CI-ISAC Australia’s response to the Nation Cyber Security Strategy

If there was one word to describe the recently launched Cyber Security strategy, it would be “opportunities” – both for us to come together as a nation and to establish Australia as a world-leader in building sovereign cyber capability.

The parallel launch of an action plan, with lead agencies is confirmation that the commonwealth is already moving to execute, accountabilities have been agreed and key stakeholders are engaged to drive the various initiatives forward.

While CI-ISAC Australia looks to support initiatives across all six shields, we will take this opportunity to summarise the opportunities outlined in “Shield 3 - Threat Sharing & Blocking”.

The commonwealth’s acknowledgement of the need for a cross sectoral approach to intelligence sharing is well aligned to the model that CI-ISAC Australia has operationalised over the last 9 months. Our experience shows that at least 50-60% of threats observed can be leveraged across sectors to defend systems, which was also praised by our members at our recent Annual General Meeting. CI-ISAC Australia is the “team of teams” that facilitates the sharing of structured and unstructured intelligence and building of shared capabilities.

Our experience shows that at least 50-60% of threats observed can be leveraged across sectors to defend systems

A key aspect of collective defence is to both inform and support participants. Our approach of working with mature members across sectors to the support response efforts of less mature members aligns well to desired future state outlined in the strategy.

Sharing at machine speed has been at the heart of the ACSC’s CTIS program from the outset, and the investing in this capability is marked as a strategic priority, and enabler for future threat blocking initiatives. As an ACSC partner and integrated with CTIS, CI-ISAC Australia extends these sources with our own intelligence and provides a curated threat feed to members regardless of maturity.

We need to acknowledge that for the vast majority of entities, building a machine-to-machine intelligence capability is not feasible.

CI-ISAC Australia has commissioned interfaces from our Threat Intelligence Platform to interface directly into member SIEMS, firewalls and web gateways - lowering the barrier for SMBs, and other less mature entities and enabling them benefit from automated threat indicators.

Collaboration, knowledge-sharing and gaining cross-sectoral perspectives is called out as an area to be invested in as part of the operational threat intelligence sharing uplift. We can attest to the value of this approach, having run cross sectoral sharing forums for over six months and consistently gaining feedback from members on how this is helping them build their own internal threat intelligence capabilities.

There are already numerous excellent communities across the Australian CI sectors, and we would encourage any initiatives spun up as part of the cyber strategy to leverage these as part of their uplifts. Having partnered with the Higher Education (AHECS) ISAC from our inception, we can attest to the benefits of a partner-first approach to build on existing communities of trust.

We also welcome the initiative to incentivise mature players to share observed threats.? ISACs are only as strong as the number of members who actively share CTI information, and these incentives should help foster a culture of sharing.

We support the Government’s commitment to support the Australian Health sector via an ISAC.? While we do not believe this needs to be a pilot – CI-ISAC Australia has been operational since February 2023 and have Healthscope leading sharing for this sector – we agree it is a worthy priority.?

Having visibility into threats to the Health Sector over our first months of operation, we are acutely aware of the direct and indirect risks our health providers face.

In many instances simple mitigations exist to reduce exposure, like the SocGholish phishing threats observed across the GP network in Q2-23. Other reported threats have required a collaborative response within our National Threat Intel Forum to help drive defensive improvements.

Having a trusted, independent partner that facilitates and supports intelligence sharing and building of capabilities within and across sectors ensures investment in one area benefits all and that no company is left behind.

A rising tide may lift all boats, however if the vast majority aren’t even in the water, then we risk a missed opportunity.