Home Affairs has set up a new cyber security response coordination unit (CSRCU) to coordinate “consequence management activities for nationally significant cyber security incidents.”
The CSRCU sits under the Cyber and Infrastructure Security Centre (CISC) and was established on December 1 after an internal review of the department’s handling of the Optus and Medibank data breaches.
Parts of the government have faced questions over the nature of their response to the Optus breach, in particular.
The response triggered multiple reviews, including a government-level review led by Mike Mrdak - a former secretary of the department of communications - that was disclosed in February.
However, it has also now emerged that Home Affairs itself prepared its own internal “initial assessment on lessons learned” document in relation to the Optus incident on September 22 last year.
It went on to expand the ‘lessons learned’ process to cover the response to the Medibank incident as well, and said these were “integrated” into the CSRCU, which it described as a “new non-regulatory coordination function”.
“The CSRCU coordinates consequence management activities for nationally significant cyber security incidents,” the department said.
“The unit works alongside Commonwealth agencies leading technical incident responses, law enforcement operations, and regulatory activities.
“This approach was undertaken as the ‘Commonwealth Review of Cyber Security Arrangements’ by Mr [Mike] Mrdak was underway looking into both incidents.”
While still officially under consideration, Home Affairs said the broader Mrdak review had also resulted in some action items for the department.
Home Affairs was coy about the specific changes it had made, saying only it had implemented some recommendations and been the subject of some “directives … in relation to cyber security policy ownership, sharing, output, priority [and] delivery”.
The department also provided direct input into the Mrdak review.
