As cyber based risk increases for organisations of all sizes, a new industry association has been launched to help boost the resilience of large and small providers of critical national infrastructure.
The Critical Infrastructure Information Sharing and Analysis Centre (CI-IASC) aims to enlist an estimated 11,000 businesses and organisations covered across 11 critical infrastructure sectors outlined in the national Security of Critical Infrastructure (SOCI) Act.
Based in Queensland on the Sunshine Coast, the centre’s goal is to act as an information resource and distribute technical advice on cyber issues within hours of any incidents, helping members get ahead of the latest attack techniques.
Co-founder Dr Scott Flower said the centre aimed to add value through distributing updates on cyber threats and issue guidance on how to combat them. Information will be collected on a cyber threat sharing platform and members will be able to attend fortnightly threat intelligence forums.
Dr Flower, who formerly worked with national security agency ASIO, said he believed that the centre can only reach its full potential if it exists outside of government.
“While working at ASIO I became acutely aware that although the industry trusts government, they are still sensitive to the potential for shared information to have potentially unnecessary negative regulatory impacts on their business,” he said.
“However, more than ever we need to increase the sharing of cyber threat intelligence to ensure there are no chinks in our collective cyber armour.”
Small businesses were always vulnerable to cyber attacks, but many lack the knowledge and access to the tools to respond effectively.
The co-founder and chief executive of CI-ISAC, David Sandell, said he hoped the centre would succeed in recruiting all 537 Australian local government organisations as members, in addition to more than 10,000 other organisations and businesses covered under the SOCI Act.
The goal was to provide governance and enabling capabilities to help members work together, share information and improve their defensive posture and ability to respond to cyber attacks.
The founders argue that cyber security should be collaborative, because large infrastructure businesses also have an incentive to share their knowledge and best practice with smaller organisations, who are also often their customers.
Amendments to the Act passed last year now require organisations to develop risk management programs that “embed preparation, prevention and mitigation activities into business as usual activities.”
The Act gives ASIO a power of “last resort” to step in and take control of an organisation’s systems if it subjects an attack.
The Australian Signals Directorate also has powers to order “nationally significant” companies to install software and pass on data if it deems it appropriate.
The 11 sectors covered under the SOCI Act are communications, data storage or processing, energy, financial services and markets, food and grocery, health care and medical, higher education and research, space technology, transport, water and sewerage.
Under these 11 sectors the ACT also covers 22 asset classes.
CI-ISAC’s board is chaired by Stephen Beaumont, a retired brigadier and former director-general of joint intelligence, surveillance, reconnaissance, electronic warfare and cyber at the Department of Defence.
Membership fees for the centre will vary from $1000 to $30,000, depending on the size of the organisation and the industry it works in.