The
Cyber Security Act 2024 (the Act) establishes the Cyber Incident Review Board (the Board) as an independent advisory body to conduct no-fault, post-incident reviews of significant cyber security incidents in Australia. An Expert Panel, drawn from a pool of industry sector experts according to the specific review, will support the Board.
Recent cyber-attacks have shown that government and industry need to learn more from these events. The Board reviews will identify the contributing factors to cyber incidents to help both sectors prepare for future cyber attacks. At the completion of a review, the Board will provide recommendations to government and industry on its findings. These recommendations aim to prevent, respond to or minimise the impact of similar incidents and uplift Australia’s cyber resilience in the future.
The Board will only review an incident after it has occurred and initial investigation and response efforts have been completed. Reviews will focus on a single incident or a group of similar incidents. These may share features such as attack method, type of system affected, or a known vulnerability.
The Board does not assign blame or determine who is responsible for an incident. Published reviews will not include personal or classified information, including anything that could affect national security, defence, or international relations of the Commonwealth.
Appointment of the Cyber Incident Review Board
The EOI for the Board has now closed and the Minister for Home Affairs is considering the applications received.
The department will contact successful candidates to begin the appointments process. We thank everyone who applied and encourage anyone interested in supporting the Board to consider applying to the Expert Panel.
The Expert Panel
The Expert Panel comprises professional individuals from across the public and private sector. These individuals have expertise in cyber security, legal or sector-specific areas that the Board can invite to assist in when conducting reviews.
Once established, the Board will undertake an EOI process to appoint suitable individuals to the Expert Panel. The Rules establish a harmonised set of eligibility criteria for the Expert Panel and the Board. Appointees to the Expert Panel must also hold a Negative Vetting 1 security clearance in order to be eligible to work on a Review Panel.
If you meet the eligibility criteria for the Expert Panel, you can register to receive a notification when the Board commences an EOI process.
You can do this by emailing your contact information to
CIRB.Enquiries@homeaffairs.gov.au.
