The Increasingly Important Need for Robust Cyber Security in both the Public & Private Sector: An Interview with Peter Auhl (CIO) for Central Coast City Council
This month I’ve had the absolute pleasure of interviewing Mr. Peter Auhl, the newly appointed Chief Information Officer (CIO) for the Central Coast Council (CCC).
Unsurprisingly, this offline interview with Peter has come at a time where the topic of Cyber Security continues to plague the headlines of both Fairfax and News Limited media for both nefarious and objectionable reasons.
The ‘heads are rolling’, so to speak, on both the ASX and mid-cap market following a spate of high-profile data breaches and hacking attempts, the most notable recent victim of which embroiled Bank of Queensland (BOQ) in controversy.
Off the back of these high-profile incidents it is also no surprise that the regulatory environment in Australia continues to reach a heightened and almost fever-pitched level of hysteria following the Banking Royal Commission.
However, for those who have followed this topic for some time it would come as no surprise, noting the steady increase in regulation following implementation of the Notifiable Data-Breach Scheme in early 2018, and the now impending deadline date for implementation of APRAs CPS 234 and Banking Executive Accountability Regime (BEAR).
Naturally in times of chaos and disorder, it is pertinent for one to stop, pause, and reflect with authoritative figures on the subject to discuss and seek their counsel.
It is even more particularly important to do so with such figures as Peter Auhl, who now face these challenges head on in an ever changing regulatory and social environment.
Doing so with the backdrop of the beautiful Terrigal Haven whilst enjoying a fantastic cuppa at Ocean Haus Café also couldn’t do any harm.
Hello Peter, firstly welcome to the Central Coast! How have you enjoyed settling in here since your move from Adelaide City Council to Central Coast Council (CCC) late last year?
Hi Reuben, thank you for the welcome. It’s been an exciting time over the last 3 months, moving to a new state has logistical challenges but I have been welcomed with open arms. I have seen some amazing sites from Somersby Falls, Pearl Beach, Mooney Mooney and lots of other beautiful locations on the coast. Being a fisherman, I’m still trying to hunt down some good GPS marks, so fishing hasn’t been fruitful yet (although I’ve heard the flathead are brimming at The Entrance).
Following your recent successes during your tenure at the City of Adelaide with the “Ten Gigabit Adelaide” project, there have since been a host of regulatory policies and frameworks passed through parliament recently, as well as a string of high-profile breaches in recent weeks. Since your recent arrival, how have you dealt with the current regulatory environment since your move to CCC? And has the topic been raised by Councillors often in recent times?
Well yes, regardless of the regulations, I have always pushed hard to ensure our systems are as secure as possible here at CCC. Having held the role of an ITSA in South Australia I understand how diligent we need to be. It’s a constant battle to keep ahead, and it’s such a complex mix of technology, people and processes. However, security and data is certainly a more common question around executive tables than it ever has been before.
In that regard, does CCC undertake any regular compliance auditing or currently retain a local Managed Service Provider (MSP) to do so? If so, how is that currently occurring? And in the event of any compromise or data breach what is CCC’s incident response plan?
Absolutely there are many controls in place at the CCC, but we are actually currently in the process of recruiting a role dedicated to this specific area! There is always more we can do and it’s obviously quite high on my agenda.
Interesting response Peter! On the back of that question then, does CCC conduct regular vulnerability scans for their network and software i.e. monthly risk management assessments?
Most definitely we do and taking my learnings from the City of Adelaide, it’s prudent to continue to test our technology as its deployed. Many of the Smart City IoT devices we deployed were thoroughly tested, not only at a software level but also tested for physical vulnerabilities, an area not always commonly covered during penetrating testing.
I’ve had the recent pleasure of being seconded to Red Piranha Limited, and somewhat unsurprisingly I have some questions to you from the Engineers there. When was the latest testing of employee awareness about security threats, infrastructure tests, and what were the results in regard to resilience against the current threat environment?
Not surprising at all, Reuben! Look I think the human side of security testing is an area that we are increasing our focus on. In fact, I have an active project currently looking at ways we can improve in this area.
RH: Interesting. On that note do you foresee Cyber Security and regulatory compliance being an issue for Local Government and State Government going forward given the recent spate of high-profile attacks on big business and the Federal Government? And do the typical problems that seem to plague business translate in to private practice?
Absolutely, and it has been an active issue across the sector for many years. I think there is an opportunity to share information across the sector to help Local Government improve. I also think there is a leadership role for larger councils to be taken on board.
Indeed, which brings us back to our next subject, knowledge and education on the issue. From an educational perspective, what would be the three key things you’d advise someone working in government or in SMB’s with respect to Cyber Security?
PA: I truly believe that this threat is a shared threat across the organisation of CCC. My proposed education program will be much focused on lifting the awareness of the threat to assist the organisation and staff understand their role in the challenge.
It’s truly comforting to hear that you’re passionate and indeed spurred to action on this topic! On that note, would you be interested in running educational talks to both business and the public in the future on this issue alongside fellow organisations in the region since you’ve now moved here? And lastly, the all-important question that we can’t let you go without asking, have you had time yet to get out in the surf since your move to this wonderful part of the world?
PA: I am 100% interested in playing a role in society on the Central Coast and I would welcome opportunities to share information and awareness. I’m very passionate about helping the business community understand more. And yes, I have had a few pummelling’s from east coast swell but I must admit I do prefer to spend my time throwing a lure above the water line (especially if there’s the prospect of rather large flathead about).
Well there you have it, Peter: a force to be reckoned with both in and out of the water.
We hope you enjoyed our interview with Peter as much as we did, so much so that we’ve decided we’ll be running a short series of talks in the coming months in conjunction with the Central Coast Council, Priority Business Lawyers and Red Piranha, centred around Cyber Security and Businesses on the Central Coast.