The federal government’s lead cyber security agency has set about finding a new platform to improve how it monitors global cyber threats and shares intelligence with partners.
The Australian Cyber Security Centre (ACSC) last week put out the call for the cyber threat intelligence solution to replace its existing platform, which is currently used to exchange information with private and public sector partners automatically.
A spokesperson told iTnews the new platform was needed to “improve compatibility with industry standards and allow sharing with our partners in an automated and efficient way”.
“A commercial solution will be easily accessible and in a format that can used by the widest number of systems and security teams,” the spokesperson said.
Tender documents indicate information, which will be provided in a variety of formats including advisories, would be “context-rich, actionable and timely”.
ACSC expects this will allow partners to “prioritise and implement countermeasures in the face of a threat”, while freeing them to “focus on activities that cannot be automated”.
The preferably commercial-off-the-shelf solution will also allow the agency to “constantly monitor cyber security threats” by tapping insights from local and global sources that include governments and business computer emergency response teams (CERTs).
The solution will be integrated into the government's cyber.gov.au portal, which the agency plans to further develop into “the authoritative source of cyber security advice and assistance for the Australian economy” during 2019.
The portal has been up and running as a “static” alpha website since August last year.
The proposed one-stop shop or central hub of cyber security information will consolidate a number of existing cyber security websites, including for the ACSC, CERT Australia and ACORN, and offer a range of services in addition to threat intelligence sharing.
ACSC expects the incoming solution to “be capable of ingesting multiple threat intelligence feeds”, including attack patterns, malware, exploits and vulnerabilities.
It will also enable advanced analysis and sharing of the threat intelligence, with context added to ensure that it is understandable.
ACSC said it had already identified six products from companies outside of Australia that “may potentially” satisfy its requirement, but that further market research was needed.
The products are: Anomali (Threat Stream), Eclectic IQ, TC Complete (Threat Connect), NC4 (Soltra Edge), Threat Quotient (ThreatQ) and TruSTAR (Threat Intelligence), all of which have been invited to respond to the request for information.