What we do
ASD is committed to making Australia the most secure place to connect online. We do this by comprehensively understanding the cyber threats, and providing proactive advice and assistance to improve cyber posture and resilience risk management by government, businesses and the community. When serious cyber incidents occur, ASD leads the Australian Government response to help mitigate the threat and strengthen defences.
In an environment where technology plays an increasing role in the daily lives of Australians, our cyber security functions continue to be critical in supporting national security and prosperity. Australia continues to be targeted by a range of actors who conduct persistent cyber operations that pose significant threats to Australia, ASD continues to observe an increase in the speed with which malicious actors have researched and then pivoted to exploit publicly released vulnerabilities.
ASD remain focused on emerging cyber threats, including those to critical infrastructure and technologies, families and businesses.
ASD provides cyber security advice and services to government, critical infrastructure, industry and the Australian public. Our cyber security advice is published on our cyber security website, cyber.gov.au.
Our key cyber security services that we offer include:
- the Australian Cyber Security Hotline, which is contactable 24 hours a day, 7 days a week, via 1300 CYBER1 (1300 292 371)
- publishing Alerts, technical advice, Advisories and notifications on significant and emerging cyber security threats
- cyber threat monitoring and intelligence sharing with our partners in Australia and overseas to counter cyber security threats
- ASD cyber security partnership program that supports information sharing and onboarding to ASD cyber security services between Australian organisations
- exercises and uplift activities to enhance the cyber security resilience of Australian organisations.
ASD's key cyber security guidance and programs
ASD delivers partnerships, programs and technical capability that strengthen national cyber security or resilience.
Information Security Manual
The Australian Signals Directorate produces the Information Security Manual (ISM). The purpose of the ISM is to outline a cyber security framework that an organisation can apply, using their risk management framework, to protect their systems and data from cyber threats. The ISM is intended for Chief Information Security Officers, Chief Information Officers, cyber security professionals and information technology managers.
Essential Eight mitigation strategies
The Australian Signals Directorate (ASD) has developed prioritised mitigation strategies, in the form of the Strategies to Mitigate Cyber Security Incidents, to help organisations protect themselves against various cyber threats. The most effective of these mitigation strategies are the Essential Eight.
The Essential Eight has been designed to protect organisations’ internet-connected information technology networks. While the principles behind the Essential Eight may be applied to enterprise mobility and operational technology networks, it was not designed for such purposes and alternative mitigation strategies may be more appropriate to defend against unique cyber threats to these environments.
Strategies to mitigate cyber security incidents
The Australian Signals Directorate (ASD) has developed prioritised mitigation strategies to help organisations mitigate cyber security incidents caused by various cyber threats. This guidance addresses targeted cyber intrusions (i.e. those executed by advanced persistent threats such as foreign intelligence services), ransomware and external adversaries with destructive intent, malicious insiders, ‘business email compromise’, and industrial control systems.
Report a cybercrime, incident or vulnerability
If you have been a victim of a cybercrime, cyber incident or cyber vulnerability you can report it at cyber.gov.au/report
ASD’s Cyber Security Partnership Program
The ASD's Cyber Security Partnership Program enables Australian organisations and individuals to engage with ASD's ACSC and fellow partners, drawing on collective understanding, experience, skills and capability to lift cyber resilience across the Australian economy.
Information Security Registered Assessors Program (IRAP)
The Infosec Registered Assessors Program (IRAP) ensures entities can access high-quality security assessment services
Critical Infrastructure Uplift Program
The Critical Infrastructure Uplift Program (CI-UP) offers a range of scaled and tailored services. It assists critical infrastructure Partners to improve their resilience against sophisticated cyber attacks.
National Exercise Program
Our National Exercise Program helps critical infrastructure and government organisations validate and strength Australia's nationwide cyber security arrangements.
The cyber security threat
The internet is a critical part of our business and social lives. Electronic systems and digital information are essential for business and families, with most Australians using the web to bank, pay bills, buy and sell goods and services, and stay connected.
While this digital age presents enormous opportunity, connectivity also brings exposure to malicious cyber activity. We provide advice and assistance to all Australians to help make Australia the safest place to connect online.