Cyber threat actors regularly target governments in order to access official ICT systems and data holdings.

In addition to cyber-attacks, ICT systems failures can significantly disrupt services heavily dependent on data-related infrastructure and communications such as the emergency services' ability to respond to an emergency.

Examples of significant events include the extreme threat posed by the BlueKeep remote desktop protocol vulnerability to Microsoft systems across government and an attack on ICT systems of hospitals and health services in Gippsland and south-west Victoria, both in 2019.

All links in the table below will open in a new window.

Publish year Assurance activity Summary Organisation
2014 Emergency Response ICT Systems (External link) An audit to assess how ICT systems and processes are used to deliver an emergency service response in Victoria. The audit found what worked well and what areas could improve about ESTA, Victoria Police, Ambulance Victoria and CFA ICT systems and capacities. Victorian Auditor-General's Office
2017 ICT Disaster Recovery Planning (External link) An audit of the effectiveness of ICT disaster recovery processes of Victoria Police and four departments providing essential government services. This report concluded that the audited organisations did not have sufficient assurance that they can recover and restore all their critical systems in the event of a disruption or disaster. Victorian Auditor-General's Office
2018 Department of Premier and Cabinet Annual Report 2017–18 (External link) A progress report on the actions set out in the Victorian Government’s Cyber Security Strategy 2016–2020. This strategy aimed to improve the cyber resilience and governance in government and major infrastructure and service providers, and included a whole of government Cyber Incident Response Service. Department of Premier and Cabinet
2019 Security of Water Infrastructure Control Systems (External link) An audit examining whether control systems in the water sector are secure, it reviewed governance arrangements over these control systems for four water providers: Barwon Water (BW), Melbourne Water (MW), VDP and Yarra Valley Water (YVW). Victorian Auditor-General's Office
2020 ACSC Annual Cyber Threat Report: July 2019 to June 2020 (External link) An identification of key cyber security threats targeting Australian systems and networks, and case study examples of malicious activity targeting Australian networks, between July 2019 and June 2020. It provides mitigation advice that all Australians and organisations can take to defend against these threats. Australian Cyber Security Centre
2021 ACSC Annual Cyber Threat Report (External link) An identification of key cyber threats affecting Australian systems and networks, with strategic assessments, analysis, and case studies to describe malicious cyber activity affecting Australian networks between July 2020 an June 2021. It provides mitigation advice to Australians and organisations can take to protect their networks from cyber threats. Australian Cyber Security Centre