What we do
ASD is committed to making Australia the most secure place to connect online. We do this by comprehensively understanding the cyberthreats, and providing proactive advice and assistance to improve cyber posture and resilience risk management by government, businesses and the community. When serious cyber incidents occur, ASD leads the Australian Government response to help mitigate the threat and strengthen defences.
In an environment where technology plays an increasing role in the daily lives of Australians, our cybersecurity functions continue to be critical in supporting national security and prosperity. Australia continues to be targeted by a range of actors who conduct persistent cyber operations that pose significant threats to Australia, ASD continues to observe an increase in the speed with which malicious actors have researched and then pivoted to exploit publicly released vulnerabilities.
ASD remain focused on emerging cyberthreats, including those to critical infrastructure and technologies, families and businesses.
ASD provides cybersecurity advice and services to government, critical infrastructure, industry and the Australian public. Our cybersecurity advice is published on our cybersecurity website, cyber.gov.au.
Our key cybersecurity services that we offer include:
- the Australian Cybersecurity Hotline, which is contactable 24 hours a day, 7 days a week, via 1300 CYBER1 (1300 292 371)
- publishing Alerts, technical advice, Advisories and notifications on significant and emerging cybersecurity threats
- cyberthreat monitoring and intelligence sharing with our partners in Australia and overseas to counter cybersecurity threats
- ASD cybersecurity partnership program that supports information sharing and onboarding to ASD cybersecurity services between Australian organisations
- exercises and uplift activities to enhance the cybersecurity resilience of Australian organisations.
ASD's key cybersecurity guidance and programs
ASD delivers partnerships, programs and technical capability that strengthen national cybersecurity or resilience.
Information Security Manual
The Australian Signals Directorate produces the Information Security Manual (ISM). The purpose of the ISM is to outline a cybersecurity framework that an organisation can apply, using their risk management framework, to protect their systems and data from cyberthreats. The ISM is intended for Chief Information Security Officers, Chief Information Officers, cybersecurity professionals and information technology managers.
Essential Eight mitigation strategies
The Australian Signals Directorate (ASD) has developed prioritised mitigation strategies, in the form of the Strategies to Mitigate Cybersecurity Incidents, to help organisations protect themselves against various cyberthreats. The most effective of these mitigation strategies are the Essential Eight.
The Essential Eight has been designed to protect organisations’ internet-connected information technology networks. While the principles behind the Essential Eight may be applied to enterprise mobility and operational technology networks, it was not designed for such purposes and alternative mitigation strategies may be more appropriate to defend against unique cyberthreats to these environments.
Strategies to mitigate cybersecurity incidents
The Australian Signals Directorate (ASD) has developed prioritised mitigation strategies to help organisations mitigate cybersecurity incidents caused by various cyberthreats. This guidance addresses targeted cyber intrusions (i.e. those executed by advanced persistent threats such as foreign intelligence services), ransomware and external adversaries with destructive intent, malicious insiders, ‘business email compromise’, and industrial control systems.
Report a cybercrime, incident or vulnerability
If you have been a victim of a cybercrime, cyber incident or cyber vulnerability you can report it at cyber.gov.au/report
ASD’s Cybersecurity Partnership Program
The ASD's Cybersecurity Partnership Program enables Australian organisations and individuals to engage with ASD's ACSC and fellow partners, drawing on collective understanding, experience, skills and capability to lift cyber resilience across the Australian economy.
Information Security Registered Assessors Program (IRAP)
The Infosec Registered Assessors Program (IRAP) ensures entities can access high-quality security assessment services
Critical Infrastructure Uplift Program
The Critical Infrastructure Uplift Program (CI-UP) offers a range of scaled and tailored services. It assists critical infrastructure Partners to improve their resilience against sophisticated cyberattacks.
National Exercise Program
Our National Exercise Program helps critical infrastructure and government organisations validate and strength Australia's nationwide cybersecurity arrangements.
The cybersecurity threat
The internet is a critical part of our business and social lives. Electronic systems and digital information are essential for business and families, with most Australians using the web to bank, pay bills, buy and sell goods and services, and stay connected.
While this digital age presents enormous opportunity, connectivity also brings exposure to malicious cyber activity. We provide advice and assistance to all Australians to help make Australia the safest place to connect online.