CISC Newsflash: Edition 15

From the Cyber and Infrastructure Security Centre

Welcome to our second Newsflash for 2024! We’ve had a flying start to the year with various engagements and the launch of products aimed at educating and assisting critical infrastructure owners and operators. It has been busy so let’s get right into it!

Is your organisation healthy?

We are pleased to announce the refreshed Organisational Resilience HealthCheck Tool has launched!

The updated self-assessment tool will allow users to assess and rate their organisation across 13 resilience indicators and is informed by contemporary methodologies for enhancing organisational resilience in the face of all hazards.

This self-assessment tool provides guidance to both groups and individuals on actions that can be taken to improve an organisation’s resilience. The tool is endorsed by the Resilience Expert Advisory Group (REAG) and developed collaboratively by the University of Tasmania and the Department of Home Affairs.

New Guidance Materials for Systems of National Significance

Systems of National Significance (SoNS) are Australia’s most important critical infrastructure assets. Under the SOCI Act, SoNS may be subject to one or more Enhanced Cyber Security Obligations which have been designed to ensure critical infrastructure entities have well-tested plans in place to respond to and mitigate against a cyber-attack.

The CISC are supporting entities responsible for SoNS with new guidance material on Enhanced Cyber Security Guidance - Incident Response Planning and Cyber Security Exercise. The Incident Response Planning obligation came into effect from 1 April 2024 for all responsible entities that had SoNS assets declared in August 2023.

We are on Instagram!

We celebrated the launch of our new Instagram account with an exclusive fireside chat on International Women’s Day! This is the next step in our continuing commitment to expanding our social media presence and aiding our capacity to inform critical infrastructure stakeholders on important updates and events.

Follow us on Instagram @cisc_au to join our 5,000 combined followers across LinkedIn, X and Instagram to access up-to-date critical infrastructure information.

International Women’s Day celebrations

The CISC celebrated this year’s International Women’s Day (IWD) by hosting a discussion between some highly admirable women from cyber and infrastructure security.

The fireside chat provided an opportunity to hear advice from women who have succeeded in a rapidly evolving and changing environment. A key point discussed was the importance of adaptability at work and enjoying the journey to finding something you are passionate about.

“I still don't know what I want to be when I grow up. But the journey is half the fun and having brilliant people around us, including strong, inspiring women, is fantastic.” - Emily Grant, Assistant Secretary Industry Partnerships Branch

Be inspired and listen to the IWD fireside chat exclusively on our Instagram!

ANU’s Critical Infrastructure insights course

In March, the Australian National University’s National Security College hosted their ‘Critical infrastructure insights’ course. This course was designed for industry in consultation with the CISC! With a focus on risk identification and mitigation strategies, this course supported our guiding mission of strengthening resilience as well as uplifting industry awareness of the current threat landscape. Stay tuned for potential future courses.

REAG and CIAC Meetings

Two huge events on the CISC calendar happened in March! Catastrophic exercise planning was run first by the REAG then the following day by the Critical Infrastructure Advisory Council. Activities included a speed dating exercise where sector groups identified interdependences and then responded to jurisdictional scenarios.

These two activity days were a great opportunity for TISN members to come together and discuss interdependencies in the face of a crisis. Our interconnected approach to emergency response will continue to strengthen Australia’s resilience and events like these are critical in forward planning.

We have been engaging!

Our senior staff continue to attend public engagements to further our interconnectedness with industry. Deputy Secretary Hamish Hansford, First Assistant Secretary Sally Pfeiffer and Acting First Assistant Secretary Joe Smith presented recently at the ONE Cyber Summit in Sydney.

Since December 2023, we have hosted a range of public events, including town halls and deep dives to consult with industry on the reforms to the Security of Critical Infrastructure Act 2018. These public events were a success with over 1,900 attendees.

The consultation period has now closed and we have received over 130 submissions from across all sectors. The majority of feedback was positive, including on the consultation program itself.

Since establishment, our focus has been on education and awareness raising, except for any detected egregious non-compliance. As a regulator, we have worked with many partners to increase understanding of SOCI Act obligations, and help owners and operators to understand that compliance is both an important legal obligation and a crucial element for the protection of the essential services all Australians rely on.

Looking toward the future, our commitment to education and awareness is unchanged. During the third and fourth quarters of 2023-24 we will start to undertake a limited series of trial audits, testing industry compliance with SOCI Act obligations. This will inform and guide the commencement of compliance audit activities in 2024-25.

In 2024-25, we aim to balance our continuous efforts to educate and raise awareness, with compliance activities. This aims to effectively drive an uplift in regulated entity compliance.

Upcoming Events

In 2024, the CISC is going on tour!

We will be hosting our ‘Security Excellence Workshops’ throughout the country. We’ll be kicking things off in Adelaide in May!

These workshops will feature presentations, activities and demonstrations from key representatives from government and industry, as well as provide a great networking opportunity. They will focus on all-hazards Australian critical infrastructure entities face.

Stay tuned as we announce the dates that we will be in your state or territory!

More details to come…follow our social media channels on Instagram, LinkedIn and X to be the first to know.