Accompanying the Annual General Meeting on 28 March 2023 was an informative presentation from Heidi Hutchison, Assistant Director General at the Australian Cyber Security Centre, on cyber security and how it could affect our members.
Heidi provided information on many considerations, including:
- Managing & securing remote access
- Considering who would benefit from access to your systems
- Fostering a strong cyber security culture, and
- Having a cyber security plan
The following has been provided from Heidi, for your interest.
- The Critical Infrastructure Uplift Program (CI-UP) is a program designed to help CI improve their resilience against cyber-attacks, and you can find more information here. CMEIG members are considered key enablers for CI.
- The program is available for ACSC Partners, and you can engage directly with the team via engagement@defence.gov.au
- To become a partner, you can register here
- The ACSC has over a number of years developed prioritised mitigation strategies informed by expertise responding to cyber security incidents, performing vulnerability assessments and pen testing Commonwealth entities. At the core of these is the Essential Eight, effectively a baseline that makes it much harder for adversaries to compromise systems.
- The mitigation strategies that constitute the Essential Eight are: application control, patch applications, configure Microsoft Office macro settings, user application hardening, restrict administrative privileges, patch operating systems, multi-factor authentication and regular backups.
- We have also defined an Essential Eight Maturity Model, which tracks their implementation. As a Partner, you would be able to access additional tools to be able to test your environments implementation of the Essential Eight.
Some useful links to help manage supply chain risk and preparing cyber incident response plans:
PROTECT GUIDANCE – Cyber Supply Chain Risk Management
PROTECT GUIDANCE – Preparing and Responding to cyber security incidents