As our world becomes increasingly digitised, the threat of malicious cyber activity continues to grow. the Department of Customer Service, New South Wales Government, is at the forefront of addressing these challenges, transforming its cybersecurity capabilities to ensure the protection of critical information and services for over eight million people across New South Wales.
Under the leadership of Chief Information Security Officer (CISO) Sam Mackay, DCS has embarked on a comprehensive journey to build a world-class cybersecurity function. This government body, responsible for delivering customer service, digital transformation and regulatory reform, is committed to safeguarding the data and systems that underpin its operations.
DCS is the pivotal government agency that coordinates interaction between citizens and government services. As the publicās front door to government services, it was set up to provide easy access and place the people of NSW at the centre of service delivery. The department has also become a leader in digital products and digital services, being the first in Australia to issue digital driverās licences and paving the way for digital identities globally.
āWhen you can actually see the work your department and the agencies within it are delivering, you can know youāre making a difference,ā Sam begins.
A strategic vision for cybersecurity
DCS has committed to developing a world-class cybersecurity function that not only addresses the current cyber threat landscape but also anticipates and mitigates emerging risks. This vision aligns with the broader Australian objective of becoming a global leader in cybersecurity by 2030, as outlined in the 2023-2030 Australian Cyber Security Strategy. DCS security strategy emphasises the importance of building strong defenses, protecting critical infrastructure and enhancing threat detection and response capabilities across the nationāā.To achieve its vision, DCS is focusing on these key areas:
ā¢ Strengthening cyber resilience: DCS aims to build a robust and resilient cybersecurity framework that can withstand evolving cyber threats. This involves implementing advanced security technologies, improving incident response capabilities and ensuring that all systems and data are protected with the highest standards of security
ā¢ Collaboration and coordination: DCS is working closely with Cyber Security NSW and other government entities to align its cybersecurity initiatives with state-wide and national strategies. This collaboration is crucial for ensuring a cohesive approach to cybersecurity, where information sharing and coordinated responses to incidents are prioritisedā
ā¢ Leveraging advanced technologies: The department is investing in cutting-edge technologies such as AI and machine learning to enhance its threat detection and response capabilities. These technologies are critical in enabling NSW DCS to proactively identify and mitigate potential threats, thereby staying ahead of cybercriminals
ā¢ Professionalising the cyber workforce: A significant component of becoming a world-class cybersecurity function involves developing a skilled and capable workforce. DCS is focused on upskilling its cybersecurity teams and fostering a culture of continuous learning to ensure that its staff are equipped to handle the complexities of modern cyber threats
By pursuing these strategic priorities, DCS is positioning itself as a leader in the cybersecurity space, ensuring that it not only meets the challenges of today but is also prepared to navigate the uncertainties of the future. This approach aligns with the overarching goal of the Australian government to make the country the most cyber-secure nation by 2030.
Prioritising the protection of the people of NSW
In an era where digital services are increasingly integrated into daily life, the government recognises the importance of protecting personal information as a fundamental right. This proactive stance underscores that robust cybersecurity measures are essential for maintaining public trust and ensuring that all residents can confidently engage with digital government services.
Sam emphasises the critical importance of protecting data: āWhile continually digitising, we acknowledge the need to protect the data and information we hold. Continued investment is essential to building a world-class cybersecurity function. Our mission is to ensure that our systems and services are resilient against any threats that may arise.ā
The focus is on creating a resilient digital environment that allows NSW to lead by example. This forward-thinking approach positions NSW as a proactive leader in the cybersecurity landscape, ensuring that the state is prepared for future challenges.
By embedding cybersecurity into its digital strategy, the NSW government is sending a clear message: the protection of the people of NSW is paramount. This commitment is not merely financial ā it is a pledge to citizens that their government will remain vigilant and relentless in pursuing their digital safety.
Collaboration with Cyber Security NSW
A critical component of DCSā cybersecurity strategy is its close collaboration with Cyber Security NSW, the stateās dedicated cybersecurity body housed within the DCS. Cyber Security NSW plays a pivotal role in enhancing the stateās overall cyber resilience by providing centralised leadership, coordination and support across all NSW government entities.
Cyber Security NSW and the DCS Cyber and Information Security Office work in tandem to align their efforts with state and national strategies. This partnership ensures that NSWās cybersecurity initiatives are consistent with the latest standards and practices, effectively mitigating risks across the stateās digital infrastructure. Together, they focus on areas such as threat intelligence sharing, incident response coordination and the implementation of state-wide security policies.
