Cyber and Infrastructure Security Centre

📢Reminder –Critical Infrastructure Risk Management Program (CRIMP) Annual Reports are due! Responsible entities must submit their CIRMP Annual Report by 28 September 2024. The Annual Report is required to be in an approved form and to include: 🔸A declaration that the CIRMP was up to date at the end of the Australian Financial Year, 🔸whether a hazard occurred that has a significant relevant impact on an asset during the year, 🔸whether any variations to the CIRMP were made during the year, 🔸whether the program was effective in mitigating any relevant impacts that hazards may have had on that asset during that year, and 🔸an attestation that the information contained within the Annual Report was approved by the Board or governing body of the entity. The CIRMP obligation is crucial to the uplift of security and resilience of critical infrastructure assets. Learn more 👉https://lnkd.in/gTzxafJM

This month we held our fourth workshop in the Critical Infrastructure Security Excellence Workshop series, this time in Perth! Attendees heard from government and industry on lessons learnt from cyber incidents, foreign interference in critical infrastructure and engaged with an industry panel and deep dive activity to share best practice on mitigating all-hazards to critical infrastructure. These workshops serve as a platform for engagement and fostering collaboration. Register for the Hobart workshop now 👉 https://lnkd.in/gkzunAPB

The 16th edition of our Newsflash is out now! 🗞️ In this edition read about our Critical Infrastructure Security Excellence Workshops, the Critical Infrastructure Risk Management Program, and our recent engagements! Read now👉

Tomorrow at 2pm AEST, we are hosting a town hall to discuss with responsible entities the Critical Infrastructure Risk Management Program Obligations and Compliance. We look forward to clarifying what information is being sought regarding cyber and information security and other risk management frameworks. This town hall will provide the opportunity for responsible entities to ask questions about the CIRMP obligation and the associated annual report and attestation compliance process. Register to attend - https://lnkd.in/eKKBPUSk

Earlier in the year, we refreshed our Organisational Resilience HealthCheck Tool (HCT)! ✅ The refreshed self-assessment HCT is informed by contemporary organisational resilience methodologies for enhancing organisational resilience in the face of all-hazards, and will allow users to assess and rate their organisation across 13 resilience indicators. We have heard from expert REAG members throughout our Critical Infrastructure Security Excellence Workshops, as they provided insights and tips on the HCT! Access the Organisational Resilience HealthCheck Tool👉 https://lnkd.in/gNKvFBFf Find out when we’re in your nearest capital city to attend our series of Critical Infrastructure Security Excellence Workshops👉 https://lnkd.in/gkzunAPB    

It has been a busy week for the Trusted Information Sharing Network (TISN) with three sector groups meeting this week! The Government Sector Group, the Health Services Sector Group and the Higher Education, Innovation and Research Sector Group all met this week. The TISN is the primary way for industry and all levels of government to work together to enhance the security and resilience of critical infrastructure. Through the TISN, members of the critical infrastructure community collaborate to strengthen the resilience of their organisations and industry sectors in the face of all-hazards. For more information or to request to join the TISN 👉 https://lnkd.in/gaJxFPFk

The Maritime Industry Security Consultative Forum (MISCF) has been taking place this week in Newcastle! 🛳 Ensuring the security and resilience of the maritime transportation system is critical in supporting the security and prosperity of our island nation. MISCF provides an opportunity for the Australian Government and the maritime industry, including peak bodies, port operators, port facility operators, shipping companies and ship operators to discuss maritime security issues through an all-hazards lens to protect Australia’s critical infrastructure. MISCF promotes the principles of consultation and the two-way sharing of information to discuss evolving threats, identifying shared challenges and the sharing of best practice approaches. Members participated in a number of exercises and discussions on current and emerging maritime security issues to promote preparedness against all-hazards.

The 2023 Critical Infrastructure Resilience Strategy provides a framework for industry and all levels of government to work together to mature the security and resilience of critical infrastructure. The Strategy sets out: - An overarching vision for critical infrastructure, - how changes in the operating environment of critical infrastructure impact on critical infrastructure security and resilience, and - how the Strategy complements existing work across government to achieve its objectives. Read the strategy as it guides Australia’s interests into the future 👉 https://lnkd.in/duXFBads 

The NCM met at 2pm to discuss the ongoing fallout from the Crowdstrike IT outages. The meeting confirmed there are some remaining teething issues across the economy particularly for companies returning to work today. CrowdStrike confirmed they have rolled out an automatic fix for affected customers which is assisting in many cases. This will likely be the last meeting of the NCM on this issue, but agencies will continue to monitor the situation. This incident has underlined the importance of software testing and embedding secure by design principles into software. Australians should continue to be alert to any phishing or scams impersonating CrowdStrike or other providers. If you see something suspicious remember: Stop, Think, Protect, and Report to Scamwatch to protect your fellow citizens.

Last year, we released the first edition of the Critical Infrastructure Annual Risk Review! This review provides a summary of the key risk-driven issues that affected Australia’s critical infrastructure over the preceding 12 months. The key points include: 🔸 Foreign involvement is infiltrating all areas of the delivery of critical infrastructure; 🔸Australia’s critical infrastructure sectors are deeply interconnected; 🔸significant disruption in one sector will affect other sectors; 🔸 post-pandemic corporate activity is increasing the touch points for foreign government contact and influence operations; and 🔸 collectively, insiders are one of the most attractive targets for malicious foreign actors. These risks are real and effect every critical infrastructure asset, it is essential for everyone to be aware of these risks to ensure Australian critical infrastructure is secure and resilient. As we get ready for the next edition, read the first edition here - https://lnkd.in/g8cBfry5