Skip to main content

Critical Infrastructure Uplift Program (CI-UP)

The Critical Infrastructure Uplift Program (CI-UP) offers a range of scaled and tailored service. It assists critical infrastructure Partners to improve their resilience against sophisticated cyber attacks.

Australian Cyber Security Centre's CI-UP Critical Infrastructure Uplift Program.

Leading the way to cyber resilience for Australia's Critical Infrastructure

The ACSC offers CI-UP as part of ASD’s REDSPICE initiative. The program is designed to enhance the cyber resilience of Australia’s critical infrastructure. This supports the Security of Critical Infrastructure (SOCI) legislation. The program builds off the CI-UP Program Pilot which involved three Partner entities and concluded in July 2022.

CI-UP has been designed to:

  • Assist Partners that own or operate critical infrastructure or Systems of National Significance (SoNS) to better understand and improve their cyber security maturity;
  • Deliver a set of prioritised vulnerability and risk mitigation recommendations to assist Partners  to plan and implement these recommendations;
  • Increase the visibility of threats to Australia’s most critical systems, with a focus on Operational Technology (OT) and IT/OT convergence points; and
  • Connect Partners to other ACSC Services.

CI-UP offers a modular suite of cyber security activities designed to respond to the unique requirements of each sector and/or Partner organisation. These include:

  • Cyber Security Posture Assessment;
  • Cyber Security Technical Validation;
  • Cyber Threat Hunt;
  • Table Top Exercises;
  • Threat Briefings; and
  • CI-UP Reporting and Debrief.

The ACSC is developing a Self Assessment Portal for Partners who own or operate critical infrastructure. The Portal aims to help Partners understand their cyber security posture. This tool will allow entities to run through a self-guided maturity assessment at their own pace, with support from the ACSC’s Critical Infrastructure Uplift team. The tool is scheduled to go live in late October.

The ACSC's Critical Infrastructure Uplift team will hold a live demonstration of the Self Assessment Portal. Visit the AISA Melbourne CyberCon conference: 11-13 October 2022 to meet the team and learn more.

CI-UP is not an assessment nor an audit. Any findings will not be used for regulatory or compliance monitoring. Rather, CI-UP is an independent evaluation of a Partner’s cyber security posture in delivering critical services to Australia. The program brings the unique perspective of the ACSC. It leverages a purple team security approach where traditional red team and blue team functions collaborate with the unified goal of improving cyber security resilience.

Who Can Apply?

Critical infrastructure organisations that are part of the ACSC Partnership Program can register their interest in using the Self Assessment Portal via the CI-UP form. There is no need to register again if you have previously expressed interest in the program.’

The ACSC will work directly with Partners on the availability of tailored CI-UP Services.

Organisations that wish to participate in CI-UP that are not ACSC Partners are required to register to be a part of the ACSC Partnership Program through the ACSC Partner Hub.


Contact, or call 1300CYBER1 for further information.