In a response to the significant spike in cyber-attacks targeting Australian entities last year, a new industry-led cyber security body, the CI-ISAC (Critical Infrastructure – Information Sharing and Analysis Centre), tasked with protecting the country’s critical infrastructure sectors, has been launched in the Sunshine Coast, Queensland.
The Centre, which will be led by threat intelligence experts, will serve as a platform for critical infrastructure operators to contribute and share cyber threat intelligence attacks, while also providing a framework for monitoring and preventing cyber-attacks on behalf of its members, known as ‘cyber defenders’.
According to its co-founder and chief executive, David Sandell, the CI-ISAC will help to protect Australia’s 11 critical infrastructure (CI) sectors (including the water, communications, financial services, energy and health sectors, among others) and 22 asset classes defined by the 2018 SoCI (Security of Critical Infrastructure) Act.
The new Centre will include all 537 Australian local governments as a “discreet community of cyber defenders”, with Sandell appreciating that all infrastructure ultimately “resides in the territory of local governments”.
“Now Australian organisations can work together to proactively defend themselves in the same way by sharing information and building a collective cyber defence capability,” he said.
“CI-ISAC will provide the governance and trusted, independent, structured set of enabling capabilities to harness the collective power of Australian organisations to work together to defend against cyber attackers.”
Attacker techniques, the organisation notes, are not sector-specific. As such, the CI-ISAC has emphasised the need for different industries to share their respective cyber threat intelligence as a means of boosting collective defences, “taking lessons from one CI sector and sharing across the other 11”.
CI-ISAC also aspires to go further than simply assisting its members in blocking malicious attacks, Sandell said, emphasising a wider mission to help build an “all-important context” around threats, and enabling cyber defenders to detect attackers in their networks and proactively stay ahead of the latest attacker techniques.
The Centre will be chaired by Brigadier (retired) Steve Beaumont, director-general of Joint Intelligence, Surveillance, Reconnaissance, Electronic Warfare and Cyber with the Australian Department of Defence.
Co-founder and adviser to the board, Dr Scott Flower, most recently served as lead of the FS-ISAC’s (a global financial services cyber intelligence-sharing community) cyber threat intelligence fusion cell defending the global financial sector in Asia Pacific, between 2019 and 2022.
Prior to this, he spent a decade as an academic working in the fields of international security and psychology at the Universities of Melbourne and Oxford, and was formerly part of ASIO’s critical infrastructure protection directorate between 2006 and 2008, where he was the lead intelligence analyst for the finance, and oil and gas sectors.
“While working at ASIO I became acutely aware that although the industry trusts government, they are still sensitive to the potential for shared information to have potentially unnecessary negative regulatory impacts on their business,” Flower said.
“However, more than ever we need to increase the sharing of cyber threat intelligence to ensure there are no chinks in our collective cyber armour.”
“Sharing intelligence with other businesses who are ‘like them’ is a different story, because despite the competitive tensions between companies in every industry, they are all targets of cyber-attackers, so they have a vested interest in sharing intelligence in a trusted environment with other companies who manage the same type of infrastructure.”
CI-ISAC board member Helaine Leggat, is a practicing solicitor admitted to the Supreme Court of Victoria. She is also co-chair of the Australian Women in Security Network (AWSN), and a former director of ISACA (South Africa) and the Australian Information Security Association (AISA).
Dr Gary Waters, who has worked in the defence and national security space for over five decades, has been named as adviser to the CI-ISAC board.
CI-ISAC officially commenced operations from Australia’s Sunshine Coast, which was selected due to its consistently built credentials in the cyber and tech space.
“Creating our head office in a regional location speaks loudly to CI-ISAC’s philosophy of addressing concentration risk and creating a layered digital defence-in-depth across Australia’s ICT networks within critical infrastructure,” Sandell said.
In the last three months of 2022, Australia suffered the largest number of cyber-attacks in its history, with Optus and Medibank Private among the most high-profile and deleterious.