New cyber security solutions for local governments

Risk Matters - Winter 2024

LGIS Phase 2 cyber resources launched to support members in improving cyber capacity and capability.

The CrowdStrike global incident on 19 July brought into sharp focus for many organisations around the world our reliance on a small number of suppliers and the degree of cyber vulnerability. This event served as a wake-up call, emphasising the systemic nature of cyber risk. It wasn’t just a technical failure but a reminder of the potential consequences of inadequate consideration of supply chain dependencies. As local governments become more digitised, the risk of cyber-attacks increases, making it more necessary than ever to take a proactive approach to enhance the organisations’ cyber security.

The sector’s growing cyber security threat

Local government’s reliance on information technology (IT) systems makes it essential to proactively protect themselves from cyber-attacks. With the increasing frequency of cyber threats, it is imperative that members adopt comprehensive cyber security and recovery strategies to protect their infrastructure and data.

The Office of the Auditor General’s (OAG) most recent report showed that information and cyber security remains the peak concern for the sector. Annually a high number of weaknesses continue to be identified in the five related categories (namely: access management, endpoint security, human resource security, network security and information security framework). There were 473 issues at 76 entities in comparison to 324 issues at 53 entities last year with the majority of these weaknesses in categories that increase information and cyber security risks. Also of great concern, the OAG revealed that a large proportion (45%) of significant issues were unresolved findings from last year.

Other sections in this season's Risk Matters

Where we’ve been – Winter 2024

LGIS continued with our new workers’ compensation act roadshow, this time educating the northern metro members on the significant legislative changes. Together with WorkCover WA and legal partners Moray & Agnew, we delivered another tailored information session on the new Workers Compensation and Injury Management Act (2023) WA.

Read More »

What are the risks associated with an MOU?

Both MOUs and formal contracts are common instruments within the local government sector in Western Australia. However, it is important that members are familiar with significant and often subtle differences between MOUs and contracts as the risks associated with getting it wrong can be costly.

Read More »

Local governments working together to improve cyber security

Since 2022 LGIS has been working with members to support the sector in addressing cyber security concerns. Members valuable feedback and involvement has been instrumental in designing a cyber program that aims to support local government in improving cyber security practices.

From 2022 – 2023, we initiated phase 1 of our cyber program, conducting cyber risk assessments for 15 identified councils. These assessments reviewed their cyber security posture and guidance processes. The results revealed maturity ratings of each participant and confirmed that key performance areas were significantly lacking highlighting the urgent need for resources to build capacity in these areas to reduce cyber risk to councils.

Findings from phase 1 cyber risk assessments provided a summary of the key areas of concern for the sector. These findings have helped us in phase 2 to prioritise and develop guidance and tools in line with the local government’s controls and potential gaps that have been found.

We engaged Marsh’s cyber experts to use the phase 1 findings and build resources that were easier for anyone in the local government sector who needs to understand the language and strategies of cyber security. Depending on the size of the organisation, this could include CEOs, directors, procurement, and IT professionals. Using these guides will ensure that you can ask the right questions to evaluate cyber security plans, understand roles and responsibilities, talk to third-party IT providers, understand and clearly explain what your local government needs to do.

Guide 1: The Essential Eight security controls

This guide recommends a systematic approach to aligning IT processes and mitigation strategies with the requirements of the Essential Eight security controls. It focuses on practical, step- by-step measures that can be implemented with relative ease, providing a solid foundation for any cyber security strategy while also allowing members to choose which maturity level (ie: 1, 2, or 3) they want to work towards.

By adopting this systematic framework, local governments can effectively respond to recent changes and updates based on the Essential Eight security controls and adapt to the changing technological environment.

Guide 2: Cyber Incident Response Management

This second guide provides a comprehensive approach for members to enhance their cyber incident response capabilities. Cyber incident response management (CIRM) involves the effective and efficient handling and mitigation of security incidents that arise from various cyber threats, including digital attacks, natural events, technical failures, human errors, or third-party actions.

By preparing for a wide range of potential incidents, local governments can ensure they are ready to respond to any threat. Our guide breaks down what’s required for the development of an effective CIRM plan into three vital sections, namely:

Section 1: Who’s responsible?

Identifying all stakeholders involved and their roles is the first step in preparing an effective CIRM plan. This includes elected members, senior management and operational staff. Ensuring buy-in across the business is crucial for the plan’s success. All parties play a crucial part in the implementation and execution of the plan.

Additionally, governance also plays a vital role in ensuring commitment across the organisation. Aligning the CIRM plan with broader strategic objectives and relevant processes and structures is essential for effective cyber security management.

Section 2: Develop and implement

This section of the guide provides nine practical steps for developing and implementing the organisation’s CIRM plan. It will guide you through assessing assets and current vulnerabilities, containing and removing weaknesses, gathering and handling evidence, and managing remediation and recovery processes. These steps are designed to provide a structured approach to building a resilient cyber security framework.

Section 3: Important considerations

Local government operates within a unique legislative and regulatory environment. This section offers guidance on the sector and jurisdictional arrangements essential for a CIRM plan. It also addresses notification responsibilities and provides examples to demonstrate these considerations. Understanding the specific legal and regulatory requirements is crucial for effective incident response.

What’s next?

Over the coming months, we’ll be implementing phase 3 of our cyber program. This final phase will see LGIS travel across the state to deliver 15 metro and regional workshops in person to further support members in uplighting their cyber security.

Explore our resources

Using these resources and incorporating suggested strategies can significantly enhance member’s cyber security posture, safeguard their operations, and protect their reputation and stakeholder privacy. With the right measures in place, members can ensure they are prepared to face the evolving landscape of cyber-threats, maintaining the trust and confidence of their communities.

We are now turning our efforts into implementation, which will see in-person workshops delivered across the state to support members in adopting the recommendations within the guidelines.

Find these new resources in the member only section of the LGIS website at Risk Management > Cyber risks > Cyber risks resources or have a chat with your account manager.

Share on Twitter
Share on LinkedIn

Other sections of this season's Risk Matters

CEO’s Message – Winter 2024

Welcome to the Winter edition of 2024! As we wrap up the financial year, we’d like to take this opportunity to thank you for your continued support. We’re pleased to share that we’ve had a complete renewal with an outstanding 100% retention of our membership.

Read more »