Australia Unveils Game Plan to Guard Critical InfrastructureNew Risk Management Program to Strengthen Critical Infrastructure Resilience
Australia adopted a new risk management program that focuses on cybersecurity to strengthen the resilience and security of its critical infrastructure and essential services.
Australian Minister for Home Affairs and Cyber Security Clare O'Neil says the new rules will help businesses prepare for, prevent and mitigate threats to the country's critical assets.
"Critical infrastructure assets are vulnerable to natural disasters and attractive targets for foreign interference, cybercriminals and other malicious actors who seek to do Australia harm," O'Neil said.
The risk management rules are the third and final security measures in recent amendments to the Security of Critical Infrastructure Act 2018.
The Critical Infrastructure Risk Management Program calls for an annual reporting requirement, compliance and regulatory rules, mandatory cyber incident reporting and several government assistance measures, among others.
The rules commenced on Feb. 17, 2023, and allow critical assets that are currently optional a period of six months to adopt a written risk management plan and an additional 12-month period to achieve compliance.
Australia has made several cybersecurity reforms in response to the spate of cyberattacks the country has faced over the past year. It is also leading a global ransomware task force comprised of 37 like-minded governments that aim to share intelligence to stymie future digital extortion attacks (see: Australia Initiates Global Ransomware Task Force Operations).
Critical Infrastructure Resilience Strategy
Under the latest policy changes, Australia also has launched an updated Critical Infrastructure Resilience Strategy, which provides a road map for protecting essential services and assets including electricity, water, healthcare and groceries.
The strategy's objectives are to support critical infrastructure owners and operators in effectively managing risks through mature, risk-based and resilient approaches and in strengthening their security and resilience through regulatory frameworks and improved collaboration. It also seeks to deliver initiatives through strong industry-government partnerships.
The strategy highlights the continued partnership and close engagement between industry and government, empowered by the Trusted Information Sharing Network, to collaboratively uplift the security and resilience of Australia's critical infrastructure.
"The increasingly interconnected nature of critical infrastructure exposes vulnerabilities that could result in significant consequences to our security, economy and sovereignty," O'Neil says. "We need to ensure our critical infrastructure security arrangements keep pace with the evolving threat environment and continue to deliver the essential services we all rely on."