AusCheck launches new background checking portal for critical infrastructure operators
Australia’s Department of Home Affairs announced Monday that the AusCheck background checking portal has opened for critical infrastructure sector operators and responsible entities (REs) to use as a tool to mitigate personnel security risks. The latest move comes ahead of the critical infrastructure risk management program (CIRMP) obligations that are shortly coming into force for critical infrastructure (CI) assets under the Security of Critical Infrastructure Act 2018 (SOCI Act).
AusCheck conducts background checking and identity assurance for the Aviation and Maritime Security Identification Card (ASIC and MSIC), Security Sensitive Biological Agents (SSBAs) and Major National Events (MNE) schemes, the government said in a Monday statement.
AusCheck’s background checking portal is one way to mitigate the risk of trusted and malicious insiders within the 13 CI sectors asset classes, such as broadcasting, domain name systems, data storage or processing, electricity, energy market operator, gas, liquid fuels, payment systems, food and grocery, crucial hospitals, critical freight infrastructure, critical freight services, and water.
An AusCheck background check typically includes identity verification; a criminal record assessment by AusCheck using information collected by the Australian Criminal Intelligence Commission; a national security assessment by ASIO (Australian Security Intelligence Organisation); and a ‘right to work in Australia’ check if a person is not an Australian citizen, conducted through the Department of Home Affairs’ Visa Entitlement Verification Online (VEVO) system.
The statement also laid down that as part of CIRMP obligations, REs of critical infrastructure assets will need to develop a Risk Management Program (RMP). An RMP must consider, among other things, the personnel security risks for the asset. It must identify individuals who have ongoing access to sensitive aspects of the business, including employees, contractors, and agents. These people could be ‘critical workers’ under the SOCI Act.
“The RMP must also include processes and procedures to minimise or eliminate material risks that critical workers may pose. Background checks are one method of managing these risks,” the statement added. “An AusCheck background check is not mandatory and an RE can choose an alternative provider for background checking, but AusCheck is the only provider to include a national security assessment by the Australian Security Intelligence Organisation (ASIO) as part of the check.”
Clare O’Neil, Minister for Home Affairs, switched on the CIRMP rules in February this year, following an extended period of consultation, CISC said. Through this consultation process, the Minister was able to incorporate feedback from critical infrastructure stakeholders that has ultimately made the rules simpler and easier to implement.
Organizations have a six-month grace period after the commencement of the rules until Aug.17, 2023, a CISC Fact Sheet outlined. The final day for a CIRMP to adopt and comply with the cyber and information security hazards framework will be Aug. 17, 2024, which is 18 months from the guidelines’ start date. Additionally, Sept. 28 annually will be the last day to submit an annual report for the preceding Australian financial year (i.e. ending Jul. 1 to Jun. 30). As part of the ongoing process, organizations must comply with, regularly review and if required update the CIRMP.
Last week, the U.S. administration announced a roadmap called the National Cybersecurity Strategy Implementation Plan (NCSIP) to ensure transparency and continued path for coordination to realize its March National Cybersecurity Strategy. The plan details over 65 high-impact federal initiatives, from protecting American jobs by combating cybercrimes to building a skilled cyber workforce equipped to excel in an increasingly digital economy.
A complimentary guide to the who`s who in industrial cybersecurity tech & solutions
Free DownloadRelated
