NSW needs dedicated cyber cops: Unions NSW

By Dylan Bushell-Embling
Tuesday, 13 October, 2020

Unions NSW is urging the state government to introduce mandatory reporting requirements for data breaches and implement other measures to be more transparent about the state of its cybersecurity ability.

In a submission to a NSW upper house premier and finance committee inquiry into cybersecurity, the body warned that the state’s workers and residents are being left in the dark over the risk of data breaches.

The lack of a legal requirement for disclosure of cybersecurity breaches means workers and residents may be unaware personal data has been stolen or public services have been hacked, according to Unions NSW Secretary Mark Morey.

“Without mandatory reporting requirements we have no idea about the extent of NSW’s cybersecurity problem,” he said.

“Voluntary reporting schemes don’t work. We don’t let restaurants say they’re clean — we inspect them and report illness outbreaks. We need to do the same when it comes to keeping our data protected.”

High-profile incidents like the 186,000 people left exposed when Service NSW was attacked by a phishing scheme could be just the tip of the iceberg, he said.

Unions NSW is calling for legislation that will compel agencies to report serious data breaches to a designate cyber agency. This would also involve appointing ‘cyber cops’ tasked with protecting sensitive data.

“NSW needs designated cyber cops, who can protect our data and digital assets. The rest of the world is moving on this, and our government’s inaction means we’re at risk of being caught with our pants down,” Morey said.

“The government spent $3.8 billion on cybersecurity in 2017–18. We can’t keep throwing cash at this problem and hoping it’ll go away — we actually need to invest in sustainable, permanent cybersecurity jobs to get ahead.”

The trade union body is also calling on the government to legislate against the government selling the data of its employees, and ensuring that data is maintained onshore.

“Data is the new oil. We need to make sure that the private details of NSW public sector workers don’t end up treated like a commodity,” Morey commented.

“The data of NSW public sector workers should remain in NSW. COVID-19 showed us how exposed offshoring leaves us — it’s time to bring NSW’s cybersecurity in-house and back home.”

Image credit: ©stock.adobe.com/au/Gorodenkoff