Author: Nicholas Webb

Rapid Overview

• The Digital Transformation Agency (DTA) is on the lookout for a permanent Chief Information Officer (CIO).
• This newly created permanent position is an advancement of a temporary CIO role set up in March 2023.
• The CIO will spearhead a multidisciplinary team managing IT functions, infrastructure, cybersecurity, and more.
• The role will oversee the DTA’s Azure cloud platform and collaborate closely with the Chief Operating Officer to synchronize ICT projects with business aims.
• This initiative signifies the DTA’s transition from a focus on routine IT management to a more strategic IT framework.

DTA Moves Forward with Permanent CIO Position

The Digital Transformation Agency (DTA) has begun the process of hiring for a permanent Chief Information Officer (CIO). This step follows the establishment of a temporary CIO role in March 2023, indicating the agency’s desire to strengthen its IT leadership framework.

Main Duties of the CIO Position

The permanent CIO role is situated within the business services division of the DTA’s corporate sector. The position will govern the agency’s ICT activities, infrastructure, cyber security, property management, and records administration across all DTA offices in Canberra and Sydney. Furthermore, the CIO will aid remote workers, ensuring the agency’s internal IT resources are resilient, secure, and in harmony with strategic aims.

As per the DTA’s job listing, the CIO’s duties encompass providing guidance, vision, and direction to a compact, multidisciplinary team. The role will also involve managing the agency’s Azure cloud infrastructure and working alongside Chief Operating Officer (COO) Tom Gilmartin to establish ICT needs for new technology rollouts. The CIO will play a crucial role in formulating strategic initiatives that resonate with the DTA’s business objectives.

Growth of the CIO Position

The CIO position at the DTA was first introduced in March 2023 as a temporary role. Over the past six months, it has undergone significant changes. Initially concentrated on daily IT tasks, the role has transitioned towards a more strategic emphasis, leading to the decision to create a permanent CIO position.

Records on LinkedIn suggest that Andy Tripathi, who previously worked as the Deputy CIO for the Environment, Planning and Sustainable Development Directorate in the ACT government, has been occupying the temporary CIO role at the DTA since its establishment. His experience likely offered essential insights that have influenced the current, more strategic direction for the position.

Strategic Importance of the CIO Role

The DTA’s choice to implement a permanent CIO role is a significant step aligned with its broader mission to propel digital transformation across the Australian government. With the current CEO Chris Fechner—who has substantial experience as a Chief Customer and Digital Officer and CIO—leading the agency, the significance of effective, strategic IT leadership is paramount.

This decision also indicates an increasing awareness within the Australian public sector that digital leadership positions are vital for achieving long-term organizational goals. The DTA’s focus on establishing a permanent CIO role clearly signifies the agency’s dedication to digital excellence and cybersecurity, which are of growing importance in today’s swiftly changing technological environment.

Conclusion

The Digital Transformation Agency (DTA) in Australia is paving the way for a more strategic IT direction by creating a permanent Chief Information Officer (CIO) position. Originally set up as a temporary role in March 2023, this position has developed necessitating ongoing leadership to manage the agency’s IT duties, including Azure cloud operations, cybersecurity, and strategic ICT projects. This initiative aligns with the DTA’s long-term vision of facilitating digital transformation within the Australian government.

Q: What led to the DTA’s decision to create a permanent CIO role?

A:

The DTA initially instituted a temporary CIO role in March 2023. However, as the responsibilities shifted from daily IT management to a more strategic focus, the agency opted to make the role permanent to fit its long-term digital transformation aims.

Q: What are the main tasks of the DTA’s new permanent CIO?

A:

The permanent CIO will oversee ICT operations, infrastructure, cybersecurity, property management, and records administration across the DTA’s Canberra and Sydney sites. They will also manage the agency’s Azure cloud platform and work alongside the COO to synchronize ICT initiatives with the agency’s goals.

Q: Who has been in the temporary CIO role?

A:

Andy Tripathi, formerly the Deputy CIO for the Environment, Planning and Sustainable Development Directorate in the ACT government, has been serving in the temporary CIO role at the DTA since March 2023.

