The Australian Cyber Security Agency (ACSC) is calling for its partners to help pilot the Critical Infrastructure Uplift Program (CI-UP). The CI-UP will help protect Australia’s essential services from cyber threats by raising the security levels of critical infrastructure organisations.
The CI-UP is part of the Australian Signals Directorate’s Cyber Enhanced Situational Awareness and Response (CESAR) package and compliments the Australian Government’s ongoing work to protect critical infrastructure security through proposed amendments to the Security of Critical Infrastructure Act 2018.
Critical infrastructure entities that are ACSC Partners can register their interest via the CI-UP form. Following the pilot, all organisations in the critical infrastructure and systems of national significance sectors, as defined in the Security of Critical Infrastructure Act 2018, can register to participate. If an applicant is not currently an ACSC Partners and wishes to participate in the CI-UP, they must first register to become an ACSC Partner through the ACSC Partner Hub.
What CI-UP does
The ACSC’s voluntary CI-UP will help to protect Australia’s essential services from cyber threats by raising the security levels of critical infrastructure organisations. The program has been designed to:
- evaluate cybersecurity maturity of critical infrastructure and systems of national significance using a combination of the Cyber Security Capability and Maturity Model (C2M2) and Essential 8 maturity models
- deliver prioritised vulnerability and risk mitigation strategies, and
- assist partners to implement the recommended risk mitigation strategies
CI-UP is not an audit, compliance monitoring, or accreditation program. CI-UP is a modular suite of cybersecurity activities that are designed to respond to the unique requirements of each organisation and help them to lift their own cyber maturity. CI-UP participants can tailor their uplift by selecting other ACSC services, this may include:
- threat briefings on the current cyber landscape;
- cybersecurity exercises, focussing on incident response and vulnerability management;
- Cyber Health Improvement Program (CHIPs);
- situational awareness and alerting products relevant for critical infrastructure at tactical, operational and strategic levels; and
- hunt services.
Information security and risk management technology and services spending in Australia are set to increase by 7.3% to reach AU$5.1 billion in 2021, according to global research and advisory firm.
Security services, which includes consulting, hardware support, implementation and outsourced services, is the largest category at AU$3.2 billion. The smallest but fastest-growing market segment is cloud security, expected to increase by 38% from last year to AU$20 million. The strong growth rate reflects continuing demand for remote worker technologies and cloud security, according to the market research firm’s analysts.
There are early market signals of growing automation and further adoption of machine learning technologies in support of AI security. He said that organisations must extend and standardise threat detection and response activities to combat attacks. This year, the worldwide spending on information security and risk management technology and services is forecast to grow 12.4% to reach $150.4 billion.
In the firm’s CIO Agenda Survey, cybersecurity was the top priority for new spending, with 61% of the more than 2000 CIOs surveyed increasing investment in cyber/information security this year. With the growing popularity of non-PC devices for interacting with core business processes, CASB is becoming a popular risk-mitigating choice for cloud-using organisations. CASBs also enable safer interaction between SaaS applications and unmanaged devices.
Integrated risk management (IRM) technology is also seeing robust double-digit growth resulting from risks highlighted during the global pandemic crisis. A senior research director at the firm stated, “Areas of significant risk driving near-term demand include the advent of new digital products and services and the related health and safety uses, as well as third-party risks such as customer data breaches or supply chain attacks.”
Sources:
- https://www.cyber.gov.au/acsc/view-all-content/news/critical-infrastructure-uplift-program-ci
- https://www.cyber.gov.au/acsc/view-all-content/programs/critical-infrastructure-uplift-program-ci
- https://www.technologydecisions.com.au/content/security/news/aus-cybersecurity-spend-to-reach-5-1bn-1062852240