Is the ACSC part of the military or a civilian agency?

It sits within the Australian Signals Directorate, a statutory agency in the Defence portfolio, but its remit covers government, industry, and the public—not just military networks.

What is the Essential Eight?

A set of eight baseline mitigation strategies published by the ACSC to help organisations defend against common cyber threats, with maturity levels from zero to three.

How does the ACSC relate to Five Eyes partners?

It regularly co-authors joint advisories with the US CISA, UK NCSC, Canada's CCCS, and New Zealand's NCSC, particularly on state-sponsored threats and ransomware.

ACSC Australia | Model Diplomat

The Australian Cyber Security Centre (ACSC) is the Australian government's lead technical authority on cyber security, operating within the Australian Signals Directorate (ASD), a statutory agency in the Defence portfolio. It serves as the central hub for coordinating national responses to significant cyber incidents, issuing threat intelligence, and publishing hardening guidance for government, critical infrastructure, businesses, and individuals.

The ACSC was established in 2014 and reorganised in 2018 when it was brought fully inside ASD following the Intelligence Services Amendment (Establishment of the Australian Signals Directorate) Act 2018. It absorbed functions previously spread across the Attorney-General's Department, the Australian Federal Police, ASIO, and the Department of Defence, consolidating CERT Australia and other elements into a single body.

Core ACSC outputs include:

The Information Security Manual (ISM), which sets baseline controls for Australian government systems.
The Essential Eight, a prioritised set of mitigation strategies (application control, patching applications, configuring Office macros, user application hardening, restricting administrative privileges, patching operating systems, multi-factor authentication, and regular backups).
The Annual Cyber Threat Report, which aggregates incident statistics reported via the ReportCyber portal and the ACSC's 1300 CYBER1 hotline.
Joint cybersecurity advisories issued with Five Eyes partners (CISA, NCSC-UK, CCCS, NCSC-NZ) and increasingly with Japan, Germany, and South Korea.

The ACSC plays a coordinating role under the Security of Critical Infrastructure Act 2018 (as amended in 2021 and 2022), which expanded mandatory incident reporting obligations across eleven critical infrastructure sectors. It also supports the implementation of successive national cyber strategies, most recently the 2023–2030 Australian Cyber Security Strategy.

For Model UN and IR researchers, the ACSC is a useful reference point when analysing Indo-Pacific cyber posture, AUKUS Pillar II cooperation on advanced capabilities, and comparative national CERT/CSIRT structures.

ACSC Australia

Frequently asked questions