The Critical Infrastructure Uplift Program (CI-UP) offers a range of scaled and tailored services. It assists critical infrastructure Partners to improve their resilience against sophisticated cyber attacks.
Leading the way to cyber resilience for Australia's Critical Infrastructure
The ACSC offers CI-UP as part of ASD’s REDSPICE initiative. The program is designed to enhance the cyber resilience of Australia’s critical infrastructure. The program builds off the CI-UP Program Pilot which involved three Partner entities and concluded in July 2022.
CI-UP has been designed to:
- Assist Partners that own or operate critical infrastructure or Systems of National Significance (SoNS) to better understand and improve their cyber security maturity;
- Deliver a set of prioritised vulnerability and risk mitigation recommendations to assist Partners to plan and implement these recommendations;
- Increase the visibility of threats to Australia’s most critical systems, with a focus on Operational Technology (OT) and IT/OT convergence points; and
- Connect Partners to other ACSC Services.
CI-UP offers a modular suite of cyber security activities designed to respond to the unique requirements of each sector and/or Partner organisation. These include:
- Cyber Security Posture Assessment;
- Cyber Security Technical Validation;
- Cyber Threat Hunt;
- Table Top Exercises;
- Threat Briefings; and
- CI-UP Reporting and Debrief.
The CI-UP Self Assessment Tool for Partners who own or operate critical infrastructure is now accessible through the ACSC Partner Portal. The CI-UP Self Assessment Tool allows ACSC Partners to perform a self assessment evaluation of cyber security maturity. The tool automatically generates a report that delivers recommendations for cyber security improvement.
CI-UP is not an assessment nor an audit. Any findings will not be used for regulatory or compliance monitoring. Rather, CI-UP is an independent evaluation of a Partner’s cyber security posture in delivering critical services to Australia. The program brings the unique perspective of the ACSC. It leverages a purple team security approach where traditional red team and blue team functions collaborate with the unified goal of improving cyber security resilience.
Who can take part?
Critical infrastructure organisations that are part of the ACSC Partnership Program can register their interest in using the Self Assessment Tool via the CI-UP form. There is no need to register again if you have previously expressed interest in the program.’
The ACSC will work directly with Partners on the availability of tailored CI-UP Services.
Organisations that wish to participate in CI-UP that are not ACSC Partners are required to register to be a part of the ACSC Partnership Program through the ACSC Partner Hub.
Contact
Contact asd.assist@defence.gov.au, or call 1300CYBER1 for further information.
