Cyber security and ICT systems failure

About us
About us
- About the Inspector-General for Emergency Management
  About the Inspector-General for Emergency Management
  
  An independent statutory role providing assurance to government and community in respect of Victoria's emergency management arrangements and fostering continuous improvement
- Profile
  Profile
  
  Supporting Victoria’s emergency management sector to learn, improve, and deliver positive community outcomes
- Structure
  Structure
  
  The Inspector-General is supported by an office provided by Department of Justice and Community Safety.
- Contact us
  Contact us
  
  How to contact the Inspector-General for Emergency Management
- Social media
  Social media
  
  Information about how we use social media
- Who we work with
  Who we work with
  
  IGEM connects with a range of agencies, departments and sector-related bodies with a variety of roles in emergency management
Our work
Our work
- Assurance Framework for Emergency Management
  Assurance Framework for Emergency Management
  
  The Framework supports continuous improvement and promotes a coordinated sector-wide approach to assurance
- Evaluation and review
  Evaluation and review
  
  Facilitating ongoing improvement of emergency management arrangements and supporting desired community outcomes
- How we work
  How we work
  
  A collaborative, evidence-based and community-focused approach
- Implementation monitoring
  Implementation monitoring
  
  Tracking the implementation of agreed actions and recommendations
- Performance monitoring
  Performance monitoring
  
  Proactively identifying emerging performance issues, risks and trends
Publications
Publications
- Publications
  Publications
  
  Publications about IGEM and its work
- Media releases
  Media releases
  
  Media releases
Assurance in Emergency Management
Assurance in Emergency Management
- All hazards
  All hazards
  
  Risks spanning across multiple hazard types and across the emergency management system.
- Biosecurity
  Biosecurity
  
  Exotic animal and plant disease outbreaks and pest incursions can have significant economic, community and environmental impacts.
- Bushfire and other fires
  Bushfire and other fires
  
  Bushfire and other fires have potential consequences including loss of life and property, and damage to infrastructure and environment.
- Climate change
  Climate change
  
  Risks include more days of extreme heat, harsher fire weather, less rainfall and rising sea levels.
- Communications disruption
  Communications disruption
  
  Communications services are crucial in keeping communities safe, connected and informed before, during and after emergencies.
- Cyber security and ICT systems failure
  Cyber security and ICT systems failure
  
  Risks relating to the confidentiality, availability, integrity of information and data and disruption of services.
- Energy supply disruption
  Energy supply disruption
  
  Reliable energy supplies are critical to many social and economic activities.
- Flood
  Flood
  
  Major flood events have occurred in Victoria every 10 to 20 years, with much of the increasing risk created by human settlement.
- Hazardous material incident
  Hazardous material incident
  
  Potential risks relate to many places where Victoria’s hazardous materials are manufactured, stored, transported, used and disposed.
- Heatwave
  Heatwave
  
  Heatwaves are considered to be the ‘silent killer’ of extreme weather events and are the leading cause of weather-related deaths in Australia.
- Public health emergency
  Public health emergency
  
  Risks may relate to the delivery of public health services, with impacts on community health and wellbeing and potential for loss of life.
- Supply chain disruption
  Supply chain disruption
  
  Geopolitical, environmental, economic, societal and infrastructure-related shocks can expose supply chains to wide ranging consequences.
- Terrorism and extremism
  Terrorism and extremism
  
  Attacks carried out by individuals or non-state groups with ideological, political or religious goals can result in loss of life, severe injury and/or material damage.
- Water supply disruption
  Water supply disruption
  
  Risks include collection, storage, treatment, delivery, availability and allocation of water for consumption and environmental, recreation and cultural uses.
- Workforce and resourcing
  Workforce and resourcing
  
  Risks may relate to human resource supply and skills to support emergency management operations.
Implementation Tracker

Risks relating to the confidentiality, availability, integrity of information and data and disruption of services.

