Cyber security and ICT systems failure

About us
About us
- About the Inspector-General for Emergency Management
  About the Inspector-General for Emergency Management
  
  An independent statutory role providing assurance to government and community in respect of Victoria's emergency management arrangements and fostering continuous improvement
- Profile
  Profile
  
  Supporting Victoria’s emergency management sector to learn, improve, and deliver positive community outcomes
- Structure
  Structure
  
  The Inspector-General is supported by an office provided by Department of Justice and Community Safety.
- Contact us
  Contact us
  
  How to contact the Inspector-General for Emergency Management
- Social media
  Social media
  
  Information about how we use social media
- Who we work with
  Who we work with
  
  IGEM connects with a range of agencies, departments and sector-related bodies with a variety of roles in emergency management
Our work
Our work
- Assurance Framework for Emergency Management
  Assurance Framework for Emergency Management
  
  The Framework supports continuous improvement and promotes a coordinated sector-wide approach to assurance
- Evaluation and review
  Evaluation and review
  
  Facilitating ongoing improvement of emergency management arrangements and supporting desired community outcomes
- How we work
  How we work
  
  A collaborative, evidence-based and community-focused approach
- Implementation monitoring
  Implementation monitoring
  
  Tracking the implementation of agreed actions and recommendations
- Performance monitoring
  Performance monitoring
  
  Proactively identifying emerging performance issues, risks and trends
Publications
Publications
- Publications
  Publications
  
  Publications about IGEM and its work
- Media releases
  Media releases
  
  Media releases
Assurance in Emergency Management
Assurance in Emergency Management
- All hazards
  All hazards
  
  Risks spanning across multiple hazard types and across the emergency management system.
- Biosecurity
  Biosecurity
  
  Exotic animal and plant disease outbreaks and pest incursions can have significant economic, community and environmental impacts.
- Bushfire and other fires
  Bushfire and other fires
  
  Bushfire and other fires have potential consequences including loss of life and property, and damage to infrastructure and environment.
- Climate change
  Climate change
  
  Risks include more days of extreme heat, harsher fire weather, less rainfall and rising sea levels.
- Communications disruption
  Communications disruption
  
  Communications services are crucial in keeping communities safe, connected and informed before, during and after emergencies.
- Cyber security and ICT systems failure
  Cyber security and ICT systems failure
  
  Risks relating to the confidentiality, availability, integrity of information and data and disruption of services.
- Energy supply disruption
  Energy supply disruption
  
  Reliable energy supplies are critical to many social and economic activities.
- Flood
  Flood
  
  Major flood events have occurred in Victoria every 10 to 20 years, with much of the increasing risk created by human settlement.
- Hazardous material incident
  Hazardous material incident
  
  Potential risks relate to many places where Victoria’s hazardous materials are manufactured, stored, transported, used and disposed.
- Heatwave
  Heatwave
  
  Heatwaves are considered to be the ‘silent killer’ of extreme weather events and are the leading cause of weather-related deaths in Australia.
- Public health emergency
  Public health emergency
  
  Risks may relate to the delivery of public health services, with impacts on community health and wellbeing and potential for loss of life.
- Supply chain disruption
  Supply chain disruption
  
  Geopolitical, environmental, economic, societal and infrastructure-related shocks can expose supply chains to wide ranging consequences.
- Terrorism and extremism
  Terrorism and extremism
  
  Attacks carried out by individuals or non-state groups with ideological, political or religious goals can result in loss of life, severe injury and/or material damage.
- Water supply disruption
  Water supply disruption
  
  Risks include collection, storage, treatment, delivery, availability and allocation of water for consumption and environmental, recreation and cultural uses.
- Workforce and resourcing
  Workforce and resourcing
  
  Risks may relate to human resource supply and skills to support emergency management operations.
Implementation Tracker

Risks relating to the confidentiality, availability, integrity of information and data and disruption of services.

Cyber threat actors regularly target governments in order to access official ICT systems and data holdings.

In addition to cyber-attacks, ICT systems failures can significantly disrupt services heavily dependent on data-related infrastructure and communications such as the emergency services' ability to respond to an emergency.

Examples of significant events include the extreme threat posed by the BlueKeep remote desktop protocol vulnerability to Microsoft systems across government and an attack on ICT systems of hospitals and health services in Gippsland and south-west Victoria, both in 2019.

I want to...

find reports on other risks

All links in the table below will open in a new window.

Organisation

Publish year

Publish year	Assurance activity	Summary	Organisation
2018	Department of Premier and Cabinet Annual Report 2017–18 (External link)	A progress report on the actions set out in the Victorian Government’s Cyber Security Strategy 2016–2020. This strategy aimed to improve the cyber resilience and governance in government and major infrastructure and service providers, and included a whole of government Cyber Incident Response Service.	Department of Premier and Cabinet
2017	ICT Disaster Recovery Planning (External link)	An audit of the effectiveness of ICT disaster recovery processes of Victoria Police and four departments providing essential government services. This report concluded that the audited organisations did not have sufficient assurance that they can recover and restore all their critical systems in the event of a disruption or disaster.	Victorian Auditor-General's Office
2014	Emergency Response ICT Systems (External link)	An audit to assess how ICT systems and processes are used to deliver an emergency service response in Victoria. The audit found what worked well and what areas could improve about ESTA, Victoria Police, Ambulance Victoria and CFA ICT systems and capacities.	Victorian Auditor-General's Office

About us

Our work

Publications

Assurance in Emergency Management

I want to...

Who we work with