ASIC Threat Intelligence Platform: Enhancing the resilience of the Australian financial system

The Australian Securities and Investments Commission (ASIC) is set to implement a new cyber threat intelligence platform, backed by recent federal funding, to bolster its defenses against cyber threats. This initiative is part of a larger effort to modernize and secure ASIC’s regulatory systems, a critical component of the $206.4 million federal budget allocation for technology and cyber uplifts, which also benefits the Australian Prudential Regulation Authority (APRA).

ASIC chair Joseph Longo emphasized that a significant portion of this funding will be used to enhance the regulator’s capabilities in detecting and mitigating both internal and external cyber threats. Longo highlighted the urgency and importance of this upgrade, stating, "We have commenced a digital transformation program that received initial funding in the recent federal budget to secure ASIC’s regulatory systems." This transformation is aimed at making ASIC more data-informed and data-enabled, with smarter regulation being a key goal. To achieve this, further investments in ASIC’s systems and technology are deemed critical.

In addition to the cyber threat intelligence platform, ASIC is also exploring the responsible use of emerging technologies such as artificial intelligence (AI), machine learning, big data, and coding. These technologies are seen as pivotal in enhancing ASIC’s ability to regulate effectively and stay ahead of evolving cyber threats.

The regulator’s exploration of these technologies aligns with the findings of a review by the Financial Regulator Assessment Authority (FRAA) last year, which identified a substantial need for an uplift in ASIC’s IT and data capabilities. According to the review, only 34 percent of ASIC staff believed that the regulator had the appropriate technology to identify and prioritize threats, harms, and opportunities for innovation.

This push for modernization and enhanced cyber capabilities comes at a critical time for ASIC, particularly as it recently assumed responsibility for the Australian Business Registry Services (ABRS) from the Australian Taxation Office (ATO) in May 2024. The ATO had been overseeing ABRS since April 2021 and was responsible for core business registers as part of a modernization program.

However, this program was abandoned after $530 million was spent, resulting in only one public-facing outcome. Consequently, ASIC’s new funding will be directed towards stabilizing these legacy business registers, which Longo described as "very old."

The transfer of ABRS to ASIC underscores the necessity of reliable and trusted registry platforms to support economic activity in Australia. Longo reiterated this point during a senate estimates hearing, noting that "It is critical that Australia has reliable, trusted registry platforms to support economic activity." This statement reflects the broader context in which ASIC operates, where maintaining robust and secure data and registry systems is essential for economic stability and growth.

The funding and subsequent technology upgrades are expected to significantly improve ASIC’s ability to collect information and reduce the time it takes to detect cyber threats. By investing in advanced technologies and modernizing its IT infrastructure, ASIC aims to enhance its regulatory functions and better protect Australia’s financial systems from cyber threats. This proactive approach not only aims to address current vulnerabilities but also positions ASIC to handle future challenges more effectively.

Moreover, the collaboration between ASIC and other key stakeholders, including the APRA, highlights a coordinated effort to strengthen the country’s financial and regulatory framework. The funding and technology upgrades are part of a broader strategy to ensure that Australia remains resilient in the face of increasing cyber threats and technological advancements. This strategy includes leveraging emerging technologies like AI and big data to create more intelligent and responsive regulatory systems.

In summary, ASIC’s new cyber threat intelligence platform, funded by the federal budget, represents a significant step towards modernizing and securing the regulator’s IT systems. This initiative is part of a larger effort to enhance ASIC’s data capabilities and regulatory effectiveness. By embracing emerging technologies and addressing the deficiencies identified in previous reviews, ASIC aims to create a more resilient and proactive regulatory environment.

The recent assumption of ABRS responsibilities further underscores the importance of these upgrades, as reliable and secure registry platforms are crucial for supporting economic activity. With the backing of substantial federal funding, ASIC is well-positioned to advance its digital transformation and strengthen its role in safeguarding Australia’s financial systems.