Report a Cyber Security Incident
The National Cyber Security Coordinator (the Coordinator), together with the National Office of Cyber Security, drives forward the necessary work to ensure Australia is best positioned to respond to the opportunities and threats of the digital age.
The Coordinator supports the Minister for Cyber Security to lead the coordination of:
- national cyber security policy
- responses to major cyber incidents
- whole of government cyber incident preparedness efforts
- strengthening Commonwealth cyber security capability.
The Coordinator leads this work in collaboration with the Australian Government’s key policy, operational and security agencies.
The Coordinator provides strategic direction and oversight for the Department of Home Affairs on work programs for cyber security policy development across the whole of government. This includes supporting the hardening of Australian Government systems and working with industry and critical infrastructure owners and operators to build a cyber-resilient Australia.
The appointment of the Coordinator is a significant step forward for Australia's cyber security posture and capability.
Lieutenant General Michelle McGuinness CSC commenced as the National Cyber Security Coordinator on 26 February 2024.
National Office of Cyber Security
The National Office of Cyber Security (NOCS) was established on 1 May 2023 to support the Coordinator function.
The NOCS builds on the remit of the previously established Cyber Security Response Coordination Unit (CSRCU) and encompasses broader cyber policy functions from Home Affairs.
The Coordinator and the NOCS oversee efforts to ensure:
- Australians are better protected
- business and critical infrastructure entities are cyber resilient
- delivery of the Australian Government’s mission to make Australia one of the most cyber secure nations in the world by 2030.
Cyber security incident response
The Coordinator ensures a coordinated approach to prepare for and manage the consequences of cyber security incidents. This includes bringing together expertise and resources from across government and security agencies.
The Coordinator oversees responses to consequences arising from cyber security incidents, supported by the CSRCU within the NOCS. This is to support Australia’s resilience to, and recovery from, major cyber incidents. The Coordinator manages de-confliction across various agencies involved in consequence management arrangements. This includes working with government partners to ensure alignment across regulatory, policy and incident response frameworks.
The Coordinator engages in information gathering across government and industry. The Coordinator also convenes and leads collaborative forums to support holistic decision-making in response to cyber incidents. The Department is responsible for the consequence management elements of this response framework.
Limited Use Obligation
On 29 November 2024, the Cyber Security Act 2024 received Royal Assent and became Law.
The Cyber Security Act 2024 gives effect to a Limited Use obligation for the National Cyber Security Coordinator.
Limited Use for the National Cyber Security Coordinator
Part 4 of the Cyber Security Act 2024 establishes a Limited Use obligation that restricts how the National Cyber Security Coordinator and the National Office of Cyber Security can record, use or disclose information that entities voluntarily provide under Part 4 of the Act.
The objective of the Limited Use obligation is to provide confidence to engage early and share information freely, as there are restrictions on using and disclosing information provided under Limited Use for civil or regulatory purposes.
Protections enshrined under the legislation ensure this information is held securely when provided to the National Cyber Security Coordinator and the National Office of Cyber Security, as well as when this information is on shared for permitted purposes.
For more detailed information see: Limited Use for the National Cyber Security Coordinator factsheet.
Executive Cyber Council
On 22 November 2023, the Minister for Cyber Security hosted the inaugural meeting of the Executive Cyber Council (the Council)—an initiative of the
2023–2030 Australian Cyber Security Strategy. The Council plays an important role in facilitating genuine and transparent co-leadership with industry on key cyber security issues. The Council also supports the delivery of national cyber security priorities, including initiatives driven under the
2023–2030 Australian Cyber Security Strategy’s Action Plan. The Council meets biannually.
Council members were appointed by the Minister for Cyber Security and are at an executive level or are a recognised expert in cyber security. Representation includes a broad cross-section of the economy to facilitate diverse perspectives and advice. The current Council members are:
- Minister for Cyber Security
- National Cyber Security Coordinator
- Australian Signals Directorate
- Australian Security Intelligence Organisation
- Australian Banking Association
- Australian Chamber of Commerce and Industry
- Australian Energy Market Operator
- ASX Limited
- Atlassian
- Amazon Web Services
- Australian Women in Security Network
- Business Council of Australia
- Commonwealth Bank of Australia
- Consumers' Federation of Australia
- Coles Group
- Council of Small Business Organisations Australia
- CyberCX
- Group of Eight
- Google Australia & New Zealand
- Insurance Australia Group
- Linfox Australia and New Zealand
- Meta Australia and New Zealand
- Microsoft Australia and New Zealand
- Medical Software Industry Association
- Optus
- Qantas Group
- Tech Council of Australia
- Telstra
- Telstra Health
- Toll Group
- Virgin Australia
- Woolworths
- Xero
National Cyber Intel Partnership
The Coordinator chairs the National Cyber Intel Partnership (NCIP). The NCIP convenes Australian Government and industry stakeholders to discuss approaches to support cyber threat intelligence sharing and inform the deployment of threat blocking capabilities that can prevent identified threats from reaching end users.
NCIP members include industry leaders and cyber experts from academia and civil society. The NCIP meets quarterly. A small industry-driven working group within the NCIP is currently piloting the development of an automated, near-real-time threat blocking capability. This pilot aims to build on and integrate with existing government and industry platforms.
