Analysis
Attacks and Vulnerabilities
Critical infrastructure
News
Regulation, Standards and Compliance
Risk & Compliance
Supply Chain Security
Technology & Solutions
Threat Landscape

Australia brings out Critical Infrastructure Resilience Strategy and Plan to boost security and resilience

February 22, 2023
Australia brings out Critical Infrastructure Resilience Strategy and Plan to boost security and resilience

The Australian government has published a 2023 Critical Infrastructure Resilience Strategy that provides a national framework to guide Australia to enhance critical infrastructure security and resilience. The document provides a framework for how industry, state and territory governments, and the Australian Government will work together to mature the security and resilience of critical infrastructure, and to anticipate, prevent, prepare for, respond to, and recover from all-hazards. It builds upon the 2015 Critical Infrastructure Resilience Strategy.

The Strategy document brings together legislative and regulatory settings with partnerships through the Trusted Information Sharing Network (TISN), offering nationally aligned and integrated initiatives. Collaboration between industry and government underpins these activities, ensuring the support of Australia’s critical infrastructure community and interests.

The TISN is a trusted, non-competitive environment for the critical infrastructure community to better plan, prepare, respond, and recover in the face of all hazards. Operative industry-wide and across all levels of government’s primary way of engaging to enhance the security and resilience of critical infrastructure, the TISN brings together critical infrastructure owners and operators, supply chain entities, peak bodies, and all levels of government, and is focused on key critical infrastructure sectors in Australia.

The Cyber and Infrastructure Security Centre (CISC) and the critical infrastructure community have developed an updated strategy that provides a roadmap for boosting the security and resilience of Australia’s essential services and assets – everything from electricity and water to healthcare and groceries. The document will guide Australia’s critical infrastructure interests from 2023 to 2028. All Australians rely on critical infrastructure to deliver the essential services that underpin the economy, security, and sovereignty. 

“Disruptions to critical infrastructure systems can result from other types of natural and human-made hazards and threats, such as major weather events or human error,” according to the new Strategy. “Such disruptions can create a chain of cascading consequences with profound effects on societies and communities, and interconnected infrastructure systems. These events highlight the nation’s reliance on our critical infrastructure, its interconnected systems, the challenges in maintaining it, and in some instances the fragility of systems such as supply chains and the workforce,” it added.

The Strategy assesses that the industry needs to consider the impact of susceptibility to a wider range of hazards, from physical and natural, supply chain and personnel, to cyber and information security. It must also account for technological advances and increased connectivity. More systems and services are being connected to the internet and each other, creating economic efficiencies but also increasing the likelihood and impact of disruptions.

Additionally, the Strategy said that organizations must also review an increasingly volatile geopolitical environment, and the susceptibility of critical infrastructure to attack by nation-states, state-sponsored actors, issue-motivated groups, or extremist groups, seeking to advance their interests. 

For this Strategy, critical infrastructure resilience refers to those aspects of organizational resilience that focus on measures to uplift the security and resilience of critical infrastructure owners, operators, and supply-network stakeholders as a collective and across the whole economy. 

The typical measures include resilience support provided through the TISN, initiatives under the Critical Infrastructure Resilience Plan, and initiatives that ensure robust risk management processes that take account of material risks that have a substantial impact on the availability, reliability, and integrity or confidentiality of government and/or critical infrastructure assets and the services they deliver. It also covers cyber and information security hazards, personnel hazards, supply chain hazards, and physical and natural hazards.

Tackling regulatory settings, Australia’s critical infrastructure is regulated through Commonwealth, and state and territory legislation. These legislative and regulatory settings are augmented by industry codes of practice, as well as emergency management arrangements. The Commonwealth Security Legislation Amendment (Critical Infrastructure) Act 2021 (SLACI Act) amended the Security of Critical Infrastructure Act 2018, requiring regulated owners and operators of Australia’s critical infrastructure to take steps to better protect infrastructure. 

The Security Legislation Amendment (Critical Infrastructure Protection) Act 2022 (SLACIP Act) further amended the Security of Critical Infrastructure Act 2018 to enact a framework for risk management programs, declarations of systems of national significance, and enhanced cybersecurity obligations. These elements will improve the preparedness of critical infrastructure entities to manage and mitigate the range of hazards that could otherwise have a serious impact on the delivery of their essential service. 

Accompanying the 2023 Critical Infrastructure Resilience Strategy is a 2023 Critical Infrastructure Resilience Plan that sets out how the Strategy’s objectives will be delivered. The Plan adopts a multi-year outlook and allows for the monitoring and evaluation of activities. The Plan will be updated by the Department of Home Affairs in consultation with the Critical Infrastructure Advisory Council on an as-needed basis.

The Strategy has been developed to support critical infrastructure owners and operators to manage risks to the continuity of their operations through mature risk-based and resilience approaches. It also delivers initiatives through strong industry–government partnerships and supports critical infrastructure owners and operators to strengthen their security and resilience through regulatory frameworks, tools, and improved collaboration.

The 2023 Critical Infrastructure Resilience Strategy and Plan comes close to the heels of the Australian government announcing that its CIRMP (Critical Infrastructure Risk Management Program) rules have now been registered under the Security of Critical Infrastructure Act 2018 (SOCI Act). The move calls upon specified responsible entities to develop and maintain the written program that identifies and manages ‘material risks’ of ‘hazards’ that could have a ‘relevant impact’ on a critical infrastructure asset.

Anna Ribeiro
Industrial Cyber News Editor. Anna Ribeiro is a freelance journalist with over 14 years of experience in the areas of security, data storage, virtualization and IoT.

A complimentary guide to the who`s who in industrial cybersecurity tech & solutions

Free Download

Related

Claroty’s Team82 details exploitation of classic deserialization vulnerability in Siemens EnMPro line
Claroty’s Team82 details exploitation of classic deserialization vulnerability in Siemens EnMPro line
Microsoft debuts ICSpector framework to enable examining information and configurations of industrial PLCs
Microsoft debuts ICSpector framework to enable examining information and configurations of industrial PLCs
TXOne’s Portable Security Pro works towards improving security in ICS environments
TXOne Networks presents SageOne, its new CPS protection platform
Critical Start
Critical Start introduces managed detection and response services for OT environments
Shift5
Shift5 debuts GPS integrity module to combat GPS spoofing risks
Securing cloud, IIoT in Industry 4.0 emerges crucial for protecting industrial operations across OT/ICS environments
Securing cloud, IIoT in Industry 4.0 emerges crucial for protecting industrial operations across OT/ICS environments
Through the Lens of a Case Study: What It Takes to Be a Cyber-Physical Risk Analyst
Through the Lens of a Case Study: What It Takes to Be a Cyber-Physical Risk Analyst
Dragos reports decline in ransomware attacks on industrial sector amid law enforcement measures
Dragos reports decline in ransomware attacks on industrial sector amid law enforcement measures
MITRE's CREF Navigator aligns with DoD's CMMC to boost cyber resilience in defense industrial base
MITRE’s CREF Navigator aligns with DoD’s CMMC to boost cyber resilience in defense industrial base
UK’s NCSC debuts CAF v3.2 to address rising threats to critical national infrastructure, boosts cybersecurity readiness
UK’s NCSC debuts CAF v3.2 to address rising threats to critical national infrastructure, boosts cybersecurity readiness