Powered by MOMENTUM MEDIA
cyber daily logo
Breaking news and updates daily. Subscribe to our Newsletter

47 cyber incidents in critical infrastructure sectors reported in 9 months

Critical infrastructure providers have reported 47 incidents over the last nine months, according to a new government mandatory reporting scheme.

user icon Daniel Croft
Wed, 15 Feb 2023
47 cyber incidents in critical infrastructure sectors reported in 9 months
expand image

The Cyber and Infrastructure Security Centre (CISC) introduced the mandatory reporting of cyber events for 11 different areas of critical infrastructure on 1 April last year. Mandatory reporting came into full effect following a three-month grace period ending on 8 July.

In the event of a cyber incident with an impact deemed critical or relevant, providers are required to report it within a window ranging from 12 to 72 hours to submit a report.

“There’s been a steady number of mandatory cyber incident reports tabled into both the ACSC but also given to us as well, to get a true understanding of the nature of successful cyber incidents occurring on critical infrastructure,” said CISC head Hamish Hansford.

============
============

“Forty-seven reports have been provided that we say meet the criteria of the mandatory cyber incident report between the period of April 1, 2022, and December 31, 2022.”

The mandatory reporting scheme came as a result of change to security of critical infrastructure (SOCI) legislation.

Alongside the mandatory reporting, Hansford has said that SOCI implementation from government bodies is being invested in, with a variety of other programs being rolled out.

Operators of critical infrastructure will soon be required to “develop [risk management programs] that are endorsed by their board council or other governing body.”

“I think for the first time in Australia’s history, we’ll have a critical infrastructure baseline set of security obligations for all critical infrastructure providers, if there’s not otherwise already regulatory obligations in place,” said Hansford.

He also says that the CISC has been investing in communities surrounding critical infrastructure sectors, primarily those whose cyber security is of national importance, such as power networks.

“Over the last seven months, we’ve been doing a lot of work with those systems to create a community of the most highly interdependent critical infrastructure in Australia to really look at how do we do exercises, so we’ve done a number of planning exercises, including in the last couple of weeks with a major financial entity, as well as state and territory governments,” he said.

“We’ve put in place incident response planning obligations for the majority of those systems of national significance.”

Daniel Croft

Daniel Croft

Born in the heart of Western Sydney, Daniel Croft is a passionate journalist with an understanding for and experience writing in the technology space. Having studied at Macquarie University, he joined Momentum Media in 2022, writing across a number of publications including Australian Aviation, Cyber Security Connect and Defence Connect. Outside of writing, Daniel has a keen interest in music, and spends his time playing in bands around Sydney.

newsletter
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.