Australia launches CI-ISAC cybersecurity body to work on lifting cyber resilience across critical infrastructures

CI-ISAC, a new Australian cybersecurity not-for-profit organization that works on a membership basis, launched on Monday to provide a framework for monitoring and preventing cyber-attacks on behalf of its members. It will serve an especially important function for organizations falling within the Australian government-legislated critical infrastructure sectors and asset classes. The move comes as critical infrastructure is increasingly being targeted by cyber-attacks and the understanding that defensive strategies cannot be formulated in isolation.

The CI-ISAC is focused on operational outcomes for members, helping to raise awareness of Australian-centric threats and building context to aid risk management to help prevent attacks. The enabling capabilities will support organizations to, when necessary, respond faster and more effectively when threats are identified. Additionally, the attacker techniques are not sector specific – by empowering the industry to share cyber threat intelligence into their own trusted ecosystem, CI-ISAC helps ensure that collective defenses are enabled by taking lessons from one critical infrastructure sector and sharing across the other. 

CI-ISAC works on building communities to leverage the network effects of risk-based intelligence sharing, while also building central capabilities to help resource-constrained entities and their service providers participate effectively. Adopting a community-first approach, CI-ISAC has been designed to support and promote existing legislation and government initiatives that are working to uplift cyber resilience across critical infrastructure sectors. The primary objective of the ISAC is to grow Australia’s capability to respond to or resist cyber-attacks through the timely sharing of focussed intelligence, enabling members to proactively respond to cyber threats before they become incidents.

David Sandell, co-founder and CEO said that the CI-ISAC will deliver enabling capabilities to help protect Australia’s 11 critical infrastructure sectors and 22 asset classes defined by the SOCI (Security of Critical Infrastructure) Act. “In the last three months of 2022, Australia suffered the largest number of cyber-attacks in its history. The Optus and Medibank Private attacks specifically highlighted the need for Australian organisations to start working together to enhance their cyber defences against the increasing volume of cyber threats,” he added in a media statement.

Sandell highlighted that the CI-ISAC aims to include all 537 Australian local governments as a discreet community of cyber defenders, given that every piece of Australia’s critical infrastructure resides in the territory of a local government. He added that beyond the financial and reputational damage to organizations that have been attacked, millions of ordinary Australians have personally suffered the consequences of having their data stolen. 

“It has long been clear to cybersecurity professionals that threat actors share detailed information with each other on how best to launch attacks,” according to Sandell. “Now Australian organisations can work together to proactively defend themselves in the same way by sharing information and building a collective cyber defence capability.” 

CI-ISAC will provide the governance and trusted, independent, structured set of enabling capabilities to harness the collective power of Australian organizations to work together to defend against cyber attackers.

Steve Beaumont, non-executive director/chair of the CI-ISAC board said that “by providing a trusted platform where critical infrastructure operators can contribute and share cyber threat intelligence insights we aim to raise the cyber resilience of this vital sector. We believe our not-for-profit, industry-led capability can serve as an important companion to existing Government cyber threat intelligence sharing initiatives and that we can make a contribution to bolstering Australia’s cyber defences,” he added.

“It is one thing for Government to legislate. It is another thing altogether to implement the legal provisions to achieve the intended outcomes,” Helaine Leggat, non-executive director at CI-ISAC said. “CI-ISAC is a quantum leap in making this happen and no one needs to be left behind. CI-ISAC is like Australian Mateship embodying equality, loyalty, and looking out for one another. This is an ideal opportunity for the private sector to play a more significant part in the safety and security of Australia, its people, and economy.”

Dr. Gary Waters, strategic advisor at the organization said that cyber threat intelligence sharing improves collaboration within and between critical infrastructure organizations and coordination of threat response actions against the most critical threats. “This leads to Collective Cyber Defence, which builds cyber resilience for all organisations regardless of their scale, industry, geographical location or other factors.” 

He added that a collective cyber defense approach enables organizations to share threat intelligence in real-time to help all stakeholders gain greater situational awareness, accurately identify the major cyber risks, and take the requisite mitigation actions to help secure their vital assets. It also enables the early detection and swift response against hidden threats by smartly coordinating threat-hunting operations using threat intelligence insights gained from other organizations that face similar threats. 

In a Monday LinkedIn post, Australia’s Cyber and Infrastructure Security Centre (CISC) wrote that senior CISC officials will lead a meeting of the Critical Infrastructure Advisory Council (CIAC). “Involving state, territory, and industry representatives, CIAC oversees the Trusted Information Sharing Network (TISN) sector groups and guides the critical infrastructure community’s efforts to uplift security and resilience. Today’s meeting will provide an update on the CISC’s priorities for the coming 12 months, planning for CIS Conference ’23, and the delivery of legislation.”

Last October, the Australian government began consultation on the Risk Management Program Rule under Part 2A of the Security of Critical Infrastructure Act 2018. The initiative works towards a strong and effective government-industry partnership that is central to achieving the government’s vision for critical infrastructure security and resilience.

Anna Ribeiro

Industrial Cyber News Editor. Anna Ribeiro is a freelance journalist with over 14 years of experience in the areas of security, data storage, virtualization and IoT.