The Australian Cyber and Infrastructure Security Centre (CISC) announced on Tuesday the designation of 46 additional critical infrastructure assets as Systems of National Significance. The initiative is part of the Australian government’s ongoing efforts to enhance the cyber resilience of the nation’s vital infrastructure. With this latest declaration, the total number of such systems now exceeds 200, spanning sectors like energy, communications, transport, financial services, food and grocery, and data storage or processing. This collaboration between the government and businesses aims to strengthen national security.
Being declared a System of National Significance means the Australian Government can apply a robust set of enhanced cyber security obligations on the owners and operators of those assets, to better protect Australians. These obligations include developing incident response plans to prepare for a cyber attack, undertaking cyber security exercises to build cyber preparedness, undertaking assessments to identify and fix vulnerabilities, and providing system information to the Australian Signals Directorate to develop and maintain a near real-time threat picture.
Systems of National Significance are privately declared under section 52B of the Security of Critical Infrastructure Act 2018. However, the list of Systems of National Significance is not released publicly to protect Australian national security.
“These declarations will ensure industry has the plans in place to protect Australia’s most essential critical infrastructure,” Tony Burke, Australia’s Minister for Home Affairs and Cyber Security, said in a media statement. “Critical infrastructure networks globally are being targeted by malicious actors and Australia is not immune.”
Burke added that the Australian government “is relentlessly focused every day on helping our country prepare for and safeguard against a significant cyber attack or other attempts to undermine our critical systems, but it’s not something we can do alone. The Government appreciates the owners and operators of Systems of National Significance for joining us in the fight against malicious actors and protection our national security.”
In Australia, this month is Critical Infrastructure Security Month (CISM) and this year’s theme is Critical Infrastructure Risk Management: A Shared Responsibility. The announcement is another measure taken to ensure owners and operators of these assets have the plans in place to prepare for and safeguard against threats to Australia’s most essential critical infrastructure.
CISM is a month of national focus and action dedicated to uplifting the security and resilience of critical infrastructure across Australia, and to reflect on the partnerships that underpin the nation’s shared security and prosperity.
Last month, the Australian government released a Cyber Security Legislation Package to enhance the security and resilience of Australia’s cyber environment and critical infrastructure. Subject to the passage of the ‘Cyber Security Bill 2024’ legislation this week, Australia will have its first standalone Cyber Security Act to ensure strong laws and protections through a clear legislative framework. The proposed bill prescribes minimum security standards for smart devices, ransomware reporting obligations, ‘limited use’ obligations for the National Cyber Security Coordinator and the Australian Signals Directorate (ASD); and a Cyber Incident Review Board.