Cyber Crisis Emergency Management

No sector of the Australian economy is immune from the impact of malicious cyber activity and the damage it can cause to government, organisations, critical infrastructure and the community.

As our reliance on information and communications technology has grown, so too has the need for incidents to be effectively managed.

To help protect South Australia from the rapidly increasing risks and potential impacts of cyber crisis emergencies, the Department of the Premier and Cabinet (DPC) is the appointed Hazard Risk Reduction Leader and Control Agency for Cyber Crisis in South Australia, under the Emergency Management Act 2004 and the State Emergency Management Plan (SEMP).

Cyber Crisis Hazard Risk Reduction Leader

In this role, DPC is the lead for South Australia’s planning to reduce the state-wide consequences of a cyber security emergency. DPC facilitates and oversees the comprehensive state-wide planning process for prevention, preparedness, response and recovery relating to a cyber hazard.

The role of the Cyber Crisis Hazard Risk Reduction Leader includes the responsibility to:

  1. Undertake a leadership role for the planning of emergency management activities pertaining to a cyber crisis.
  2. Prepare, review and maintain a Cyber Crisis Hazard Plan according to Part 4 of the SEMP.
  3. Review other plans prepared under the SEMP to ensure that all aspects of their assigned hazard have been addressed.
  4. Identify issues where:
    1. the approach to mitigating the risks from a cyber crisis is not coordinated
    2. work with agencies to ensure appropriate coordination occurs.

More information about the role of hazard leaders is available in the SEMP.

Control Agency for Cyber Crisis

In this role, DPC supports all government departments to respond to cyber security incidents and coordinates South Australia’s response to significant cyber security incidents and emergencies, including those affecting multiple sectors or communities.

Emergency services and other agencies in South Australia are assigned significant and specific responsibility in legislation and the emergency management arrangements. For each emergency there is only one control authority (e.g. Control Agency) responsible for resolving that emergency.

Authority for control carries with it responsibility for tasking and coordinating other organisations in accordance with the needs of a situation. Authority includes:

  • The SEMP, formed under Section 9 (1) (b) of the Act, identifies DPC as the Control Agency for ‘Cyber Crisis’.
  • State and Deputy State Controllers of the Control Agency for Cyber Crisis are appointed ‘Authorised Officers’ under the Emergency Management Act 2004.
  • State and Deputy State Controllers may also direct workers of a government agency to conduct in a particular manner, specific to the containment/response to incidents, in accordance with the requirements of Cabinet Circular PC042- Cyber Security Incident Management.

Find out more about the responsibilities in the Premier and Cabinet Circular 042  - Cyber Security Incident Management and the SEMP.