{"id":77978,"date":"2023-02-22T06:00:41","date_gmt":"2023-02-21T19:00:41","guid":{"rendered":"https:\/\/www.aspistrategist.ru\/?p=77978"},"modified":"2023-02-22T16:31:55","modified_gmt":"2023-02-22T05:31:55","slug":"infrastructure-operators-need-access-to-intelligence-to-protect-their-assets","status":"publish","type":"post","link":"https:\/\/www.aspistrategist.ru\/infrastructure-operators-need-access-to-intelligence-to-protect-their-assets\/","title":{"rendered":"Infrastructure operators need access to intelligence to protect their assets"},"content":{"rendered":"
<\/figure>\n

Home Affairs Minister Clare O\u2019Neil launched<\/a> the government\u2019s \u2018critical infrastructure risk management program<\/a>\u2019 yesterday. The minister is clearly focused on preventing a repeat of last year\u2019s high-profile and publicly contentious hacks of Optus and Medibank<\/a>. The new program\u2019s broad, all-hazards approach to the resilience of our critical national infrastructure illustrates an enhanced security posture in response to the heightened security threats that Australia now faces.<\/p>\n

Unlikely due to coincidence, O\u2019Neil launched the program hours before ASIO Director-General Mike Burgess released his annual threat assessment. It revealed espionage and foreign interference now surpass terrorism as Australia\u2019s most significant security threats. Protective security, including physical, and cyber security, will be critical to the government\u2019s policy responses to this assessment. The government cannot ensure that protection without collaboration with the private sector.<\/p>\n

The risk-management program rules are the third and final security obligation legislated in recent amendments to the Security of Critical Infrastructure Act 2018<\/em><\/a>.<\/em><\/p>\n

The rules apply to a range of critical infrastructure assets, from energy and medicine to food and communication.<\/p>\n

For operators of these assets, especially their directors and boards, the program introduces new obligations for protecting critical infrastructure from cyber and physical attacks and disruptions. In government-speak, these responsible entities must \u2018take a holistic and proactive approach toward identifying, preventing and mitigating risks\u2019.<\/p>\n

In the past, the federal government\u2019s critical infrastructure resilience has had a sharp cyber focus, and this should remain a strong priority. But Australia needs an integrated approach to critical infrastructure security and national resilience. The new risk-management program understandably adopts an all-hazards approach encompassing the full spectrum of security risks\u2014physical security, cyber and information security, and personnel security\u2014along with supply-chain risks.<\/p>\n

Physical security risks relate to protecting parts of an asset critical to its functioning, including protection against physical access to sensitive facilities and natural disasters.<\/p>\n

Cyber and information security encompass the risks to digital systems, computers, datasets and networks that underpin critical infrastructure systems. These risks include improper access, misuse and unauthorised control.<\/p>\n

Personnel security relates to the \u2018trusted insider\u2019 risk posed by critical workers who have the access and ability to disrupt the functioning of an asset.<\/p>\n

Supply-chain risks relate to disruption directly affecting a critical infrastructure asset. The threat could be naturally occurring, malicious or purposefully intended to compromise the asset.<\/p>\n

It\u2019s clear that the program places obligations on entities responsible for relevant critical infrastructure assets. But the government has stopped short of providing definitive security requirements. Instead, it has adopted a principles-based approach that places the onus on the industry to act to mitigate risks, but only \u2018so far as is reasonably practicable\u2019. In determining what is reasonably practicable, entities are advised to \u2018appropriately balance the costs of risk mitigation measures with the impact of those measures in reducing material risk within their own operational context\u2019.<\/p>\n

To identify reasonably practicable measures to mitigate a risk, operators must undertake detailed risk assessments that consider the consequences and likelihood of an event occurring. Central to this, especially for malicious, non-natural-disaster risks, is an understanding of the threats they face and of the capability, intent and opportunity of an individual, group or country to carry out those threats.<\/p>\n

Under the risk-management program, operators, not the government, own the risk. Ensuring that the private sector\u2014which now largely owns and operates such critical infrastructure\u2014takes responsibility for due diligence is a vital requirement. However, with the program\u2019s introduction, the government now has an implied enhanced obligation to provide industry with clear, concise and actionable assessments of the threats they must deal with. Implementing the risk-management program will be challenging given that much of the collaboration between the private and public sectors will require access to government information that is often highly classified. This problem will become even more complicated because our nation\u2019s security and sovereignty will require the government to provide industry guidance on issues such as the material risk of Chinese artificial-intelligence-enabled products and services, for example.<\/p>\n

The risk-management program mandates an annual reporting requirement for entities to provide assurances to the government of their management of security risks. And noncompliance comes with civil penalties. Without regular access to threat intelligence, it is unclear how entities can make risk-mitigation assessments or identify their vulnerabilities.<\/p>\n

