CISC Newsflash: Edition 13

From the Cyber and Infrastructure Security Centre

Welcome to the final Newsflash for 2023! What a year it’s been – from the launch of the Critical Infrastructure Resilience Strategy in February, all the way through to the launch of our new website in December – arrangements to uplift the security and resilience of Australia’s critical infrastructure have gone from strength-to-strength this year!

Of course owners and operators have been similarly busy, and many will remain so over the traditional festive season – to all those working hard to keep our shelves stocked, festive lights on, water flowing, and other critical and essential services running, we say ‘thank you’. Your contribution is integral to the security and resilience of the essential services all Australians rely.

We have big plans for 2024 and want your help to inform them! We’ve launched a survey to gauge your views on the way we engage publicaly – would you attend an in-person event in 2024? Are webinars more your thing? Love a good podcast for listening to on the drive home? Tell us! We’ll reflect on the feedback we receive and use it design and deliver the programs of engagement you want and need in 2024.

But as 2023 comes to a close, we reflect on the key moments and some of the most important developments and achievements – all of which, collectively, have contributed to the security and resilience of Australia’s critical infrastructure. Thank you for being on this journey with us.

Supporting industry

Throughout 2023 we made deliberate decisions to be an informative and supportive partner to owners and operators, and to improve and increase our services and engage innovatively and contemporarily.

A significant transition we supported industry through this year was the switch on and grace period for the Critical Infrastructure Risk Management Program obligation - or CIRMP.

On 17 February, the Minister for Home Affairs and Cyber Security, the Hon. Clare O’Neil MP, switched on the CIRMP Rules for entities captured by the obligation.

A six month grace period was then in effect, but as this came to an end, we held a number of town halls and released new guidance material on the CIRMP.

With the CIRMP grace period now ended (from 18 August), entities are expected to have implemented a risk management program for their critical infrastructure asset. The entity’s Board, council or other governing body must submit an annual report to the relevant Commonwealth regulator, and while the first mandatory annual report required is for the 2023-2024 Australian financial year, we strongly encourage entities to submit an annual report voluntarily for the 2022-2023 financial year. A number of entities have taken this opportunity.

Also in February, the Minister released the Critical Infrastructure Resilience Strategy and the Critical Infrastructure Resilience Plan. These documents provide the policy direction that underpins Australia’s approach to critical infrastructure resilience.

Improving our services

Expanding the Trusted Information Sharing Network (TISN) has been a big focus this year, and so we were pleased to establish the Land Transport, Government, Innovation, Higher Education and Research, and Mining Sector Groups. Expansion of the TISN is Activity 1 in the Critical Infrastructure Resilience Plan.

Earlier this year we also established a Space Weather Channel in the TISN’s cross-sector space. The Channel has information and links to space weather tracking, the Australian Space Weather Forecasting Centre and network. Critical infrastructure owners and operators can use the Channel to understand their own space weather needs, supporting preparedness, response, and resilience to significant space weather events.

AusCheck had a busy year improving on and launching new initiatives, including the identity assurance program (IAP) at Osborne Naval Shipyard (ONS). The ONS is Australia’s most advanced naval shipbuilding and sustainment site. The IAP consisted of background checks for all critical workers based at ONS and the issuing of Naval Shipbuilding and Sustainment Identity Cards. The AusCheck portal was also launched, accepting applications from responsible entities of critical infrastructure assets that wish to use AusCheck to provide background checks of their critical workers under their organisation’s critical infrastructure risk management program. AusCheck’s background checking portal is one way to mitigate the risk of malicious insiders.

The FIFA Women’s World Cup kicked off in July, with AusCheck providing a total of 39,000 background checks for both workers and volunteers, as it was a declared Major National Event. This ensured greater safety at the event and mitigated the personnel security risks posed by malicious insiders.

In December, we published our new website with enhancements that owners and operators have been asking for. Work was conducted to improve the overall user experience, navigation and content of the site. This improves accessibility, builds partnership channels, and supports and informs industry now and into the future.

Engaging innovatively

2023 saw a significant uplift in our efforts to engage innovatively and contemporarily. Most significantly, we hosted Australia’s first Cyber and Infrastructure Security Conference in March. It was a huge success with over 1,000 virtual participants and over 500 in person attendees.

We also broke new ground with the release of two new podcast series. The ‘Trusted Insider’ – a deep dive into personnel security risks – was followed quickly by our second series ‘Critical Conversations’ where we heard from a range of expert guests, including the Ukrainian Ambassador to Australia. Subscribe now!

One of our most significant efforts to engage critical infrastructure owners and operators occurred in November, when we held Australia’s inaugural Critical Infrastructure Security Month (CISM), which will be an ongoing annual event. Over CISM, we released the first Critical Infrastructure Annual Risk Review, hosted fireside chats, various events, and published our ‘Ask an Expert’ series! These activities gave voice to the partnerships that underpin Australia’s success – thank you to everyone who took part!

Final reminder! Don’t forget that the Screener Accreditation Scheme deadline – 31 December 2023 – is fast approaching. All screeners within the aviation sector need to be accredited by this date. The Scheme ensures a consistent national approach to screening standards.