Cyber and Infrastructure Security Centre

The Government Sector Group is meeting today 📍 Officials from all levels of government collaborate and coordinate on critical infrastructure matters within the Trusted Information Sharing Network's (TISN) Government Sector Group. Governments own and operate critical infrastructure assets, they also provide legislative and regulatory settings, and support the Australian critical infrastructure sectors. If you are involved in critical infrastructure you may be able to join the TISN, apply today 👉https://lnkd.in/gaJxFPFk

📢Attention responsible entities of critical infrastructure – you have less than three weeks to submit your Critical Infrastructure Risk Management Program (CIRMP) Annual Report!   Your CIRMP Annual Report must be in the approved form, which includes the following:   🔸 A declaration that the CIRMP was up to date at the end of the Australian financial year, 🔸 whether a hazard occurred that has a significant relevant impact on an asset during the year, 🔸 whether any variations to the CIRMP were made during the year, 🔸 whether the program was effective in mitigating any relevant impacts that hazards may have had on that asset during that year, and 🔸 an attestation that the information contained within the annual report was approved by the Board or governing body of the entity.   Your annual report does not need to contain the CIRMP, however it must be sufficient to assure that your program remains up to date and appropriate. Read more about your requirements while submitting 👉 https://lnkd.in/gzGefgWv

Prepare for the 3G network switch off! Since 2019, Australia's mobile network operators have been preparing to switch off their 3G networks to boost the capacity, speed and reliability of their 4G and 5G networks. 📱 Telstra and Optus will be switching off their 3G mobile networks on 28 October 2024. Vodafone has already switched off its 3G network. Check if your mobile phone will be affected when the 3G network is switched off. SMS ‘3’ to 3498 and your service provider will send you an automated message about your phone’s status. For more 👉 https://lnkd.in/gbP3X4gZ

The Critical Infrastructure Risk Management Program (CIRMP) Annual Report due date is fast approaching! Responsible entities are required to submit a board-approved CIRMP Annual Report for the 2023 – 2024 Financial Year no later than 28 September 2024! CIRMPs are not required to be submitted with the Annual Report, however the relevant regulator may review a responsible entity’s CIRMP as part of a compliance audit. For more 👉 https://lnkd.in/gzGefgWv

The AFAC Bushfire Outlook for Spring 2024 is now available.   Staying across climate trends is important for the protection of Australia's critical infrastructure, due to the impacts of increasingly severe weather on assets and supply chains. 🚒

Supply chain disruptions and single source supply are some of the key risk-driven issues impacting Australia’s critical infrastructure. The 2023 Critical Infrastructure Annual Risk Review outlines how reliance on a single source in your supply chain can leave your critical infrastructure asset vulnerable. Read the Critical Infrastructure Annual Risk Review today 👉https://lnkd.in/gsacm4SV

Earlier this year we released new guidance material on the Enhanced Cyber Security Obligations for Systems of National Significance (SoNS)!   SoNS are Australia’s most important critical infrastructure assets. Under the SOCI Act, SoNS may be subject to one or more Enhanced Cyber Security Obligations.   These have been designed to ensure critical infrastructure entities have well-tested plans in place to respond to and mitigate against a cyber-attack.   Even if you’re not a SoNS, you may find the guidance material useful. 📄   Read the Incident Response Planning guidance here 👉 https://lnkd.in/gVZD_7Xz   Read the Cyber Security Exercise guidance here 👉 https://lnkd.in/gMWNfTH3   More information on the Enhanced Cyber Security Obligations: 👉 https://lnkd.in/ghGGD8Jn

❗ JOINT ADVISORY ❗ Today we have released a cyber security advisory on Russian military cyber actors targeting global critical infrastructure. This advisory is a joint release with our international partners. These cyber actors are responsible for computer network operations against global targets for the purposes of espionage, sabotage, and reputational harm since at least 2020. Alongside our international partners, we recommend organisations take the following actions: - prioritise routine system updates - remediate known exploited vulnerabilities - segment networks to prevent the spread of malicious activity - enable phishing-resistant MFA for external facing services such as webmail and VPNs. Organisations should also implement ASD’s Essential Eight guidance. Learn more about the threat posed by these cyber actors, including tactics, techniques and mitigations 👉 https://lnkd.in/gAfYyN9b

Information stealers are on the rise. The latest advisory from the Australian Signals Directorate warns of the growing threat of information stealer malware to organisations globally, including in Australia. Info stealers can collect user credentials and data from a victim’s device, enabling cybercriminals to breach corporate networks and enterprise systems. It's crucial for organisations to implement multiple mitigations to protect against info stealer malware. Learn more about the advisory here: https://lnkd.in/gru_xq4x

The Security of Critical Infrastructure Act (SOCI Act) outlines the legal obligations you have if you own, operate, or have direct interests in critical infrastructure assets. The SOCI Act applies to the following 11 sectors: 🔸Communications 🔸Financial services and markets 🔸Data storage or processing 🔸Defence industry 🔸Higher education and research 🔸Energy 🔸Food and grocery 🔸Health care and medical 🔸Space technology 🔸Transport 🔸Water and sewerage More on the SOCI Act 👉 https://lnkd.in/gyNa6JYF