CISC Newsflash: Edition 16

From the Cyber and Infrastructure Security Centre

Welcome to our third Newsflash for 2024, we can’t believe we are halfway through the year! We have been busy hosting our Critical Infrastructure Security Excellence Workshop series across Australia – you can read all about it below!

Exercise Aurora - Space Weather Exercise

On the 22nd and 23rd of May, we partnered with the National Emergency Management Agency (NEMA), the Bureau of Meteorology and Geoscience Australia to bring all levels of government and industry together to participate in Exercise Aurora. Exercise Aurora explored an extreme space weather event, in order to identify opportunities to enhance Australia’s ability to prepare for, respond to and recover from a novel event. Exercise Aurora focused on impacts to the telecommunication and energy sectors, with discussions that identified second and third order consequences. Exercise Aurora helped test current emergency management arrangements and processes. It was an opportunity for attendees to identify the vulnerabilities of infrastructure and to better understand how to prepare for, respond to and recover from these events.

5th Annual Global Maritime Transportation System Cyber Security Symposium

With 80% of global trade travelling by sea, all nations need to work together to develop the systems, processes and workforce that will ensure continued prosperity and resilience. In May, we travelled to London to participate in the 5th Annual Global Maritime Transportation System (GMTS) Cyber Security Symposium. The GMTSC24 brought over 170 delegates from government, industry and academia to discuss and collaborate on maritime cyber security to ensure a resilient and secure maritime domain. Assistant Secretary Crystol Fox (pictured upper right) provided an opening address outlining how the protection of Australia’s maritime and critical infrastructure assets are central to the protection of our way of life and our shared prosperity, as well as lessons learnt from cyber incidents which have impacted Australia. The increase in digitalisation of shipping presents a range of new threats and challenges that need to be addressed. On land, our port facilities are becoming increasingly reliant upon external services, cloud based processing, and extended digital supply chains. The GMTSC24 focused on building a global approach to sharing information, understanding our maritime supply chains and addressing problems together. Collectively, we can work towards uplifting the security and resilience of the maritime transportation system against significant security challenges.

Critical Infrastructure Risk Management Program (CIRMP) Annual Reports are due!

The Australian financial year has ended, which means responsible entities must submit their Critical Infrastructure Risk Management Program (CIRMP) Annual Report! Responsible entities have 90 days following the end of this financial year to submit their Annual Report to the relevant regulator. This first report covering the 2023- 2024 Australian financial year must be submitted by 28 September 2024.

To provide greater clarity, we have updated the web form to provide more guidance to responsible entities on information to include when they submit their Annual Report. The Annual Report is required to be in an approved form and to include:

• A declaration that the CIRMP was up to date at the end of the financial year,  whether a hazard occurred that had a significant relevant impact on an asset during the year,  whether any variations to the CIRMP were made during the year,
• whether the program was effective in mitigating any relevant impacts that hazards may have had on that asset during that year, and
• an attestation that the information contained within the Annual Report was approved by the Board or governing body of the entity.

The CIRMP is crucial to the uplift of security and resilience of critical infrastructure assets, click to learn more!

We engaged with industry and government in Western Australia and the Northern Territory!

During April, First Assistant Secretary Sally Pfeiffer and members of the maritime and aviation policy teams travelled to Perth Airport, as well as the Port and International Airport of Port Hedland in Western Australia. The team also visited Darwin International Airport and Darwin Port in the Northern Territory. There they discussed the importance of securing maritime, aviation and critical infrastructure assets, and the initiatives currently underway to uplift security and resilience.

Systems of National Significance Event

In June we hosted a meeting with the owners and operators of Australia’s most important critical infrastructure assets – Systems of National Significance (SoNS). SoNS are a smaller subset of critical infrastructure assets that are deemed crucial to the nation, by virtue of their interdependencies across sectors and potential for cascading consequences to other critical infrastructure assets and essential services if disrupted. The event was a great opportunity for key government and industry partners to share information and network across sectors, with a dedicated focus on uplifting cyber security and resilience.

Striving for Security Excellence - Critical Infrastructure Security Excellence Workshops

We kicked off our Critical Infrastructure Security Excellence Workshop series in Adelaide in May! We are holding workshops in every state and territory capital city. Critical infrastructure owners and operators, government leaders, members of the business community and academia were brought together to discuss the resilience uplift of Australia’s critical infrastructure assets and supply chains. The workshops have focused on an all-hazards risk management approach to support Australian critical infrastructure entities. It is more important than ever to ensure Australia’s critical infrastructure assets have robust security practices in place to identify, prevent and mitigate risks!

Workshop attendees engaged with a range of presentations and discussions with key government and industry representatives and were provided:

• tools and information,
• real-life case studies, and
• an interactive deep dive activity.

The deep dive activity is focused on preparedness and interdependencies amongst critical infrastructure entities and supply chains. The activity was based on an escalating threat scenario which aimed to:

• improve stakeholder awareness of the responsible authorities during an incident,
• promote preparedness and the importance of vulnerability assessments, and
• ensure a clear understanding of sector interdependencies.

During June we held workshops in Darwin and Melbourne. There were presentations from industry and government leaders on past experiences, best practice guidance, specific threats targeting critical infrastructure jurisdictionally and actionable strategies.

Deputy Secretary Hamish Hansford delivered the keynote address to our Northern Territory stakeholders and discussed the current landscape and how entities can collaborate with government to continue to uplift the protection of their assets. Our workshop program also includes a panel discussion on all-hazards risk management with a focus on best practice approaches, featuring expert industry guests.

The panel guests prompted insightful discussions between sectors and identified key areas for greater engagement with industry to ensure a collaborative approach to uplifting the security of Australia's critical infrastructure assets.

Don’t miss the opportunity to support the security and resilience uplift of critical infrastructure assets and supply chains, and network with government and industry representatives.

Register for your nearest workshop, here!

Don’t forget to follow the CISC on X, LinkedIn and Instagram!