Q: How does this decision connect with the DTA’s broader mission?

A:

The creation of a permanent CIO role highlights the DTA’s commitment to advancing digital transformation in the Australian government. This position is essential for ensuring that the agency’s IT operations are strategically in line with its long-term objectives, contributing to the overall digital competency of the public sector.

Brief Overview

• Celeste Lowe has been appointed the new CISO at The Lottery Corporation.
• She is set to spearhead a three-year cyber security improvement initiative.
• Lowe has more than 25 years of cyber security expertise.
• Her previous roles include key leadership positions at Ventia, Nine, and Qantas.
• Lowe appreciates The Lottery Corporation’s collaborative culture and teamwork values.

Celeste Lowe Assumes CISO Role

The Lottery Corporation has revealed the selection of Celeste Lowe as its new Chief Information Security Officer (CISO). With the aim of leading a three-year cyber security enhancement program, Lowe takes on an essential position within the company.

Celeste Lowe (Image credit: LinkedIn)

Professional History and Qualifications

Transitioning from Ventia, where she was the General Manager of Cyber Security, Lowe adds extensive experience to her new position. Her career includes valuable tenures at Nine and Qantas, where she significantly contributed to advancing enterprise cyber security. This strategic choice follows the departure of David Jenkins, the previous CISO, who left in May.

Leadership and Strategic Direction

Lowe’s appointment has been positively received by the company’s CIO, Loren Somerville, who praised her comprehensive background in the sector. “The CISO role is vital for maintaining our cyber security protections, executing our security strategy and secure solutions, overseeing cyber security and technology risks, governance, and external certification, and implementing our three-year cyber security uplift program,” Somerville stated in a company-wide communication.

Values and Teamwork

In her statement, Lowe conveyed her excitement about joining The Lottery Corporation, attracted by its commitment to collaboration, teamwork, and supportive leadership. “The distinct challenges and opportunities within The Lottery Corporation’s digital and dynamic space also piqued my interest,” she remarked. “I’m eager to develop the cyber strategy and enhance the cyber and risk delivery capabilities.”

Conclusion

The appointment of Celeste Lowe as CISO at The Lottery Corporation represents an important move in strengthening its cyber security framework. Lowe’s vast experience and dedication to teamwork are expected to effectively propel the company’s cyber initiatives.

Q: What is Celeste Lowe’s new position at The Lottery Corporation?

A: Celeste Lowe has been named the new Chief Information Security Officer (CISO) at The Lottery Corporation.

Q: What will be the main emphasis of Lowe’s role?

A: Her main focus will be leading a three-year cyber security enhancement initiative to fortify the company’s cyber security structure.

Q: What qualifications does Celeste Lowe bring to The Lottery Corporation?

A: Lowe comes with over 25 years of experience in cyber security, having held important roles at Ventia, Nine, and Qantas.

Q: Why did Lowe opt to join The Lottery Corporation?

A: She was attracted to the company for its collaborative culture, teamwork dynamics, supportive leadership, and the unique challenges and opportunities it presents.

Q: Who is Celeste Lowe succeeding as CISO?

A: She is taking over from David Jenkins, who stepped down from the role in May.

Brief Overview

• Cybercrime incidents happen every six minutes, undermining trust in services and connections.
• Zero trust represents a tactical methodology, not merely a specific tool, to bolster cybersecurity.
• Attaining zero trust maturity requires adjustment to threats and utilization of current investments.
• Collaborations with specialists such as A23 and HPE are essential for executing zero trust strategies.
• A23’s Zero Trust Maturity Assessment delivers valuable insights and guidance for enhancing security posture.

Comprehending the Evolving Threat Landscape

In the modern business climate, the dangers and risks encountered by organizations are progressing at a remarkable pace. Evidence shows a cybercrime incident every six minutes, making formerly trusted services, connections, and applications potentially unreliable. To address this, companies must continuously monitor the threat landscape and modify their security protocols as necessary.

The Intricacies of Shadow IT

The emergence of shadow IT, where applications are utilized outside the governance of formal security protocols, complicates the integration of novel security tools. As organizations struggle with handling a complex array of security applications, implementing a zero trust framework can prove to be resource-intensive and time-consuming.

