Professor David J. Galbreath, PhD; Dr Gary Waters; and Dr Huon Curtis 
Military strikes, cyber activity, and influence campaigns are now unfolding in parallel, with critical infrastructure increasingly targeted as part of a broader strategic contest. As the boundary between external conflict and domestic vulnerability erodes, no single organisation can independently detect or respond to the resulting threat environment.
In this context, the timely and structured exchange of threat intelligence becomes a prerequisite for national resilience.
Information sharing is a central pillar of any national cyber security strategy. It enhances threat visibility, reduces blind spots across networks, enables pre-emptive action and accelerates detection and response to malicious activity. Timely exchange of threat intelligence – including indicators of compromise, tactics and techniques, and attack patterns – strengthens whole-of-nation cyber capabilities, thereby enhancing the resilience of critical infrastructure.
The challenge is especially acute for Australia, given its reliance on third-party vendors embedded within critical systems and on global technology supply chains. Governments cannot independently monitor and protect this infrastructure, particularly given that most of it is privately owned and operated.
Structured sharing mechanisms – public-private partnerships, Information Sharing and Analysis Centres (ISACs), and Information Sharing and Analysis Organisations (ISAOs) – exist precisely to bridge this gap. ISACs are specialised entities that share cyber threat intelligence across critical infrastructure organisations; ISAOs extend that function across private companies, non-profits, and government entities beyond critical infrastructure sectors.
Both models facilitate industry-wide and cross-sector collaboration, enabling earlier detection of threat actors, more efficient dissemination of defensive measures, and coordinated incident response. Shared standards and governance frameworks help organisations navigate fast-moving cyber crises while supporting joint capacity building and the shared development of tools and guidelines.
Despite widespread recognition of their value, information-sharing arrangements face persistent obstacles. Trust deficits, privacy concerns, unclear incentives, and cost constraints continue to limit participation. Interoperability issues – inconsistent data formats, incompatible technologies, conflicting standards – undermine the utility of shared intelligence. Human factors, including training gaps and leadership disengagement, compound these challenges, as do significant differences in operational constraints across financial, energy, defence, and civilian sectors.
Legal challenges
One of the most consequential and underappreciated barriers is the distinction between genuine legal constraints on information sharing and the over-interpretation of those constraints. Research into Australian critical infrastructure sectors found that organisations, in some cases, declined to share threat intelligence, citing legal exposure, when the actual barrier was more limited than assumed or when existing exemptions for public interest coordination were available but not invoked.
Competition policy has created an effect on information sharing that is, in some sectors, more cultural than legal – ingrained in organisational practice rather than required by law. This distinction matters for policy design: genuine legal barriers require legislative reform; over-interpreted ones require clearer guidance, protected reporting channels, and a cultural shift towards understanding information sharing as collective defence rather than competitive liability. ISACs and ISAOs directly address this problem by providing sanctioned, liability-managed pathways that remove the uncertainty inhibiting participation.
Effective sharing also depends on the right technical and governance infrastructure. Privacy-preserving and cryptographic approaches – including access control models, blockchain-based audit systems, and secure exchange protocols – demonstrate viable pathways for protecting sensitive incident data while enabling coordination. National cyber security strategies define regulatory responsibilities, cross-border protections, and requirements for lawful information exchange, harmonising practices across sectors and jurisdictions.
In the software supply chain context, governance extends further still. Software Bills of Materials – mechanisms for tracking the composition and provenance of every component in a software product – and cryptographic code signing infrastructure make supply chain dependencies visible and verifiable. Their systematic absence at the time of the SolarWinds compromise contributed directly to a 14-month detection gap: partial indicators existed, but no cross-sector mechanisms existed to aggregate them.
The Australian context
In a move that now appears particularly prescient, the Australian government’s 2023–2030 Cyber Security Strategy provided funding to establish an Australian-specific ISAC capability, recognising that effective cyber threat intelligence sharing requires institutions anchored in the Australian context, accountable to Australian participants, and sustainable as a long-term national resource rather than dependent on foreign infrastructure and databases.
The value of that decision has only grown as the geopolitical environment has made the reliability of pre-existing international sharing arrangements and vulnerability databases less certain.
The implications are clear: in an environment of persistent, coordinated cyber threats, the ability to share threat intelligence at speed and scale is a determinant of national resilience. Australia’s investment in sovereign information-sharing capabilities reflects a necessary shift from organisational responsibility to collective defence; the priority now is ensuring these mechanisms are actively used, supported by clear legal guidance, interoperable standards, and a culture that treats sharing as an obligation rather than a risk.
Without this shift, frameworks will remain underutilised; with it, Australia can move from reactive response to anticipatory defence, where shared insight becomes a strategic advantage.
By: Professor David J. Galbreath, PhD (pictured), professor of war and technology – The University of Bath, UK; Dr Gary Waters; and Dr Huon Curtis
Produced for the National Institute of Strategic Resilience (NISR).