Govts agree to coordinate national cyber incident response

Australia’s federal, state and territory governments have agreed to a new structure on how they will coordinate with one another in the event of a national cyber incident.

The new cyber incident management arrangements or CIMA is an outcome of yesterday’s Council of Australian Governments (COAG) meeting in Adelaide.

Details of the CIMA were sparse in the official COAG communique, 

“To better coordinate our responses to cyber-attacks and seek to reduce their scope and severity, leaders agreed to adopt new cyber incident management arrangements,” the communique said.

“Close cooperation and interoperability between Commonwealth and state agencies is critical to Australia’s ability to address these threats.”

A document [pdf] published by the Australian Cyber Security Centre (ACSC) on Wednesday night provided significant extra detail on what was agreed.

“The CIMA outlines the inter-jurisdictional coordination arrangements, roles and responsibilities, and principles for Australian governments’ cooperation in response to national cyber incidents,” the ACSC said.

“The CIMA is not an operational incident management protocol. The detailed operational plans that underpin the CIMA will be jointly developed and maintained by Australian governments.”

Likewise, the CIMA is not expected to override many existing arrangements.

“The CIMA supports, but does not replace, existing cyber incident management arrangements within each jurisdiction,” the ACSC said.

“Australian governments will continue to maintain their respective cyber incident management arrangements and will apply the CIMA to support national collaboration and coordination efforts.

“The arrangements acknowledge that Australian business and community organisations may have existing cyber incident management arrangements, including arrangements for public communications and engagement. The CIMA may inform these existing arrangements by providing advice on anticipated Australian governments’ response activities.”

If a national cyber incident escalated to crisis status, existing mechanisms for dealing with crises would still kick in.

However, one of the stated aims of the CIMA is to “prevent a national cyber incident from escalating to a national crisis”.

Federal, state and territory governments hope the CIMA will also improve situational awareness between jurisdictions, promote the efficient use of distributed response resources, and ensure consistent information about an incident is relayed to the public.

COAG also said it had asked senior officials “to report at the next meeting on the state of cyber skills development in Australia.”