The Core of Zero Trust

Zero trust is more than just a singular product or service; it is a holistic strategy focused on overseeing network and application activities, guaranteeing that only authenticated users are granted access, and confirming the absence of malicious entities. This strategy necessitates a conceptual shift to remain agile against threats and optimize existing investments.

Collaborating for Zero Trust Achievement

Realizing a zero trust strategy necessitates collaboration. Firms like A23, in conjunction with Hewlett Packard Enterprise (HPE), concentrate on protecting organizations from current threats while maintaining cost-effective adaptability. A23’s approach fosters a secure operational environment, protecting vital data and infrastructure.

Implementing a Zero Trust Strategy

A meticulously executed zero trust strategy is essential for risk mitigation. It includes verifying all actions, providing minimal required privileges, and continuously scrutinizing system activities. This methodology minimizes the potential effects of breaches, referred to as the blast radius.

Comprehensive Security Policies

Organizations must align their security policies to bolster a zero trust strategy. This entails addressing all facets of infrastructure, including personnel, identity, endpoints, data, applications, and networks, to secure critical operations.

Maximizing Existing Zero Trust Capabilities

Most organizations already have some level of zero trust capability that can be refined. A23’s Zero Trust Maturity Assessment employs an automated data and analytics engine to pinpoint opportunities for enhancing zero trust maturity and delivers actionable recommendations for progress.

Selecting the Appropriate Tools

According to Gartner’s findings, organizations often utilize up to 70 different security applications. Instead of adding more tools, companies require the right solutions and strategic alliances with partners like A23 and HPE to elevate zero trust maturity while avoiding increased complexity.

For a more in-depth perspective, consult our whitepaper on enhancing zero trust maturity with A23 and HPE.

Conclusion

Amidst the shifting cyber threats, implementing a zero trust approach is vital for Australian organizations. By leveraging existing capabilities, collaborating with specialists, and selecting suitable tools, companies can improve their zero trust maturity, safeguarding their infrastructure and data from both present and future threats.

Q: What is zero trust in cybersecurity?

A: Zero trust is a tactical framework for cybersecurity that perpetually validates the identity and actions of users within a network, guaranteeing that only authenticated individuals can access resources, thereby preventing malicious activities.

Q: Why is zero trust crucial for businesses?

A: Zero trust is critical for businesses as it provides a robust security framework that evolves alongside emerging threats, protecting essential data and infrastructure from potential breaches and cyberattacks.

Q: How can organizations establish a zero trust strategy?

A: Organizations can establish zero trust by collaborating with knowledgeable security providers like A23 and HPE, performing thorough evaluations of their existing security posture, and selecting the appropriate tools to enhance their zero trust maturity.

Q: What are the obstacles to adopting a zero trust framework?

A: Issues include the complexity of integrating new tools, overseeing shadow IT, and the time and resources required to realize the advantages of a zero trust framework.

Q: In what ways does the A23 Zero Trust Maturity Assessment assist organizations?

A: The A23 Zero Trust Maturity Assessment utilizes automated data and analytics to offer insights and actionable recommendations for enhancing an organization’s zero trust maturity, ensuring a strategic improvement in their cybersecurity posture.

Protecting Contemporary Businesses: Managing Third-Party Risks

Quick Overview

• Managing third-party risks is essential in a highly connected business landscape.
• Robust programs result in fewer data breaches and improved regulatory compliance.
• Key strategies include API security, principles of zero trust, and ongoing monitoring.
• Clarity in security practices enhances trust and operational effectiveness.

Comprehending Third-Party Risk Management

In a highly interconnected environment, enterprises need to extend their focus beyond internal security frameworks. Bhupinder Singh, President of Asia Pacific and Middle East at Vodafone Business, highlighted the necessity of addressing risks stemming from partnerships with third parties. He remarked, “We are required to partner with third parties, which brings forth extra risks that need effective management.”

Andy Linham, Principal Strategy Manager, compared businesses to fortified buildings, indicating that third-party associates resemble merchants and suppliers entering and exiting these buildings. “While we strengthen the barriers, we must also ensure the security of our engagements with these vital partners to mitigate potential risks,” Linham elaborated.

