The State of Victoria has its very first chief information security officer (CISO) under the Andrews Labor Government as it seeks to protect government services and information from cyber threats.
John O’Driscoll has taken up the CISO role and joins from his previous position as senior manager of Information and Technology Risk at ANZ. He has more than 20 years' experience in IT, cybersecurity in financial services and the public sector.
O’Driscoll will lead collaboration across all of Victoria’s government departments and agencies. He will also help to assess, monitor and respond to cybersecurity risks, in addition to engaging with Commonwealth and private sector experts to deliver a resilient and cohesive security environment.
According to Special Minister of State Gavin Jennings, O’Driscoll’s extensive experience in the field makes him ideal for the state’s first CISO.
“As organised crime and others become more sophisticated in hacking and disrupting digital services, it’s crucial government steps up to better protect our public services and information – John will help us do just that,” Jennings comments.
The state’s Labor Government released its Cyber Security Strategy in August, and part of its requirements was the appointment of a CISO.
The strategy also centralises cybersecurity initiatives across a ‘whole-of-government’ approach, rather than a siloed agency-by-agency approach. According to the government, this will better protect public services and information.
The Strategy aims to develop and implement cyber security capabilities to preserve and improve the:
- Protection of sensitive citizen and other data against loss, malicious alteration, and unauthorised use - Resilience of government services, systems and infrastructure to cyber threats - Continuity of government during and following serious cyber incidents - Protection and security of new digital services for citizens - Coordination of our response to threats against infrastructure - Security and viability of Victorian Government core infrastructure.
The Government is most concerned about cyber attacks not just by lone cyber hackers, but also political ‘hacktivists’ and state-sponsored attacks.
O’Driscoll will also lead a number of key actions from the Cyber Security Strategy. These include:
- Developing cyber emergency governance arrangements with Emergency Management Victoria, so that risks are better understood and planned for as part of ongoing work to protect government assets and services - Strengthening partnerships across all levels of government and the private sector to share best practice, intelligence and insights - Rationalising and better co-ordinating the procurement of proven cyber security services - Developing a workforce plan to attract, develop and retain skilled cyber security public sector workers - Presenting a quarterly cyber security briefing to the Victorian Secretaries Board and the State Crisis and Resilience Committee, so government is better informed of cyber security issues and assessments.