Significant resources including “cyber cops” are needed to patch security holes in the NSW Government’s data management systems, a union has warned.
A cyber attack against Services NSW which compromised 180,000 residents’ personal information in April has prompted Unions NSW to call for changes in how data is handled.
The union will demand more cyber security experts and greater transparency into any data breaches, in a submission expected to be handed to a state inquiry on cybersecurity on Monday.
“Various agencies within the NSW Government hold significant data about citizens, most notably in respect of our health, education, qualifications, assets and finances and this information has quickly become a valuable resource,” the organisation writes in the submission, seen by NCA NewsWire.
Unions NSW secretary Mark Morey compared the increasing value of personal data to an oil boom, saying in a statement he sees a risk that information about public sector workers could end up being treated like a commodity. He also warned the security risks exposed in the latest hack could be greater than the public is aware.
“NSW needs designated cyber cops, who can protect our data and digital assets. The rest of the world is moving on this, and our government‘s inaction means we’re at risk of being caught with our pants down.”
“Without mandatory reporting requirements we have no idea about the extent of NSW‘s cybersecurity problem,” Mr Morey said.
Unions NSW will recommend repatriating data stored offshore, more and better paid jobs in cybersecurity, and a requirement to report data breaches to a designated government agency, among other suggestions.
A spokesman for Cyber Security NSW said a quarter of a $240 million investment into cyber security in June had been earmarked to create an “army of cyber experts”.
“The $60 million is not only a fourfold increase in spending on cyber security but allows Cyber Security NSW to quadruple the size of its team to ensure a more resilient and cyber safe NSW, one that is connected, protected and trusted. The remainder of the $240m will be allocated to departments and agencies to uplift their cyber security posture,” the spokesman said.
Cyber Security NSW also said there is a policy in place under which departments and agencies are accountable for cyber risks.
The NSW Parliament’s upper house Inquiry into Cybersecurity will hold its first public hearing later this month.