Establishing a Secure Network

Effective third-party risk management can offer substantial advantages to modern enterprises. As Singh pointed out, organizations with solid risk management frameworks encounter 20% fewer data breaches and have a 2.5 times greater chance of achieving regulatory compliance, paving the way for global growth.

Linham indicated that businesses that focus on security within third-party relations tend to enjoy increased trust and loyalty. “60% of such companies report improved partner connections,” he affirmed.

Technological Innovations and Ongoing Enhancement

Linham underscored the necessity of API security, advising safeguards for both north-south and east-west API traffic. He also recommended the adoption of zero trust network access (ZTNA) and cloud access security brokers (CASB) to strengthen security initiatives.

Singh urged for continuous oversight and reporting to secure ongoing safety. “Expansion relies on perpetual evaluation,” he stated, proposing thorough vendor risk assessments and compliance with zero trust methodologies.

Practical Guidance for Enterprises

Linham encouraged technology leaders to meticulously scrutinize their suppliers’ security protocols. “Reliable partners ought to openly demonstrate how they safeguard your data,” he observed.

Singh highlighted the necessity of nurturing a culture that prioritizes security across the supply chain to lower risks. “Security encourages regulatory compliance, operational efficiencies, trust, and organizational resilience,” he concluded.

For further insights, register for the on-demand webinar here.

Conclusion

Ensuring the safety of modern enterprises in an interconnected world necessitates a robust third-party risk management approach. By employing effective strategies, businesses can minimize data breaches, boost regulatory adherence, and cultivate stronger affiliate relationships. Leveraging technological solutions like API security, zero trust, and consistent monitoring is vital for sustaining a secure business environment.

Q&A Segment

Q: What is the significance of third-party risk management?

A: Third-party risk management is vital as it assists organizations in handling and reducing risks linked to partnerships beyond their internal frameworks, thereby ensuring data protection and adherence to regulations.

Q: What advantages come from effective third-party risk management?

A: Firms with robust risk management strategies see fewer instances of data breaches, better regulatory compliance, and enhanced relationships with partners.

Q: What technological tools can enhance third-party risk management?

A: The adoption of API security, zero trust network access, and cloud access security brokers are critical strategies for strengthening third-party risk management.

Q: How can companies promote a culture of security awareness?

A: Organizations can foster a security-conscious culture by advocating transparency in security practices, performing regular evaluations, and incorporating security measures throughout the supply chain.

Starlink’s Swift Growth Triggers Increased Oversight from ACCC

Quick Read

• Starlink’s user base in Australia has surpassed 200,000 services.
• ACCC seeks to add Starlink to the internet activity record keeping rule (RKR).
• ACCC’s RKR was established in 2018 when the ABS halted its broadband statistics collection.
• Starlink’s expansion is fueled by migrations from traditional services and efforts by Telstra to resell its offerings.
• Public feedback on the proposal is accepted until the month’s end.
• ACCC intends to release a revised RKR by September.

Starlink’s Climbing Popularity in Australia

The Australian Competition and Consumer Commission (ACCC) is closely monitoring SpaceX’s Starlink as its customer count in Australia grows rapidly. Having exceeded 200,000 services by March of this year, Starlink has established itself as a key player in the satellite internet marketplace.

ACCC’s Internet Activity Record Keeping Rule (RKR)

The ACCC plans to integrate Starlink within its internet activity record keeping rule (RKR) enacted in 2018. This rule was put in place when the Australian Bureau of Statistics (ABS) ceased the gathering of broadband subscriber and usage statistics. The RKR requires telecommunications firms to provide thorough data about their offerings to assist the ACCC in overseeing and regulating the market efficiently.

Shift from Traditional Services

The increase in Starlink’s customer base is largely due to users transitioning from older services like Telstra DSL, geostationary satellite services, and copper-based USO (universal services obligation) solutions. Especially in regional and remote areas, Starlink’s satellite internet has established itself as a credible choice, delivering faster and more dependable connectivity.