The government, while avoiding highlighting specific threats publicly, is enhancing the nation\u2019s security posture. The new risk-management program is a positive step forward for Australian national security and resilience. Still, it will require significant further steps, in particular to ensure that collaboration goes beyond consultation and becomes genuine public\u2013private sector partnerships, to fully counter the threats and realise the full benefits.<\/p>\n","protected":false},"excerpt":{"rendered":"

Home Affairs Minister Clare O\u2019Neil launched the government\u2019s \u2018critical infrastructure risk management program\u2019 yesterday. The minister is clearly focused on preventing a repeat of last year\u2019s high-profile and publicly contentious hacks of Optus and Medibank. …<\/p>\n","protected":false},"author":310,"featured_media":77981,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_mi_skip_tracking":false,"footnotes":""},"categories":[1],"tags":[416,391,1966,35,2750],"class_list":["post-77978","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-general","tag-australian-government","tag-cyber","tag-home-affairs","tag-risk","tag-supply-chain"],"acf":[],"yoast_head":"\nInfrastructure operators need access to intelligence to protect their assets | The Strategist<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.aspistrategist.ru\/infrastructure-operators-need-access-to-intelligence-to-protect-their-assets\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Infrastructure operators need access to intelligence to protect their assets | The Strategist\" \/>\n<meta property=\"og:description\" content=\"Home Affairs Minister Clare O\u2019Neil launched the government\u2019s \u2018critical infrastructure risk management program\u2019 yesterday. The minister is clearly focused on preventing a repeat of last year\u2019s high-profile and publicly contentious hacks of Optus and Medibank. ...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.aspistrategist.ru\/infrastructure-operators-need-access-to-intelligence-to-protect-their-assets\/\" \/>\n<meta property=\"og:site_name\" content=\"The Strategist\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/ASPI.org\" \/>\n<meta property=\"article:published_time\" content=\"2023-02-21T19:00:41+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-02-22T05:31:55+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2023\/02\/GettyImages-1404182776.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1024\" \/>\n\t<meta property=\"og:image:height\" content=\"683\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"John Coyne\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@ASPI_org\" \/>\n<meta name=\"twitter:site\" content=\"@ASPI_org\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"John Coyne\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.aspistrategist.ru\/#website\",\"url\":\"https:\/\/www.aspistrategist.ru\/\",\"name\":\"The Strategist\",\"description\":\"ASPI's analysis and commentary site\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.aspistrategist.ru\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-AU\"},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-AU\",\"@id\":\"https:\/\/www.aspistrategist.ru\/infrastructure-operators-need-access-to-intelligence-to-protect-their-assets\/#primaryimage\",\"url\":\"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2023\/02\/GettyImages-1404182776.jpg\",\"contentUrl\":\"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2023\/02\/GettyImages-1404182776.jpg\",\"width\":1024,\"height\":683,\"caption\":\"SYDNEY, AUSTRALIA - JUNE 21: Office buildings are seen illuminated in the central business district on June 21, 2022 in Sydney, Australia. The Australian Energy Market Operator (AEMO) indefinitely suspended spot markets in all regions of its National Electricity Market on June 15th citing critical power generation supply shortfalls and being unable to operate within the rules. Energy prices are rising steeply across the country and are expected to remain high for at least two years. (Photo by Lisa Maree Williams\/Getty Images)\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.aspistrategist.ru\/infrastructure-operators-need-access-to-intelligence-to-protect-their-assets\/\",\"url\":\"https:\/\/www.aspistrategist.ru\/infrastructure-operators-need-access-to-intelligence-to-protect-their-assets\/\",\"name\":\"Infrastructure operators need access to intelligence to protect their assets | The Strategist\",\"isPartOf\":{\"@id\":\"https:\/\/www.aspistrategist.ru\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.aspistrategist.ru\/infrastructure-operators-need-access-to-intelligence-to-protect-their-assets\/#primaryimage\"},\"datePublished\":\"2023-02-21T19:00:41+00:00\",\"dateModified\":\"2023-02-22T05:31:55+00:00\",\"author\":{\"@id\":\"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/a67980596297e3db4ad0b3fde70aa778\"},\"breadcrumb\":{\"@id\":\"https:\/\/www.aspistrategist.ru\/infrastructure-operators-need-access-to-intelligence-to-protect-their-assets\/#breadcrumb\"},\"inLanguage\":\"en-AU\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.aspistrategist.ru\/infrastructure-operators-need-access-to-intelligence-to-protect-their-assets\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.aspistrategist.ru\/infrastructure-operators-need-access-to-intelligence-to-protect-their-assets\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.aspistrategist.ru\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Infrastructure operators need access to intelligence to protect their assets\"}]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/a67980596297e3db4ad0b3fde70aa778\",\"name\":\"John Coyne\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-AU\",\"@id\":\"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/e84af569f04d25615d1447d4fe1908a9?