The New South Wales government’s Cyber Security NSW arm has established an identity recovery service for state government customers whose identities become compromised as a result of a “cyber incident”.
The Identity Recovery Service will allow for 500 individual referrals to IDCare to be used by NSW government departments and agencies as required.
IDCare is touted by the government as Australia and New Zealand’s national identity and cyber support service, providing an “informed and comprehensive response to any compromise of an individual’s identity information”.
Read also: How to improve cybersecurity for your business: 6 tips (TechRepublic)
Cyber Security NSW was stood up in May by the government in a bid to consolidate and lift the cyber capability of state entities.
The initiative aims to “cement the leadership and coordination role needed to enhance cybersecurity and related decision-making across the NSW government”.
Led by chief cybersecurity officer Tony Chapman, who will perform the functions previously undertaken by the NSW government chief information security officer, Cyber Security NSW sits within the Department of Customer Service.
“For customers of the NSW government this arrangement means a more direct connection between residents of NSW and the specialist support available via IDCare,” Chapman said of the new service.
“As around one in three clients of IDCare reside in NSW, our arrangement is a very practical and meaningful way the NSW government can support customers impacted by scams, identity crimes, and cybercrimes.”
The establishment of the IDCare Identity Recovery Service was promised under the NSW government’s cybersecurity strategy.
Released in September, the strategy takes a whole-of-government view on how to manage risk, borrowing the framework laid out by the National Institute of Standards and Technology (NIST).
See also: Essential reading for IT leaders: 10 books on cybersecurity (free PDF) (TechRepublic)
In addition to the IDCare solution, the strategy points to the creation of a mandatory cyber incident reporting scheme, inter-agency information-sharing, and cybersecurity-focused training for public servants.
The strategy followed the NSW Auditor-General in March 2018 asking the state to create a whole-of-government capability that encourages the sharing of cybersecurity and threat information.
During the Auditor-General’s probe, it was revealed that out of the 10 agencies investigated, two have good detection and response processes, four had a medium capability to detect and respond to incidents in a timely manner, and the remaining four had a low capability.
While it was found that most agencies have incident response procedures, some lacked guidance on who to notify and when, while some did not have response procedures at all.