ASIC looks for invite to receive cyber incident intel

By

After finding itself excluded during a recent response.

The Australian Securities and Investments Commission (ASIC) has made a case to be part of the inner circle of agencies privy to intelligence about active cyber incidents, after finding itself excluded during a recent incident response.

ASIC looks for invite to receive cyber incident intel

The financial watchdog said it has held “bilateral discussions” with the Australian Signals Directorate, and engaged Home Affairs, to advance its case for a “high-level information-sharing arrangement”.

ASIC said it wanted to be kept abreast of incidents that involve an entity it regulates, “or a key service provider to the financial services and markets sectors”.

It was an incident response involving a regulated entity’s use of a third-party service provider that exposed ASIC’s lack of access to information.

“The affected entity (and the government agencies with which the identity of the vendor was shared) were not permitted to voluntarily share the name of the impacted vendor with ASIC, even as a matter of urgency,” the watchdog said in a parliamentary submission. [pdf]

“At the time, ASIC had substantial concerns that the third-party service provider may pose a systemic risk to Australia’s financial services sector.”

The risk did not eventuate, but ASIC said the incident “highlighted the shortcomings in available mechanisms to support information sharing that enables appropriate consequence management by ASIC.”

The commission backed a proposal in the government’s recent cyber security strategy to create a mechanism that encouraged threat intelligence to be shared but limited the ability of recipients to use the intelligence against the sharer.

“The obligation would prevent ASIC from using the information as part of any investigation or enforcement action,” it said.

“Importantly, enforcement action is not the reason we are seeking access to this information.

“Our intention is to seek this intelligence to manage the broader impacts of a cyber incident on Australia’s financial system.

“We urge the development of an effective and timely information-sharing mechanism that facilitates proactive intervention aimed at minimising the harm of a cyber incident on consumers and the broader financial system.”

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
asicfinancegovernmentsecurity

Sponsored Whitepapers

Gain an independent witness with body-worn cameras
Gain an independent witness with body-worn cameras
Gain an independent witness with body-worn cameras
Gain an independent witness with body-worn cameras
Trust Imperative 4.0
Trust Imperative 4.0
Centralized Remote Connectivity for State & Local Government
Centralized Remote Connectivity for State & Local Government
Global Employee Experience Trends Report
Global Employee Experience Trends Report

Events

Most Read Articles

Macquarie's banking CISO headed to Endeavour Group

Macquarie's banking CISO headed to Endeavour Group
UniSuper's Google Cloud environment was deleted

UniSuper's Google Cloud environment was deleted
The full list of IT projects in the 2024-25 federal budget

The full list of IT projects in the 2024-25 federal budget
ASX's technology and data business chief to leave

ASX's technology and data business chief to leave

Digital Nation

How eBay uses interaction analytics to improve CX
How eBay uses interaction analytics to improve CX
Health tech startup Kismet raises $4m in pre-seed funding
Health tech startup Kismet raises $4m in pre-seed funding
State of Security 2023
State of Security 2023
More than half of loyalty members concerned about their data
More than half of loyalty members concerned about their data
COVER STORY: What AI regulation might look like in Australia
COVER STORY: What AI regulation might look like in Australia

Log In

  |  Forgot your password?