Objective 2: Secure South Australian Government digital services

Robust cyber security processes and technologies are essential to protect sensitive public data and maintain trust in government.

The South Australian (SA) Government is committed to ensuring its digital services are secure, resilient to cyber threats, and delivered efficiently by a skilled, cyber-aware workforce.

Through the delivery of this strategic objective, government services will be secure by design, with robust security measures and strong governance integrated from the outset. By ensuring a focus on security into the design and architecture of services, potential cyber threats are addressed early, ensuring systems remain protected and trusted.

To enhance the government’s ability to respond to and mitigate cyber risks, there will be further investment and focus on advanced capabilities, such as security orchestration, automation and employing artificial intelligence. These measures, along with the further resourcing for central intelligence and incident response teams, will strengthen operational security and expand risk-based coverage across agencies, increasing resilience to cyber threats.

A skilled and cyber-aware workforce is central to the safe delivery of government services. Through a significant focus on cyber security training and awareness, SA public sector employees will be well-prepared to identify and mitigate risks, ensuring the security and efficiency of government operations.

Good governance is essential for effective cyber security and risk management. A comprehensive whole of government cyber governance model and reformed policy framework will guide relationships between government entities, improve accountability, and set modern security standards. This will help agencies and central service providers in the efficient and secure delivery of digital services.

Securing the government’s supply chain is crucial to safeguarding services. This strategy ensures that service delivery is underpinned by a secure, trusted, and risk-managed supply chain, supported by pragmatic procurement, contract management and risk management.

By focusing on scalable, efficient, and secure cyber security, the SA Government will protect sensitive data, maintain public trust, and reduce the costs associated with disruptive events.

Priority 2.1 Government services are secure by design and resilient to cyber threats.

Continue to enhance secure whole of government digital platforms and capabilities that provide scalable and effective controls for the protection of information.
Improve the transparency and awareness of the security posture of critical government digital services.
Increase understanding and adoption of contemporary security practices and architecture across government.
Enhance the visibility and observability of government digital assets to proactively identify threats and improve overall protection.
Deliver a centre of excellence for cyber intelligence and incident management, building on existing capabilities in cyber threat detection, intelligence and incident response.
Strengthen the security of identity and access management services to ensure robust protection against threats.

Priority 2.2 Government services are delivered by a skilled and cyber-aware workforce.

Establish and implement a fit for purpose skills framework that meets the cyber security needs of the SA Government.
Build a strong cyber risk aware culture across all levels of the SA Government.
Improve the attraction, retention, and development of cyber security staff within the public sector.

Priority 2.3 Government cyber services are well governed and delivered efficiently.

Develop and implement a whole of government cyber security operating model that ensures clarity on cyber roles and responsibilities across the SA Government.
Maintain and support a contemporary suite of policies, standards and guidelines that govern how all government agencies manage cyber security risk.
Establish stronger across government cyber governance, risk, and compliance practices to drive risk informed decision making.
Expand offering of cyber services through targeted investment and increased agency adoption.
Develop and implement commercial principles and governance approaches to drive risk-driven cyber investment.

Priority 2.4 Government service delivery is underpinned by a secure, trusted and risk-managed supply chain.

Drive improvement in supplier cyber risk monitoring and management practices across all government agencies.
Embed mature cyber security requirements in government procurement and contract management arrangements.