These resources have been developed to help improve your organisation’s cyber security.
Australian critical infrastructure networks regularly experience targeted and opportunistic malicious cyber activity. Data from the Annual Cyber Threat Report 2023-24 indicates critical infrastructure are an attractive target to malicious cyber actors.
The 3 most common activity types leading to critical infrastructure-related incidents are:
- compromised account or credentials
- malware infection (other than ransomware)
- compromised asset, network or infrastructure.
By utilising the following resources, your organisation can reduce the potential financial and reputational damages associated with a cyber security incident.
Resources for critical infrastructure
Essential Eight
Implement these 8 essential mitigation strategies to protect your organisations’ internet-connected information technology networks.
Information Security Manual (ISM)
A Cyber security framework to protect your organisation’s systems and data from cyber threats.
Strategies to Mitigate Cyber Security Incidents
Prioritised strategies to help mitigate cyber security incidents caused by various cyber threats.
Operational technology environments
A range of publications to help mitigate security risks to operational technology environments.
Secure-by-Design
A proactive, security-focused approach to the development of digital products and services that aligns with an organisation’s cyber security goals.
Cyber supply chains
A range of publications on cyber supply chain risk management and identification.
Identifying and Mitigating Living Off the Land Techniques
Guidance to help your organisation understand common LOTL techniques and gaps in cyber defence capabilities.
Artificial intelligence
A range of guidance to assist organisations to engage with AI systems in a secure way.
Preparing for and responding to denial-of-service attacks
Guidance to help your organisation to prepare, respond and avoid contributing to denial-of-service attacks.
Cyber Security Incident Response Planning: Practitioner Guidance
ASD defines a cyber security incident as an unwanted or unexpected cyber security event, or a series of such events, that has either compromised business operations or has a significant probability of compromising business operations.
Maintaining devices and systems
System hardening and administration
Learn more on how to harden your organisation’s systems and administration.
ASD's Blueprint for Secure Cloud
This blueprint is an online tool to support the design, configuration and deployment of collaborative and secure cloud and hybrid workspaces.
Secure administration
Guidance to help your organisation understand secure administration.
Report a cybercrime, cyber security incident or vulnerability
To report a cybercrime, cyber security incident, cyber security vulnerability, or to check an existing ReportCyber report, please select this option to start your reporting journey.
Become an ACSC partner
The Australian Signals Directorate's Australian Cyber Security Partnership Program enables Australian organisations and individuals to engage with the ASD's ACSC and fellow partners. Learn more about ASD’s Partnership Program.
How the ASD’s ACSC can help during a cyber security incident
The Australian Signals Directorate’s Australian Cyber Security Centre’s (ASD's ACSC) incident management capabilities provide technical incident response advice and assistance to Australian organisations that have been impacted, or may be impacted by a cyber security incident.
How the ASD’s ACSC can help improve your organisation’s cyber security and resilience?
The Australian Signals Directorate’s Australian Cyber Security Centre’s (ASD's ACSC) Critical Infrastructure Uplift Program (CI-UP) offers a series of programs that shares uplift and hardening advice along with providing technical assistance to Australian Critical Infrastructure organisations.