In 1998, the Clinton era administration pioneered the concept of Information Sharing and Analysis Centres (ISACs) in response to growing cyber threats to critical infrastructure in the US.
Subscribe now for unlimited access.
or signup to continue reading
These centres offered a way for whole specific sectors, like financial services or health, to share information on both cyber and physical threats, creating a symbiotic community that helped build awareness and defences.
In the US, with its massive economy and thousands of entities within specific sectors, this concept works well.
For a much smaller economy like Australia, single sector ISACs are both inefficient and cost-prohibitive.
More importantly, by repeating the US-based approach, we miss an opportunity to innovate and approach the challenge more holistically by leveraging nationwide maturity to uplift cyber defences.
The majority of cyber threats are not sector-specific, with ransomware attacks being a case in point - further making the case for broader collaboration.
The federal government's proposed $6 million grant to establish an ISAC for the health sector is a positive first step, however would need to be funded an additional 10 times to establish sovereign ISACs for all 11 Australian Critical Infrastructure sectors.
The challenge here is two-fold. Firstly, a lack of cyber maturity within the health sector makes meaningful information sharing difficult and secondly, by taking a siloed approach to threat sharing, you miss valuable insights from interdependent sectors that form part of the health supply chain.
The health sector is highly fragmented, encompassing large hospital networks, health funds, suppliers, and small general practitioner clinics. Many of these entities, particularly the small to medium ones, lack the resources or capabilities to implement robust cyber security measures.
To tackle this challenge, we must adopt a unique and innovative strategy.
This requires a comprehensive industry-wide approach, driven by collaboration among critical infrastructure providers who are essential to our Australian way of life.
By bringing together all sectors in a single community, of which health is one, we can leverage mature sectors like financial services to build a more cyber resilience in health and support large health providers who will initially need to lead the way.
The advantage of this strategy is that it buys time by providing health sectors with Australian-specific threat insights from the start, which US-based ISACs lack.
Additionally, it reduces the pressure on the health sector to become self-sufficient, allowing other sectors to support and help it mature until it can independently contribute.
Beyond information sharing, a cross-sectoral approach enables you to take the learnings and knowledge held by countless mature Australian entities and feed this into a sector such as health which is less advanced on its journey, to understand the broader threat landscape and then prioritise defences.
A traditional ISAC acts as an information distributor, delivering large amounts of technical indicators, mainstream news, and sector-specific threat information.
The end consumer, presented with this influx of information, is left with the challenging task of deciphering it all to determine the necessary actions.
READ MORE:
Our approach eliminates this burden. By gathering information from our members across the various sectors and building a narrative, we help build context to aid prioritisation of information.
Threat context, coupled with actionable recommendations, helps you better understand the complexity of a threat, the exposure points and requirements to defend your organisation.
Another challenge is the Australian cyber skills shortage.
Resource-constrained organisations need the skills and knowledge to understand cyber threats and more importantly, what to do about them.
The traditional data-heavy ISAC approach, coupled with the cyber skills shortage makes consuming information difficult for less mature entities.
By contextualising and simplifying the information surrounding cyber threats, we largely circumvent this problem.
When we provide information in a way that articulates the urgency, the context, and the suggested actions to specific threats, recipients are empowered to assess their own environmental risk and implement the recommendations based on the priority that we've given to them.
A cross-sectoral approach means ISAC participants are learning and sharing from mature players rather than being limited to only the organisations in one specific sector.
- David Sandell is the CEO, CI-ISAC