Telstra’s Collaboration with Starlink

Telstra, the leading telecommunications provider in Australia, has recently started reselling Starlink services, further enhancing its customer numbers. This partnership highlights the increasing acceptance of satellite internet as a mainstream alternative, even among established telecom providers.

Future Outlook and ACCC’s Involvement

The ACCC is poised for continued growth in Starlink’s customer base as more individuals shift from legacy systems to modern technologies. By adding Starlink as a reporting entity, the ACCC aims to gain a thorough overview of the retail and wholesale broadband landscape in Australia, thereby strengthening its regulatory capabilities.

Suggested Modifications and Public Input

In addition to monitoring Starlink’s expansion, the ACCC plans to observe the resale of low Earth orbit (LEO) satellite services. The commission is inviting public feedback on these proposals until the month’s conclusion, with intentions to implement an updated RKR by September.

Summary

As Starlink’s user base in Australia continues to rise, the ACCC is aiming to include the satellite internet provider under its rule for internet activity record keeping. This initiative seeks to clarify the broadband market landscape and enhance regulatory efforts. With Telstra reselling Starlink services and the public encouraged to express their opinions, the ACCC is preparing to unveil a revised RKR by September.

Q&A

Q: What motivates the ACCC’s interest in Starlink’s customer growth?

A:

The ACCC’s goal is to effectively monitor and regulate the broadband market. By bringing Starlink under its RKR, the ACCC can collect thorough data on internet services and usage, ensuring fair competition and protecting consumer interests.

Q: What is the Internet Activity Record Keeping Rule (RKR)?

A:

Established in 2018, the RKR requires telecom companies to submit detailed information about their broadband offerings. This rule was initiated to address the data gap created when the Australian Bureau of Statistics (ABS) discontinued its broadband statistics collection.

Q: In what ways has Starlink’s growth influenced the Australian broadband landscape?

A:

Starlink’s swift expansion, spurred by transitions from traditional services and its partnership with Telstra, has made it a pivotal entity in the satellite internet arena. This development has prompted the ACCC to pursue more comprehensive data to better understand market dynamics.

Q: What forthcoming actions will the ACCC take regarding the proposed changes?

A:

The ACCC has opened the stage for public comments on the proposed changes until the month’s end. After reviewing the feedback, the commission plans to release a revised RKR by September, which will encompass Starlink and other LEOsat-based services.

“`html

Australian Governments Embrace Microservices Over Traditional Systems

In the next five years, government operations could predominantly utilize agile microservices architectures, stated a prominent official from a Commonwealth agency at a recent assembly of peers.

Transitioning from Traditional to Microservices

“We are transitioning from a traditional tech framework to a collection of microservices,” Peter O’Halloran, chief digital officer of the Australian Digital Health Agency, conveyed during last month’s Tech in Gov conference in Canberra. This movement towards software systems built from targeted, manageable code segments is transforming governmental IT operations.

This trend is also visible in procurement activities. With dwindling budgets, escalating expectations, and cybersecurity concerns, Australian governments are searching for straightforward, ‘bite-sized’ technology solutions from nimble enterprises.

“The era of huge IT projects costing billions is over,” O’Halloran remarked. “Those days are behind us — and that’s likely a positive change.”

Modernization Challenges

O’Halloran highlighted that it is essential for government to modernize its systems, especially as disruptors like artificial intelligence (AI) and increasing citizen demands press agencies amid shrinking IT budgets. “Government was among the first to digitize numerous processes … thus, we carry a substantial amount of tech debt,” he stated during a panel discussion launching TechBest’s Public Sector Tech Report.

His observations echoed findings from the TechBest report, which indicated that, despite Australia’s impressive fifth place in the OECD’s 2023 Digital Government Index, two decades of legacies now hinder its future transformation.

Breaking Down IT Systems

To address these challenges, the public sector, including ADHA, aims to “break down” its IT systems, gradually dismantling legacy, traditional setups while reusing the same microservices across various agencies, O’Halloran explained. “You keep utilizing that function for similar applications so that over time, you create a singular tool for functions like authentication or user management. And keep enhancing those so that each time you secure funding for a new system, you can integrate with pre-existing elements you’ve modernized.

