PSPF Direction on cyber threat visibility

In July, the Home Affairs Secretary issued a Direction under the Protective Security Policy Framework (PSPF), supporting visibility of the cyber threat facing Australian government entities.

The Direction, the third of three issued that day, requires all Non-Corporate Commonwealth Entities (NCCEs) to formally engage with ASD around Cyber Threat Intelligence (CTI) sharing, incident reporting and threat hunting capabilities.

Within the current PSPF reporting period (by June 2025), entities must:

1. Participate in the ASD Cyber Security Partnership Program
2. Advise ASD of any threat hunting capability employed by the entity.
3. Connect to the ASD Cyber Threat Intel Sharing CTIS platform
4. Continue to report cyber security incidents in accordance with PSPF Policy 5.

By ensuring all agencies participate in the gathering of skills, experience and situational awareness across agencies, businesses and academia under the ASD Cyber Security Partnership Program, Australia’s combined ability to counter the increasing and increasingly sophisticated threats our country faces will be strengthened. Macquarie is a proud and long-standing member and value it’s benefits and the opportunity to contribute.

Regular active hunting for threats within an entity’s network rather than passively waiting for attacks to occur significantly increases the effectiveness of your security operations. Hunts should leverage threat intelligence and knowledge of adversary tradecraft.

Macquarie Government regularly conducts threat hunts in the gateway and other environments we manage for our customers, using an “intel led, threat focused” approach. To hunt at scale, we have developed a mature capability with documented processes supported by our Security Incident and Event Management (SIEM) and other systems.

Threat hunts both use and contribute to the CTI data Macquarie Government shares with ASD as one of the 250+ partners subscribed to the ASD CTIS platform. Sharing relevant and actionable information is critical to any form of defence, whether on the soccer pitch or in the SOC. With every agency now required to participate in CTIS, there will be more data to analyse to generate intel and more entities to apply it.

Continuing to report incidents to the relevant authorities as specified in PSPF Policy 5 Section C also contributes to improved visibility of the cyber threats facing government.

The reality we now face as a nation, with sophisticated state-based adversaries targeting government, critical infrastructure and other cyber assets vital for our nation’s wellbeing, the heightened collection and sharing of threat information intended by this Direction is an unfortunate necessity.