Cyber Lessons Down Under: Australia Revives Disbanded US Model for Post-Breach Truth-Telling
Australia unveils a powerful cyber review board, learning from US stumbles and aiming to break the cycle of high-profile digital disasters.
When a cyberattack hits, the instinct is often to find someone to blame. But in the wake of devastating breaches that rattled Australia’s biggest companies, Canberra is taking a different approach-one that seeks answers, not scapegoats. This week, the government announced the launch of its new Cyber Incident Review Board, a move that echoes a bold US experiment shuttered before its time. Can this fresh start help Australia dodge the pitfalls that doomed its American predecessor?
The board, chaired by Telstra’s global CISO Narelle Devine, brings together experts from Australia’s critical infrastructure: telecoms, utilities, academia, and law. Their mission? To conduct “no-fault” post-mortems after major cyber incidents targeting government or industry, extracting systemic lessons to bolster the nation’s digital defenses.
The timing couldn’t be more urgent. In the past two years, Australia has been rocked by cyberattacks that compromised millions of citizens’ data and exposed weaknesses across healthcare, telecoms, and beyond. Public confidence has shaken, and Canberra has faced mounting calls to learn from each breach instead of simply patching holes and moving on.
Australia’s model is inspired by the US Cyber Safety Review Board, created by the Biden administration in 2022. That board delivered three major reports-including a damning account of Microsoft’s failures that allowed Chinese hackers to infiltrate US government emails-before being abruptly dismantled by the Trump administration. Critics say the US experiment faltered due to its voluntary structure and limited scope, with little power to compel reluctant companies to participate or to drill deep into industry-specific failures.
Australia’s version aims to avoid these missteps. The board has legal authority to require companies and agencies to hand over information, a key recommendation from US cyber policy veterans. Its focus remains tight: learning from attacks on critical infrastructure and government, not chasing every headline-grabbing breach. However, the board lacks flexibility to expand its membership for specialized investigations-a potential blind spot if future attacks target unfamiliar sectors.
Elsewhere, the European Union has set up a similar review function under its Cyber Solidarity Act, but has yet to flex its investigative muscle. For now, Australia’s approach stands as one of the world’s boldest attempts to institutionalize cyber “truth and reconciliation”-a chance to break the cycle of operational secrecy and repeated mistakes.
As cyber threats grow more sophisticated and relentless, Australia’s gamble is clear: learning out loud, even when it hurts, is the only way to build lasting resilience. Whether this board becomes a model for others-or another cautionary tale-will depend on its ability to turn painful lessons into lasting change.
WIKICROOK
- Critical Infrastructure: Critical infrastructure includes key systems-like power, water, and healthcare-whose failure would seriously disrupt society or the economy.
- CISO (Chief Information Security Officer): A CISO is the executive in charge of a company’s information and data security strategy, overseeing cybersecurity policies and risk management.
- No: No-code integration allows users to connect software systems using visual interfaces, enabling automation and data sharing without writing custom code.
- Compel Information: Compel information is the legal power to require individuals or organizations to provide data, documents, or testimony for investigations or compliance.
- Post: In cybersecurity, 'post' is the process of securely sending data from a user to a server, often used for form submissions and file uploads.




