{"id":36141,"date":"2017-12-07T12:01:52","date_gmt":"2017-12-07T01:01:52","guid":{"rendered":"https:\/\/www.aspistrategist.ru\/?p=36141"},"modified":"2017-12-07T12:01:52","modified_gmt":"2017-12-07T01:01:52","slug":"critical-infrastructure-protection-is-everyone-ready","status":"publish","type":"post","link":"https:\/\/www.aspistrategist.ru\/critical-infrastructure-protection-is-everyone-ready\/","title":{"rendered":"Critical infrastructure protection: is everyone ready?"},"content":{"rendered":"<figure><img loading=\"lazy\" decoding=\"async\" width=\"640\" height=\"480\" class=\"size-full wp-image-36146 aligncenter\" src=\"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2017\/12\/5276853443_25320b6604_z-1.jpg\" srcset=\"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2017\/12\/5276853443_25320b6604_z-1.jpg 640w, https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2017\/12\/5276853443_25320b6604_z-1-205x154.jpg 205w\" sizes=\"(max-width: 640px) 100vw, 640px\" \/><\/figure>\n<p>Some watershed changes have been announced across our national security domain this year. A <a href=\"https:\/\/www.aph.gov.au\/About_Parliament\/Parliamentary_Departments\/Parliamentary_Library\/pubs\/rp\/rp1718\/Quick_Guides\/HomeAffairs\">home affairs department<\/a> is being established to act as a \u2018portfolio agency\u2019 for ASIO, the AFP, the Australian Border Force, the Australian Criminal Intelligence Commission, AUSTRAC and the Office of Transport Security. We\u2019re also getting a new <a href=\"http:\/\/www.abc.net.au\/news\/2017-07-19\/peter-dutton-promotion-overshadows-intelligence-agency-shake-up\/8723712\">Office of National Intelligence<\/a> (maybe better badged as the Office of Surprise Management), headed by a director-general who will be the prime minister\u2019s principal adviser on matters relating to the national intelligence community.<\/p>\n<p>But one national security development has largely flown under the radar. In January, a <a href=\"https:\/\/www.ag.gov.au\/NationalSecurity\/InfrastructureResilience\/Pages\/default.aspx\">Critical Infrastructure Centre<\/a> was set up in the Attorney-General\u2019s Department to assess the risk of sabotage, espionage and coercion on telecommunications, electricity, water and maritime ports arising from foreign involvement in those sectors.<\/p>\n<p>While media attention has been elsewhere, there\u2019s been a flurry of legislation\u2014newly enacted, drafts released for comment, and new pieces to be put before parliament\u2014all with relevance to the new centre.<\/p>\n<p>One of those is a recently released <a href=\"https:\/\/www.ag.gov.au\/Consultations\/Documents\/critical-infrastructure-bill\/Exposure-Draft-Security-of-Critical-Infrastructure-Bill.pdf\">draft bill<\/a> on the security of critical infrastructure. It aims to strengthen the government\u2019s capacity to manage the national security issues that arise from foreign ownership of key categories of infrastructure, while minimising the regulatory impact and maintaining an open investment policy.<\/p>\n<p>The bill provides for two central measures. The first is the development of a register of critical infrastructure assets covering maritime ports, electricity and water in the states and territories. Owners and operators will be required to provide information about the groups and individuals that have a direct interest (legal, equitable, lease or licensing) in an asset, including the level of control they have over the asset.<\/p>\n<p>The second measure provides for a federal minister to issue a \u2018last resort\u2019 directive to the owner or operator of a critical asset if security vulnerabilities are detected and aren\u2019t corrected or if there are no existing regulatory frameworks that can be used to enforce risk mitigation. Unaddressed vulnerabilities such as gaps in the quality of institutional security policies (including data and physical security); the effectiveness of security audit regimes; and the adequacy of emergency management plans, regulatory regimes and control systems may be the sorts of conditions that would trigger a \u2018last resort\u2019 directive.<\/p>\n<p>In addition, last month the government passed <a href=\"https:\/\/www.legislation.gov.au\/Details\/C2017A00111\">legislation<\/a> that will oblige telecommunications service providers and intermediaries to protect the networks and facilities they own, operate or use from unauthorised interference or access. The aim is to ensure the availability and integrity of facilities and their control networks, and so protect the confidentiality of information stored in or carried on them.<\/p>\n<p>Allied with the protective focus of these legislative steps are <a href=\"http:\/\/www.theage.com.au\/federal-politics\/political-news\/foreign-spies-lobbyists-and-donations-targeted-in-new-interference-laws-20171114-gzkzzu.html\">a series of sanctions<\/a> soon to be introduced into parliament targeting the \u2018so-called \u201csub-espionage\u201d level of foreign interference such as individuals covertly lobbying, infiltrating or donating to political parties on behalf of foreign governments\u2019.<\/p>\n<p>While the logic of this trifecta of legislation seems sound, implementation may not be straightforward. At least <a href=\"https:\/\/www.ag.gov.au\/Consultations\/Documents\/Strengthening-national-security-infrastructure\/CIC-Submission-Queensland-Government.pdf\">one state has noted<\/a> that \u2018significant details in the design and implementation of the proposed reforms are still being developed\u2019 and that \u2018the best result will be achieved through ongoing and structured consultation with the states and territories\u2019. This view suggests that federal intent is moving faster than state readiness currently allows.