The ACSC’s Critical Infrastructure advice and support is tailored to promote a cohesive effort between Government and Private Industry to uplift the cybersecurity of Australia’s Critical Infrastructure, control systems, and operational technology. The ACSC provides timely, tailored advice to Critical Infrastructure partners, aids asset owners in identifying and evaluating security vulnerabilities, and provides assistance to asset operators in implementing sound mitigation and risk reduction strategies. The ACSC offers Critical Infrastructure support through: Technical expertise in Information and Operational Technologies; Principles-based advice tailored toward high-risk environments; Remediation activities; Proactive partnerships and threat assessments. The Australian Government is developing our nation’s next Cyber Security Strategy as part of its commitment to protecting Australians from cyber threats. Since the release of the 2016 Cyber Security Strategy, the cyber threat landscape has shifted and evolved dramatically. The magnitude of the threats faced by Australian businesses and families has increased. They will become more acute as our society and economy become increasingly connected. As the threat evolves, so too must our response. COVID-19 cyber security advice The Australian Cyber Security Centre (ACSC) has published advice on COVID-19 themed malicious cyber activity. Our guidance will help you protect your systems, data and personal information during the COVID-19 pandemic. We will continue to mitigate and disrupt these COVID-19 related scams and we encourage Australians to remain vigilant and maintain strong cyber security practices during this time. Become an ACSC partner The ACSC Partnership Program is open to industry, the research community and government agencies. Report Use this page to report a cybercrime, report a cyber incident or report a vulnerability Operational technology In this section you will find advice and guidance focusing on operational technologies. This includes supervisory control and data acquisition (SCADA) systems, industrial control systems (ICS), strategies to mitigate cyber attacks and guidance on how to recover from a cyber security incident. Industrial Control Systems Remote Access Protocol External parties may need to connect remotely to critical infrastructure control networks. This is to allow manufacturers of equipment the ability to maintain the equipment when a fault is experienced that cannot be fixed in the required timeframe. Such access to external parties will only occur in extraordinary circumstances, and will only be given at critical times where access is required to maintain the quality of everyday life in Australia. Information Security Manual (ISM) The Australian Cyber Security Centre (ACSC) produces the Information Security Manual (ISM). The purpose of the ISM is to outline a cyber security framework that organisations can apply, using their risk management framework, to protect their information and systems from cyber threats. The ISM is intended for Chief Information Security Officers, Chief Information Officers, cyber security professionals and information technology managers. Strategies to Mitigate Cyber Security Incidents The Australian Cyber Security Centre (ACSC) has developed prioritised mitigation strategies to help cyber security professionals in all organisations mitigate cyber security incidents caused by various cyber threats. This guidance addresses targeted cyber intrusions (i.e. those executed by advanced persistent threats such as foreign intelligence services), ransomware and external adversaries with destructive intent, malicious insiders, ‘business email compromise’, and industrial control systems. Strategies to Mitigate Cyber Security Incidents – Mitigation Details The Australian Cyber Security Centre (ACSC) has developed prioritised mitigation strategies to help cyber security professionals in all organisations mitigate cyber security incidents caused by various cyber threats. This guidance addresses targeted cyber intrusions (i.e. those executed by advanced persistent threats such as foreign intelligence services), ransomware and external adversaries with destructive intent, malicious insiders, ‘business email compromise’, and industrial control systems. Essential Eight While no set of mitigation strategies are guaranteed to protect against all cyber threats, organisations are recommended to implement eight essential mitigation strategies as a baseline. This baseline, known as the Essential Eight, makes it much harder for adversaries to compromise systems. Cyber Supply Chain Risk Management All organisations should consider cyber supply chain risk management. If a supplier, manufacturer, distributor or retailer (i.e. businesses that constitute a cyber supply chain) are involved in products or services used by an organisation, there will be a cyber supply chain risk originating from those businesses. Likewise, an organisation will transfer any cyber supply chain risk they hold to their customers.