ASIC looks for invite to receive cyber incident intel

By

After finding itself excluded during a recent response.

The Australian Securities and Investments Commission (ASIC) has made a case to be part of the inner circle of agencies privy to intelligence about active cyber incidents, after finding itself excluded during a recent incident response.

ASIC looks for invite to receive cyber incident intel

The financial watchdog said it has held “bilateral discussions” with the Australian Signals Directorate, and engaged Home Affairs, to advance its case for a “high-level information-sharing arrangement”.

ASIC said it wanted to be kept abreast of incidents that involve an entity it regulates, “or a key service provider to the financial services and markets sectors”.

It was an incident response involving a regulated entity’s use of a third-party service provider that exposed ASIC’s lack of access to information.

“The affected entity (and the government agencies with which the identity of the vendor was shared) were not permitted to voluntarily share the name of the impacted vendor with ASIC, even as a matter of urgency,” the watchdog said in a parliamentary submission. [pdf]

“At the time, ASIC had substantial concerns that the third-party service provider may pose a systemic risk to Australia’s financial services sector.”

The risk did not eventuate, but ASIC said the incident “highlighted the shortcomings in available mechanisms to support information sharing that enables appropriate consequence management by ASIC.”

The commission backed a proposal in the government’s recent cyber security strategy to create a mechanism that encouraged threat intelligence to be shared but limited the ability of recipients to use the intelligence against the sharer.

“The obligation would prevent ASIC from using the information as part of any investigation or enforcement action,” it said.

“Importantly, enforcement action is not the reason we are seeking access to this information.

“Our intention is to seek this intelligence to manage the broader impacts of a cyber incident on Australia’s financial system.

“We urge the development of an effective and timely information-sharing mechanism that facilitates proactive intervention aimed at minimising the harm of a cyber incident on consumers and the broader financial system.”

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:

Most Read Articles

Macquarie's banking CISO headed to Endeavour Group

Macquarie's banking CISO headed to Endeavour Group

UniSuper's Google Cloud environment was deleted

UniSuper's Google Cloud environment was deleted

The full list of IT projects in the 2024-25 federal budget

The full list of IT projects in the 2024-25 federal budget

ASX's technology and data business chief to leave

ASX's technology and data business chief to leave

Log In

  |  Forgot your password?