<\/p>\n<p>But are there instances where a \u2018last resort\u2019 federal intervention is warranted? <a href=\"http:\/\/www.parliament.qld.gov.au\/Documents\/TableOffice\/TabledPapers\/2017\/5517T1049.pdf\">A recent Queensland Audit Office assessment<\/a> of the adequacy of cybersecurity controls in potable water and wastewater services suggests that there are. The Audit Office concluded that while infrastructure operators were able to self-assess their capability to respond to information security incidents, they weren\u2019t well prepared to effectively respond to, or recover from, intentional cyberattacks.<\/p>\n<p>Those findings raise concerns about a repeat of <a href=\"https:\/\/link.springer.com\/content\/pdf\/10.1007%2F978-0-387-75462-8_6.pdf\">an incident more than a decade ago<\/a> when an intentional cyber disruption of a waste treatment plant\u2019s control systems in the Maroochy Shire in southern Queensland resulted in a significant release of raw sewage into the community.<\/p>\n<p>However, coercive federal intervention with state-based water-related utilities might not be a simple step because most local government water assets are incorporated as <a href=\"https:\/\/www.urbanutilities.com.au\/about-us\/who-we-are\">regional statutory bodies<\/a> with local councils as shareholders. Thus, governance across three levels of government may add complexity if federal intervention into local-government-controlled assets is questioned.<\/p>\n<p>The federal government has begun a very busy legislative phase and the policy agenda aligned to the work of the Critical Infrastructure Centre is progressing quickly. The many moving parts in Australia\u2019s national security community create the potential for uncertainty in the application and interpretation of the suite of new and proposed legislation.<\/p>\n<p>It\u2019s also unclear whether the Critical Infrastructure Centre, as a new entity, has the expertise and capacity to both inform foreign investment review decisions and protect infrastructure from intentional disruption. Those are two very different tasks. \u00a0The Critical Infrastructure Centre can\u2019t be expected to cover all bases.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Some watershed changes have been announced across our national security domain this year. A home affairs department is being established to act as a \u2018portfolio agency\u2019 for ASIO, the AFP, the Australian Border Force, the &#8230;<\/p>\n","protected":false},"author":453,"featured_media":36146,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_mi_skip_tracking":false,"footnotes":""},"categories":[1],"tags":[1395,95,1180,914],"class_list":["post-36141","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-general","tag-critical-infrastructure","tag-cyber-security","tag-homeland-security","tag-internet-of-things"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v19.3 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Critical infrastructure protection: is everyone ready? | The Strategist<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.aspistrategist.ru\/critical-infrastructure-protection-is-everyone-ready\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Critical infrastructure protection: is everyone ready? | The Strategist\" \/>\n<meta property=\"og:description\" content=\"Some watershed changes have been announced across our national security domain this year. A home affairs department is being established to act as a \u2018portfolio agency\u2019 for ASIO, the AFP, the Australian Border Force, the ...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.aspistrategist.ru\/critical-infrastructure-protection-is-everyone-ready\/\" \/>\n<meta property=\"og:site_name\" content=\"The Strategist\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/ASPI.org\" \/>\n<meta property=\"article:published_time\" content=\"2017-12-07T01:01:52+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2017\/12\/5276853443_25320b6604_z-1.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"640\" \/>\n\t<meta property=\"og:image:height\" content=\"480\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Paul Barnes\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@ASPI_org\" \/>\n<meta name=\"twitter:site\" content=\"@ASPI_org\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Paul Barnes\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.aspistrategist.ru\/#website\",\"url\":\"https:\/\/www.aspistrategist.ru\/\",\"name\":\"The Strategist\",\"description\":\"ASPI&#039;s analysis and commentary site\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.aspistrategist.ru\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-AU\"},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-AU\",\"@id\":\"https:\/\/www.aspistrategist.ru\/critical-infrastructure-protection-is-everyone-ready\/#primaryimage\",\"url\":\"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2017\/12\/5276853443_25320b6604_z-1.jpg\",\"contentUrl\":\"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2017\/12\/5276853443_25320b6604_z-1.jpg\",\"width\":640,\"height\":480},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.aspistrategist.ru\/critical-infrastructure-protection-is-everyone-ready\/\",\"url\":\"https:\/\/www.aspistrategist.ru\/critical-infrastructure-protection-is-everyone-ready\/\",\"name\":\"Critical infrastructure protection: is everyone ready? | The Strategist\",\"isPartOf\":{\"@id\":\"https:\/\/www.aspistrategist.ru\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.aspistrategist.ru\/critical-infrastructure-protection-is-everyone-ready\/#primaryimage\"},\"datePublished\":\"2017-12-07T01:01:52+00:00\",\"dateModified\":\"2017-12-07T01:01:52+00:00\",\"author\":{\"@id\":\"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/b0bd9a51a293952e41d19f0cdbe652bc\"},\"breadcrumb\":{\"@id\":\"https:\/\/www.aspistrategist.ru\/critical-infrastructure-protection-is-everyone-ready\/#breadcrumb\"},\"inLanguage\":\"en-AU\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.aspistrategist.ru\/critical-infrastructure-protection-is-everyone-ready\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.aspistrategist.ru\/critical-infrastructure-protection-is-everyone-ready\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.aspistrategist.ru\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Critical infrastructure protection: is everyone ready?