“After five years, you might realize, ‘Wow, our traditional tech architecture is halved’.” He expressed that the “next four or five procurements” for ADHA are pivotal: “And we’ll continue this on an annual basis until we eliminate the outdated tech debt we carry.”

New IT Philosophy Opens Doors for SMBs

A significant outcome of this newfound IT awareness is that smaller, agile companies previously excluded from large-scale government IT contracts can now compete for projects. IT market analyst, Gartner, noted that Australian governments could allocate as much as $27 billion for IT this year — about 60 percent at the federal level — with an annual increase of approximately 10 percent, making it collectively Australia’s largest purchaser.

O’Halloran mentioned that agencies are now open to engaging smaller, innovative suppliers with expertise in specific technologies. “We are trying to expand our supply base – looking for small enterprises that provide innovation as well as larger firms with experience in diverse products,” he stated. “Our goal is to unite the sector, harnessing innovation from all.”

Natalie Legg, CEO of Canberra systems integrator A23 and a former senior project manager at Treasury, shared O’Halloran’s perspective. She proposed that increased opportunities for smaller Australian enterprises could be a silver lining amid tightening government budgets.

“Large projects typically lead to a shortlist of just five companies capable of executing them. And we’ve seen — we are aware — of the consequences that result from this.”

Legg articulated that government agency buyers should demand evidence of competency from their suppliers: “Who has successfully executed that ‘task’ previously?” She added, “We rarely question: ‘Did they accomplish the ‘task’ they were engaged to deliver? Is it the ‘Emperor’s New Clothes’; are people ignoring the naked project in the room?”

She advised agencies to, “invest in small, agile firms that excel in these specific tasks and make that their primary focus.”

Predictions for Government Tech in 2024 – Insights Beyond AI

Gartner highlights that the emerging technologies for government procurement include adaptive security, digital identity, digital platform responsiveness, programmatic data management — alongside AI. The latter is particularly relevant for government leaders, as AI offers enhanced service delivery through various applications like chatbots, apps, and improved cybersecurity, yet agencies need personnel with advanced skills to effectively implement it.

O’Halloran stated that ADHA is retraining individuals with hands-on healthcare experience for digital roles. “They may not become expert programmers [but] as business analysts, change facilitators, and service designers, they are exceptional; they grasp our environment,” O’Halloran expressed. “Hence, I’m aiming to avoid recruitment from other organizations and instead cultivate our workforce … through individuals making mid-career transitions.”

Marcus D’Castro praised the public sector for its proactive stance compared to private sector counterparts, as it braces for an AI-driven future. “One area that stands out is data management — the consolidation, optimization, access, security, governance of data,” mentioned D’Castro, general manager at Nomura Research Institute (NRI).

“The old adage, ‘garbage in, garbage out’ has never been more applicable — if you supply Generative AI poor data, expect poor results.” He elaborated that the public sector’s approach to archival management places it “in a favorable position” to capitalize on upcoming opportunities. “The technical aspects are relatively straightforward; preparing your data to be ready and accessible is the more challenging endeavor.”

Summary

The Australian government is strategically shifting from traditional IT systems to microservices-based architectures, motivated by the need for adaptability, financial constraints, and escalating cybersecurity challenges. This transformation allows smaller, agile firms to secure government contracts and fosters a more innovative IT atmosphere. Focus on emerging technologies like AI, adaptive security, and digital identity are essential for future government IT investments.

Q: What are the primary drivers for the transition from traditional systems to microservices?

A: The transition is motivated by the necessity for adaptability, financial limitations, and increasing cybersecurity risks. Microservices facilitate more straightforward and versatile systems that can be easily modified and expanded.

Q: What impact does this shift have on smaller enterprises?

A: Smaller, agile firms that were previously excluded from comprehensive government contracts can now successfully pursue projects. This creates opportunities for innovation and diversity in government IT initiatives.

Q: Which emerging technologies are government agencies concentrating on?

A: Government agencies are emphasizing adaptive security, digital identity, digital platform agility, programmatic data management, and AI. These technologies promise significant advancements in service delivery.

“`