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/e84af569f04d25615d1447d4fe1908a9?s=96&d=mm&r=g\",\"caption\":\"John Coyne\"},\"url\":\"https:\/\/www.aspistrategist.ru\/author\/john-coyne\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Infrastructure operators need access to intelligence to protect their assets | The Strategist","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.aspistrategist.ru\/infrastructure-operators-need-access-to-intelligence-to-protect-their-assets\/","og_locale":"en_US","og_type":"article","og_title":"Infrastructure operators need access to intelligence to protect their assets | The Strategist","og_description":"Home Affairs Minister Clare O\u2019Neil launched the government\u2019s \u2018critical infrastructure risk management program\u2019 yesterday. The minister is clearly focused on preventing a repeat of last year\u2019s high-profile and publicly contentious hacks of Optus and Medibank. ...","og_url":"https:\/\/www.aspistrategist.ru\/infrastructure-operators-need-access-to-intelligence-to-protect-their-assets\/","og_site_name":"The Strategist","article_publisher":"https:\/\/www.facebook.com\/ASPI.org","article_published_time":"2023-02-21T19:00:41+00:00","article_modified_time":"2023-02-22T05:31:55+00:00","og_image":[{"width":1024,"height":683,"url":"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2023\/02\/GettyImages-1404182776.jpg","type":"image\/jpeg"}],"author":"John Coyne","twitter_card":"summary_large_image","twitter_creator":"@ASPI_org","twitter_site":"@ASPI_org","twitter_misc":{"Written by":"John Coyne","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebSite","@id":"https:\/\/www.aspistrategist.ru\/#website","url":"https:\/\/www.aspistrategist.ru\/","name":"The Strategist","description":"ASPI's analysis and commentary site","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.aspistrategist.ru\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-AU"},{"@type":"ImageObject","inLanguage":"en-AU","@id":"https:\/\/www.aspistrategist.ru\/infrastructure-operators-need-access-to-intelligence-to-protect-their-assets\/#primaryimage","url":"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2023\/02\/GettyImages-1404182776.jpg","contentUrl":"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2023\/02\/GettyImages-1404182776.jpg","width":1024,"height":683,"caption":"SYDNEY, AUSTRALIA - JUNE 21: Office buildings are seen illuminated in the central business district on June 21, 2022 in Sydney, Australia. The Australian Energy Market Operator (AEMO) indefinitely suspended spot markets in all regions of its National Electricity Market on June 15th citing critical power generation supply shortfalls and being unable to operate within the rules. Energy prices are rising steeply across the country and are expected to remain high for at least two years. (Photo by Lisa Maree Williams\/Getty Images)"},{"@type":"WebPage","@id":"https:\/\/www.aspistrategist.ru\/infrastructure-operators-need-access-to-intelligence-to-protect-their-assets\/","url":"https:\/\/www.aspistrategist.ru\/infrastructure-operators-need-access-to-intelligence-to-protect-their-assets\/","name":"Infrastructure operators need access to intelligence to protect their assets | The Strategist","isPartOf":{"@id":"https:\/\/www.aspistrategist.ru\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.aspistrategist.ru\/infrastructure-operators-need-access-to-intelligence-to-protect-their-assets\/#primaryimage"},"datePublished":"2023-02-21T19:00:41+00:00","dateModified":"2023-02-22T05:31:55+00:00","author":{"@id":"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/a67980596297e3db4ad0b3fde70aa778"},"breadcrumb":{"@id":"https:\/\/www.aspistrategist.ru\/infrastructure-operators-need-access-to-intelligence-to-protect-their-assets\/#breadcrumb"},"inLanguage":"en-AU","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.aspistrategist.ru\/infrastructure-operators-need-access-to-intelligence-to-protect-their-assets\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.aspistrategist.ru\/infrastructure-operators-need-access-to-intelligence-to-protect-their-assets\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.aspistrategist.ru\/"},{"@type":"ListItem","position":2,"name":"Infrastructure operators need access to intelligence to protect their assets"}]},{"@type":"Person","@id":"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/a67980596297e3db4ad0b3fde70aa778","name":"John Coyne","image":{"@type":"ImageObject","inLanguage":"en-AU","@id":"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/e84af569f04d25615d1447d4fe1908a9?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/e84af569f04d25615d1447d4fe1908a9?s=96&d=mm&r=g","caption":"John Coyne"},"url":"https:\/\/www.aspistrategist.ru\/author\/john-coyne\/"}]}},"_links":{"self":[{"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/posts\/77978"}],"collection":[{"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/users\/310"}],"replies":[{"embeddable":true,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/comments?post=77978"}],"version-history":[{"count":5,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/posts\/77978\/revisions"}],"predecessor-version":[{"id":78008,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/posts\/77978\/revisions\/78008"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/media\/77981"}],"wp:attachment":[{"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/media?parent=77978"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/categories?post=77978"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/tags?post=77978"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}