\"}]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/b0bd9a51a293952e41d19f0cdbe652bc\",\"name\":\"Paul Barnes\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-AU\",\"@id\":\"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/8eb629063b124cc3029942f86ca70905?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/8eb629063b124cc3029942f86ca70905?s=96&d=mm&r=g\",\"caption\":\"Paul Barnes\"},\"url\":\"https:\/\/www.aspistrategist.ru\/author\/paul-barnes\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Critical infrastructure protection: is everyone ready? | The Strategist","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.aspistrategist.ru\/critical-infrastructure-protection-is-everyone-ready\/","og_locale":"en_US","og_type":"article","og_title":"Critical infrastructure protection: is everyone ready? | The Strategist","og_description":"Some watershed changes have been announced across our national security domain this year. A home affairs department is being established to act as a \u2018portfolio agency\u2019 for ASIO, the AFP, the Australian Border Force, the ...","og_url":"https:\/\/www.aspistrategist.ru\/critical-infrastructure-protection-is-everyone-ready\/","og_site_name":"The Strategist","article_publisher":"https:\/\/www.facebook.com\/ASPI.org","article_published_time":"2017-12-07T01:01:52+00:00","og_image":[{"width":640,"height":480,"url":"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2017\/12\/5276853443_25320b6604_z-1.jpg","type":"image\/jpeg"}],"author":"Paul Barnes","twitter_card":"summary_large_image","twitter_creator":"@ASPI_org","twitter_site":"@ASPI_org","twitter_misc":{"Written by":"Paul Barnes","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebSite","@id":"https:\/\/www.aspistrategist.ru\/#website","url":"https:\/\/www.aspistrategist.ru\/","name":"The Strategist","description":"ASPI&#039;s analysis and commentary site","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.aspistrategist.ru\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-AU"},{"@type":"ImageObject","inLanguage":"en-AU","@id":"https:\/\/www.aspistrategist.ru\/critical-infrastructure-protection-is-everyone-ready\/#primaryimage","url":"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2017\/12\/5276853443_25320b6604_z-1.jpg","contentUrl":"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2017\/12\/5276853443_25320b6604_z-1.jpg","width":640,"height":480},{"@type":"WebPage","@id":"https:\/\/www.aspistrategist.ru\/critical-infrastructure-protection-is-everyone-ready\/","url":"https:\/\/www.aspistrategist.ru\/critical-infrastructure-protection-is-everyone-ready\/","name":"Critical infrastructure protection: is everyone ready? | The Strategist","isPartOf":{"@id":"https:\/\/www.aspistrategist.ru\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.aspistrategist.ru\/critical-infrastructure-protection-is-everyone-ready\/#primaryimage"},"datePublished":"2017-12-07T01:01:52+00:00","dateModified":"2017-12-07T01:01:52+00:00","author":{"@id":"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/b0bd9a51a293952e41d19f0cdbe652bc"},"breadcrumb":{"@id":"https:\/\/www.aspistrategist.ru\/critical-infrastructure-protection-is-everyone-ready\/#breadcrumb"},"inLanguage":"en-AU","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.aspistrategist.ru\/critical-infrastructure-protection-is-everyone-ready\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.aspistrategist.ru\/critical-infrastructure-protection-is-everyone-ready\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.aspistrategist.ru\/"},{"@type":"ListItem","position":2,"name":"Critical infrastructure protection: is everyone ready?"}]},{"@type":"Person","@id":"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/b0bd9a51a293952e41d19f0cdbe652bc","name":"Paul Barnes","image":{"@type":"ImageObject","inLanguage":"en-AU","@id":"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/8eb629063b124cc3029942f86ca70905?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/8eb629063b124cc3029942f86ca70905?s=96&d=mm&r=g","caption":"Paul Barnes"},"url":"https:\/\/www.aspistrategist.ru\/author\/paul-barnes\/"}]}},"_links":{"self":[{"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/posts\/36141"}],"collection":[{"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/users\/453"}],"replies":[{"embeddable":true,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/comments?post=36141"}],"version-history":[{"count":4,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/posts\/36141\/revisions"}],"predecessor-version":[{"id":36147,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/posts\/36141\/revisions\/36147"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/media\/36146"}],"wp:attachment":[{"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/media?parent=36141"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/categories?post=36141"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/tags?post=36141"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}