistance to improve cyber awareness training for local government employees, while the fourth calls for improvement in the ability to find relevant material on the Australian Cyber Security Centre’s resource site.
Finally, Local Government Professionals Australia is recommending that the government assist in identifying and classifying Australian critical infrastructure, and then developing management plans to increase the understanding of risk to this infrastructure.
“As the managers of critical infrastructure and the frontline service delivery outlet for most Australians, local government is in a unique position to protect public assets, but is also a growing target,” Local Government Professionals Australia CEO Clare Sullivan said.
According to the body’s President Mark Crawley, local government is the least resourced public service entity to tackle cybersecurity threats.
“Local government budgets are under increasing pressure here with reduced revenue-raising capacity coupled with ageing infrastructure, increasing community expectations and cost shifting from other levels of government,” he said.
Meanwhile, joint research from the organisation and JLT found that cybersecurity is now considered by local government professionals to be the second most prominent risk facing local governments — up from eighth last year.
The leading concern is the emergence of cyber attacks, the research found, with 22% of respondents identifying this as their top cyber risk.
Other issues include an inability for council IT infrastructure to keep up with the pace of cyber risk changes and concerns over the risk of data fraud.
“As councils rely increasingly on internet connectivity to carry out business operations, they are more vulnerable to cyber risks,” the report states.
“Network intrusion, hacking, phishing, cyber extortion and social engineering are just some of the ways that today’s organisations can have their information assets compromised.”
The growing risk profile is encouraging councils to invest in the mitigation of cyber risks.
Various local government-level initiatives are also being adopted to help councils better manage their cyber risks. The report gives the example of South Australia’s Local Government Risk Services (LGRS) having introduced a cyber vulnerability and risk profiling service aimed at giving councils a holistic approach to understanding and managing their cyber risk profile.
To date, LGRS has identified a range of common issues, including a lack of robust business continuity and disaster recovery processes and mobile device management capabilities.
But the research also found that despite nominating cyber incidents and IT infrastructure as the second-highest overall risk, only 18% of respondents consider cyber threats to be contributing to concerns over business continuity and community disruption.
By contrast, the risk of an unplanned IT or telecommunications outage was considered to be the second-highest business continuity and community disruption concern after the threat posed by environmental catastrophes such as bushfires and floods.
This article was first published on 6 November, 2019.
Eleven carefully selected cybersecurity SMEs have been given an opportunity to pitch directly to...
Experts warn that the major cyber attack targeting Australian governments and businesses...
The NSW Government, AustCyber and Standards Australia have created a new task force aimed at...