Cyber threat actors regularly target governments in order to access official ICT systems and data holdings.

In addition to cyber-attacks, ICT systems failures can significantly disrupt services heavily dependent on data-related infrastructure and communications such as the emergency services' ability to respond to an emergency.

Examples of significant events include the extreme threat posed by the BlueKeep remote desktop protocol vulnerability to Microsoft systems across government and an attack on ICT systems of hospitals and health services in Gippsland and south-west Victoria, both in 2019.

I want to...

find reports on other risks

All links in the table below will open in a new window.

Organisation

Publish year

Publish year	Assurance activity	Summary	Organisation
2023	Cybersecurity: Cloud Computing Products (External link)	An assessment of a select a range of agencies, including government departments, a local council, a water authority, a health service and other entities approach to cybersecurity, the report makes 7 recommendations to address weaknesses and improve cybersecurity.	Victorian Auditor-General's Office
2023	Senate Select Committee on Foreign Interference through Social Media (External link)	Foreign interference through social media is a real, pervasive and growing threat and this report makes 17 recommendations aimed to make Australia an even harder target for the sophisticated disinformation campaigns of authoritarian regimes.	Parliament of Australia
2023	ASD Cyber Threat Report 2022-2023 (External link)	Australian governments, critical infrastructure, businesses and households continue to be the target of malicious cyber actors. This annual report illustrates that both state and non-state actors continue to show the intent and capability to compromise Australia’s networks, and also highlights the added complexity posed by emerging technologies such as artificial intelligence.	Australian Government
2023	Select Committee on Foreign Interference through Social Media (External link)	A report that states foreign interference is now Australia’s principal national security threat and risks significantly undermining our values, freedoms and way of life. The report makes 17 recommendations relating to social media platforms in Australia	Parliament of Australia
2022	Administration of Critical Infrastructure Protection Policy (External link)	An assurance audit that examines whether the Department of Home Affairs, as policy and regulatory lead, has an effective approach to protecting Australia’s assets of national significance and supports asset owners and operators to improve their resilience to attacks. It makes seven recommendations aimed at: the use of risk management to inform decision-making; establishing an engagement strategy; having appropriate performance measurement; improving the existing framework to manage compliance; and support and review the effective use of all available regulatory tools.	Australian National Audit Office
2022	The Commonwealth Cyber Security Posture in 2022 (External link)	A report on the implementation of cyber security measures across the Commonwealth government for the period January 2021 to June 2022, its findings indicate that the cyber security posture across the Commonwealth is well-established in some areas but requires improvement in others.	Australian Government
2022	ACSC Annual Cyber Threat Report 2021-22 (External link)	A report that provides an overview of key cyber threats impacting Australia, how the ACSC is responding to the threat environment, and crucial advice for Australian individuals and organisations to protect themselves online. It identifies 7 key cyber security trends in the 2021–22 financial year.	Australian Cyber Security Centre
2021	ACSC Annual Cyber Threat Report (External link)	An identification of key cyber threats affecting Australian systems and networks, with strategic assessments, analysis, and case studies to describe malicious cyber activity affecting Australian networks between July 2020 an June 2021. It provides mitigation advice to Australians and organisations can take to protect their networks from cyber threats.	Australian Cyber Security Centre
2020	ACSC Annual Cyber Threat Report: July 2019 to June 2020 (External link)	An identification of key cyber security threats targeting Australian systems and networks, and case study examples of malicious activity targeting Australian networks, between July 2019 and June 2020. It provides mitigation advice that all Australians and organisations can take to defend against these threats.	Australian Cyber Security Centre
2019	Security of Water Infrastructure Control Systems (External link)	An audit examining whether control systems in the water sector are secure, it reviewed governance arrangements over these control systems for four water providers: Barwon Water, Melbourne Water, Victorian Desalination Plant and Yarra Valley Water.	Victorian Auditor-General's Office

About us

Our work

Publications

Assurance in Emergency Management

I want to...

Who we work with