Cyber Security NSW provides DCS with valuable resources, including threat intelligence and sector wide insights and reporting, which are crucial for staying ahead of emerging cyber threats. This collaboration is further supported by state-wide initiatives, such as the enforcement of Domain-based Message Authentication, Reporting & Conformance (DMARC) across government subdomains, which significantly enhances email security.
Leveraging advanced technologies
DCS is at the forefront of integrating cutting-edge technologies into its cybersecurity operations. The department is actively utilising AI to enhance its threat detection and response capabilities. AI-driven solutions allow for the rapid analysis of large datasets, enabling the department to identify and mitigate threats more rapidly and efficiently. This technology is particularly valuable in managing the complex security landscape that comes with large-scale digital transformation initiatives.
In addition to AI, DCS is advancing its digital identity initiatives. The NSW Digital Identity and Wallet project is a pioneering effort to transform how residents interact with government services. This secure, smartphone-based system allows individuals to verify their identities and credentials with ease while ensuring that their personal information remains protected.
Partnering for success
To achieve its cybersecurity objectives, after meeting strict government procurement policies and processes, DCS has partnered with several leading technology providers, each playing a crucial role in enhancing the departmentās security capabilities.
ā¢ Cloudflare: Cloudflare has been instrumental in enhancing DCSās network resilience. By leveraging Cloudflareās global network infrastructure, the department has significantly mitigated the risk of Distributed Denial of Service (DDoS) attacks, which are a common and disruptive cyber threat. Cloudflareās Web Application Firewall (WAF) has provided an additional layer of protection by filtering out malicious traffic before it reaches DCSā web applications, ensuring that only legitimate traffic is allowed through. This has been essential in maintaining the availability and security of DCSās online and digital services
ā¢ SailPoint: Identity governance is critical in ensuring that the right individuals have access to the right resources at the right times. SailPointās Identity Governance and Administration (IGA) platform has enabled DCS to automate and manage identity lifecycle processes efficiently. With SailPoint, the department can enforce strict access controls, manage user identities across various systems and ensure compliance with internal policies and regulatory requirements. This has been particularly important in managing the complex and dynamic access needs of a large government department
ā¢ Okta: Okta has played a vital role in securing access to DCSās systems through its identity and access management (IAM) solutions. Oktaās Single Sign-On (SSO) and Multi-Factor Authentication (MFA) capabilities have provided DCS with secure, streamlined access management. By reducing the reliance on passwords and implementing MFA, Okta has significantly lowered the risk of unauthorised access due to compromised credentials. Additionally, Oktaās adaptive authentication has enabled DCS to assess risks in real-time, adjusting authentication requirements based on the context of access attempts
ā¢ Pentera: Continuous validation of security posture is crucial in ensuring that defenses remain effective against evolving threats. Penteraās automated security validation platform has allowed DCS to emulate real-world attack scenarios and test the effectiveness of its security measures continuously. By identifying vulnerabilities and weaknesses in its defenses before attackers can exploit them, DCS can proactively address security gaps and enhance its overall resilience
ā¢ Palo Alto Networks: Palo Alto Networks has been a key partner in fortifying DCSā network and endpoint security. Through its next-generation firewall (NGFW) and advanced endpoint protection solutions, Palo Alto Networks has provided comprehensive threat prevention capabilities, including protection against malware, exploits and advanced persistent threats (APTs). The integration of Palo Altoās cloud security solutions has also enabled DCS to secure its cloud environments, ensuring that data remains protected across all platforms
These partnerships bring invaluable expertise and advanced technologies, allowing DCS to maintain a proactive and comprehensive cybersecurity strategy.
Looking ahead: A mission to secure the future
āOur mission is clear,ā Sam emphasises. āItās about protecting the information and systems the department holds and operates. We are continually adjusting our posture to ensure weāre ready to respond to persistent and emerging threats.ā
DCS is committed to continuing its journey toward becoming a world-class cybersecurity function, setting an example for other public sector organisations in how to effectively protect and secure digital government services.
Explore the latest edition of Cyber Magazine and be part of the conversation at our global conference series, Tech & AI LIVE and Cyber LIVE.
Discover all our upcoming events and secure your tickets today.
Cyber Magazine is a BizClik brand
- How Cisco Protects AI Agents From the World of Cyber ThreatsTechnology & AI
- How is Mastercard's New Trust Platform Combatting Scams?Cyber Security
- Akamai: Why AI-Driven Threats are Intensifying for FinanceTechnology & AI
- Trend AI: Agentic AI Adoption in Finance Overlooks SecurityCyber Security