Infrastructure WA

Recommendation 3

Improve cybersecurity practices for state-owned and regulated infrastructure owners and operators

Recommendation

3. Manage critical risks and support digital transformation by improving cybersecurity practices for state-owned and regulated infrastructure owners and operators, including:

  1. clearly articulating state and federal government cybersecurity obligations to government infrastructure owners and operators
  2. implementing mechanisms to mandate application of the Western Australian Cyber Security Policy by government trading enterprises
  3. updating the Strategic Asset Management Framework’s Strategic Asset Plan and Business Case guidelines to require all infrastructure strategic asset plans and business cases to demonstrate compliance with the Western Australian Cyber Security Policy and, where applicable, the Security of Critical Infrastructure Act 2018 (Cth).
WA Government response

The WA Government responded to Foundation for a stronger tomorrow in February 2023. Recommendation 3 is fully supported. For further information please refer to the response document.

Actions:

3.6 Continue to implement the WA Government's Cyber Security Policy

3.7 Implement the updated Strategic Asset Management Framework (SAMF)

Current Implementation Progress
2/2 actions complete

3.6 Complete
Implementation is complete, noting that the scope of the revised policy includes GTEs.

3.7 Complete
Implementation is complete, noting that Treasury, in consultation with DPC, will continue to monitor for any emerging cybersecurity challenges or improvement opportunities.

Relevant Links and supporting documents