Background

Critical infrastructure (CI) is increasingly being targeted by cyber attacks and defensive strategies cannot be formulated in isolation.

Government initiatives (E8, CTIS, CI-UP) and legislation (SOCI) address Cyber Assurance, Reporting and 'machine to machine' sharing requirements, however a community-based approach (focussed on cyber intelligence sharing and collective cyber defence) is needed to materially uplift cyber defences.

Existing Information Sharing & Analysis Centres (ISACs) operating in Australia are sector-specific and do not adopt a risk-based approach to intelligence sharing. This coupled with many CI public and private sector entities lacking the knowledge, resources or capabilities to effectively participate results in many being excluded.

While some cyber attackers may prefer certain sectors or targets, common attack techniques are employed broadly and taking a threat-informed, risk-based approach enables intelligence to be used as a tool to shift from a reactive to a proactive defensive posture.

The CI-ISAC is a Not for Profit (NFP) dedicated to building communities to leverage the network effects of risk-based intelligence sharing, while also building central capabilities to help resource-constrained entities and their service providers participate effectively.

What makes CI-ISAC different?

Strength in numbers, means no-one is left behind

Community First

Established by industry veterans, who understand the value of intelligence sharing, the CI-ISAC adopts a community-first approach.

Not-for-Profit

CI-ISAC operates as a Not for Profit (NFP) with membership fees directly invested in building intelligence-sharing capabilities and promoting member sharing. Central capabilities will be brought online to support members, with the aim of having multiple ‘turnkey’ capabilities available to assist resource-constrained members.

Supports existing initiatives

The ISAC has been designed to support and promote existing legislation and Government initiatives that are working to uplift cyber resilience across critical infrastructure sectors. The primary objective of the ISAC is to grow Australia's capability to respond to or resist cyber-attacks through the timely sharing of focussed intelligence, enabling members to proactively respond to cyber threats before they become incidents.

Member Driven

Member participation and sharing to drive cyber resilience is the key measure of success for CI-ISAC, supported by both central teams and sector intelligence-sharing champions who help guide the ISAC's growth and direction.

Strategic Alignment

CI-ISAC aligns with priority areas outlined for the new 2023 cyber security strategy.

Whole of Nation

Increasing whole-of-nation cyber security efforts to protect Australians and our economy.

Resilient CI

Ensuring critical infrastructure and government systems are resilient and cyber-secure​.

Sovereign Capabilities

Building sovereign capabilities to tackle cyber threats and manage emerging threats to the economy.

International Engagement

Strengthening and expanding Australia’s international engagement capacity building efforts based on tangible outcomes.

Cyber Workforce

Growing and sustaining a national cyber workforce, focusing on education, skills and training.


Contributing to Improved Risk Management

Among the Critical Infrastructure reforms are a Risk Management Program (RMP) and Rules, and the Register of Critical Infrastructure Assets and mandatory cyber incident reporting.

The capability provided by CI-ISAC in improving cyber intelligence sharing and building collective defence in materially uplifting cyber resilience will assist the responsible Critical Infrastructure entities in minimising or eliminating risks around cyber and information security. This will have a relevant impact on the asset; and inform hazard mitigation.

Learn more about: