NSW Cyber Security Standards Harmonisation Taskforce

Introduction: Tackling cyber risk in the digital age – Creating a ‘rising tide’ to lift all boats

The risks we face are changing and amplifying in our digital world. Cyber physical systems, common digital architecture like cloud services and the rise of connectivity at-scale, all pr esent considerable social and economic opportunities. But, they also pr esent increased risks. These cyber security risks span both the macr o and micro economic contexts, such as what would occur if critical systems wer e compromised, leading to loss of services or lives, thr ough to theft of an organisation’s intellectual property, or the disclosure of sensitive information or personal data.

Addressing these risks through the adoption and use of common standards has been the focus of the NSW Cyber Security Standar ds Harmonisation Taskforce. This is not intended to imply that standards are a panacea to these risks. They ar e not. Rather, used in combination with the latest advances in technology, and embedded across global supply chains, they can assist in raising the cyber security postur e of a small to medium enterprise (SME), organisation or gover nment agency in market and inter nationally. Importantly, as you will observe in r eading the recommendations of this Taskforce, this posture is not always about technical contr ols, but equally about protective security.

It is often said in cyber security that people can be the weakest link. W e agree. Without adequate protective security measures – ranging from the physical security of facilities to personnel screening – it is unlikely that ef forts to raise the bar when it comes to cyber security will succeed to the full extent possible. The challenge her e, is embedding approaches across industry and government in a way that achieves a degr ee of uniformity, provides confidence and demonstrates an ongoing cyclical pr ocess of review, assessment and rectification. Perfection, after all, is an art form we continually strive towards.

There are logical connections here with existing and proposed regulatory reforms. The Australian Government, following other governments, is making new investments in cyber security measures and capabilities, and proposing regulatory reforms in relation to critical infrastructure. In the past, similar cycles of r egulatory activity have provided ample opportunity to consider what the policy goals we ar e trying to achieve are, to align practical frameworks to these goals, and finally, to ensure that International Standards developed, adopted and leveraged, are consistent with these. This remains contingent on industry engagement. As a result, we sincerely hope that, during the current era of reform, the deep expertise that exists within industry is har nessed to achieve an improved overall cyber security posture for our collective benefit. Finally, we thank the generous, constructive and energetic contributors from the NSW Cyber Security Standards Harmonisation Taskforce, from across industry, government and academia who helped shape this Recommendations Report.