David Sandell – CI-ISAC Australia

Defining Bi-Directional Intelligence Sharing in Australia’s Critical Infrastructure Sectors Through the 2026 SOCI Act Review

The 2026 Slay Review of the 2018 SOCI Act has called for two-way threat information exchange between government and critical infrastructure operators. This article defines what bi-directional intelligence sharing means in practice, why it matters now, and where CI-ISAC fits in Australia’s evolving cyber resilience model.
Read article →
Australia’s Cyber Threat Environment Is Escalating: What an Elevated Threat Level Means for Critical Infrastructure Security and Resilience

CI-ISAC Australia’s cyber threat level is sustained at Elevated. This article examines what that designation means in practice and why timely, Australian-specific intelligence is the critical input that separates anticipating threats from responding to them.
Read article →
Bidirectional Threat Intelligence Is Here Under SOCI Reform: How Critical Infrastructure Organisations Can Operationalise It

The SOCI Act Review has made bidirectional cyber threat intelligence sharing a legislative imperative for Australia’s critical infrastructure. This article sets out what the mandate means in practice and how to act now.
Read article →
Planning for Cyber Risk in Uncertainty: How Cross-Sector Threat Visibility Shapes Executive Decisions

Executive teams across Australia’s critical infrastructure sectors are expected to make decisions about cyber risk, investment, and capability in a landscape that rarely feels settled. Threat activity evolves quickly, technology dependencies continue to deepen, and expectations around resilience and accountability are increasing. Yet many of these decisions are still made with a constrained view of…
Read article →
Seeing the Pattern Before the Incident: Why Threats Rarely Stay in One Sector

Cyber incidents affecting critical infrastructure are often described as discrete events. An issue emerges in one organisation, is investigated locally, and addressed within that environment. When similar activity surfaces elsewhere soon after, it is frequently treated as unrelated. In practice, threat activity often appears across multiple domains rather than remaining confined to a single organisation…
Read article →

Author: David Sandell

Defining Bi-Directional Intelligence Sharing in Australia’s Critical Infrastructure Sectors Through the 2026 SOCI Act Review

Australia’s Cyber Threat Environment Is Escalating: What an Elevated Threat Level Means for Critical Infrastructure Security and Resilience

Bidirectional Threat Intelligence Is Here Under SOCI Reform: How Critical Infrastructure Organisations Can Operationalise It

Planning for Cyber Risk in Uncertainty: How Cross-Sector Threat Visibility Shapes Executive Decisions

Seeing the Pattern Before the Incident: Why Threats Rarely Stay in One Sector

The Cross-Sector Advantage

Thank you for your response. ✨