Regulated entities, under Part 2b of the Security of Critical Infrastructure Act 2018, carriers or certain carriage service providers under the Telecommunications Act 1997 covered by the Telecommunications Security Information instruments*, may be subject to mandatory cyber incident reporting requirements, these include: Reporting Critical Cyber Security Incidents If you become aware that a critical cyber security incident has occurred, or is occurring, AND the incident has had, or is having, a significant impact on the availability of your asset, you must notify the Australian Cyber Security Centre (ACSC) within 12 hours after you become aware of the incident. A significant impact is one where both the critical infrastructure asset is used in connection with the provision of essential goods and services; and the incident has materially disrupted the availability of those essential goods or services. If you make the report verbally you must make a written record using the form below within 84 hours of verbally notifying the ACSC. Reporting other Cyber Security Incidents If you become aware that a cyber security incident has occurred, or is occurring, AND the incident has had, is having, or is likely to have, a relevant impact on your asset you must notify the ACSC within 72 hours after you become aware of the incident. A relevant impact is an impact on the integrity, reliability or confidentiality of your asset or systems. If you make the report verbally you must make a written record using the form below within 48 hours of verbally notifying the ACSC. More information on reporting under the Security of Critical Infrastructure Act 2018 (SOCI Act) can be found on the Cyber and Infrastructure Security Centre's website. More information on reporting for Telecommunications providers can be found on the Department of Infrastructure, Transport, Regional Development, Communications and the Arts website. *Part 2 of the Telecommunications (Carriage Service Provider—Security Information) Determination 2022 or, the Telecommunications (Carrier Licence Conditions—Security Information) Declaration 2022. See a list of critical infrastructure sectors and asset classes Communications a critical telecommunications asset (carriers and eligible carriage service providers) a critical broadcasting asset a critical domain name system Data storage or processing Defence industry a critical defence industry asset Energy a critical electricity asset a critical gas asset a critical energy market operator asset a critical liquid fuel asset Financial services and markets a critical banking asset a critical superannuation asset a critical insurance asset a critical financial market infrastructure asset Food and grocery a critical food and grocery asset Health care and medical a critical hospital Higher education and research a critical education asset Space technology Transport a critical port a critical freight infrastructure asset a critical freight services asset a critical public transport asset a critical aviation asset Water and sewerage a critical water asset Notifiable data breaches. A data breach happens when personal information is accessed or disclosed without authorisation or is lost. If the Privacy Act 1988 covers your organisation or agency, you must notify affected individuals and the Office of the Australian Information Commissioner when a data breach involving personal information is likely to result in serious harm. If there is malicious cyber activity related to a data breach which you wish to report, please complete and submit the form below. ATTENTION! Fraud and Cybercrime: If you are reporting fraud or cybercrime, please refer to the ReportCyber – Cybercrime page. Please do not complete this form on any network you believe has been compromised. Use a separate system and contact details to complete and submit this form. Reason for reporting (please select all that apply)? To inform the Australian Cyber Security Centre (ACSC) To request assistance or advice from the Australian Cyber Security Centre (ACSC) Contact details First name Last name Email address Email address Verify email address Contact number Organisation details Organisation name ABN State/Territory - Select -ACTNSWNTQLDSATASVICWA Postcode Website address Is your organisation part of a critical infrastructure sector - Select -YesNoUnsure Select your critical infrastructure sector(s) Telecommunications Other communications sector Financial services and markets Data storage or processing Defence industry Higher education and research Energy Food and grocery Health care and medical Space technology Transport, including aviation and maritime assets Water and sewerage Not listed Are you making a mandatory cyber incident report under the Security of Critical Infrastructure Act 2018, or Part 2 of the Telecommunications (Carriage Service Provider—Security Information) Determination 2022, or the Telecommunications (Carrier Licence Conditions—Security Information) Declaration 2022? - Select -YesNoUnsure Do you consent for this information to be provided to the relevant regulator? - Select -YesNo Warning message If you do not consent to sharing this information with regulators, your organisation may be at risk of not meeting its reporting obligations. Incident details Date and time the incident was identified Date and time the incident was identified: Date Date and time the incident was identified: Time Is the incident ongoing? Yes No Which of the following are being impacted? Information technology systems? Operational technology systems? Customer data Was the incident identified by your organisation, or were you notified by a third party? - None -Own organisationThird party Please select the type of incident from the following Denial of service (DOS)? Scanning and reconnaissance? Unauthorised access to network or device Data exposure, theft or leak Malicious code/malware? Ransomware ? Phishing/spear-phishing? Other (please specify) Please describe the incident including how it occurred and the observed activity (such as the extent of the incident, any data loss/modifications and the impact to your business operations) Please provide any further details the ACSC may need to understand the effect of this incident. This may include detail on how you are responding to the incident. CAPTCHA This question is for testing whether or not you are a human visitor and to prevent automated spam submissions.
