Critical infrastructure resilience

Critical infrastructure provides services that are essential for everyday life such as energy, food, water, transport, communications, health and banking and finance.

Secure and resilient infrastructure supports productivity, and helps to drive the business activity that underpins economic growth.

A disruption to critical infrastructure could have serious implications for business, governments and the community, impacting supply security and service continuity.

The Critical Infrastructure Resilience Strategy, which comprises a policy statement and a plan for practical implementation, aims to ensure the continued operation of critical infrastructure in the face of all hazards.

The Department of Home Affairs is the lead Australian Government agency for critical infrastructure. We are responsible for the Critical Infrastructure Centre and managing the Trusted Information Sharing Network (TISN), an environment where business and government can share information on critical infrastructure vulnerabilities and techniques to assess and mitigate risk.

Critical Infrastructure Centre

The Critical Infrastructure Centre safeguards Australia from the increasingly complex national security risks of sabotage, espionage or coercion. The Centre works across all eight critical infrastructure sectors: banking and finance; Commonwealth government; communications; energy; food and grocery; health; transport; and water.

The Centre does this by:

  • identifying our most critical infrastructure
  • developing coordinated, whole-of-government national security risk assessments and security advice
  • developing risk management strategies
  • supporting compliance.

The Centre helps state and territory governments, regulators and owners and operators to better understand and manage risk, and build resilience.

The Centre has published a short guidance document to support owners and operators to protect critical infrastructure assets from foreign involvement risks, with a particular focus on supply chains. The guidance document can be downloaded here:

The Centre also complements and supports initiatives under the Cyber Security Strategy, which aims to boost partnerships with critical infrastructure owners and operators, raise awareness and understanding of cyber security issues and promote strong cyber defences of Australia's networks and systems.

More information about the centre is available in the following fact sheet:

Through CERT Australia, we are working closely with industry to help mitigate cyber risks, including through the establishment of the Joint Cyber Security Centres.

Security of Critical Infrastructure Act 2018

The Security of Critical Infrastructure Act 2018 (the Act) seeks to manage the complex and evolving national security risks of sabotage, espionage and coercion posed by foreign involvement in Australia's critical infrastructure. The Act applies to approximately 165 assets in the electricity, gas, water and ports sectors.

The Act and its obligations for owners and operators will commence on 11 July 2018. 

The three key elements of the Act are: 

  • a Register of Critical Infrastructure Assets – the register will build a clearer picture of critical infrastructure ownership and control in high-risk sectors, and support more proactive management of the risks these assets face.  Owners and operators of relevant critical infrastructure assets will have six months from 11 July 2018 to register ownership and operational information on the register
  • an information gathering power – the Secretary of the Department of Home affairs will have the power to obtain more detailed information from owners and operators of assets in certain circumstances to support the work of the Centre
  • a Ministerial directions power – the Minister for Home Affairs will have the ability to direct an owner or operator of critical infrastructure to do, or not do, a specified thing to mitigate against a national security risk where all other mechanisms to mitigate the risk have been exhausted.

We are committed to ensuring stakeholders are supported through the three month implementation period and understand their obligations under these news laws. 

The Security of Critical Infrastructure Act and Explanatory Memorandum are available on the Federal Register of Legislation website.

More information about coverage and obligations under the Act is available in the following fact sheets:

Risk assessments

The centre assesses the risks of espionage, sabotage and coercion that may arise or increase from a change of ownership, conducts a strategic risk assessment, and then designs proportionate mitigations. The risks we assess fall into four categories: people, systems and data, physical, and strategic.

We conduct our risk assessments in close consultation with state and territory governments, regulators and private owners and operators, particularly to understand vulnerabilities. Information that we may require from companies to inform our understanding of vulnerability includes:

  • company’s security policies, i.e. data security and physical security
  • security audits undertaken by a company
  • emergency management plans
  • redundancies
  • offshoring and outsourcing of operations
  • existing regulatory regimes and controls.

These risk assessments take the form of proactive and reactive assessments.

Proactive risk assessments will provide a better understanding of where risks exist in a sector. We will undertake them in collaboration with states, territories and industry, focusing on the four high-risk sectors of telecommunications, electricity, water and ports.

Reactive risk assessments are asset-specific, and developed to support government decision-making, including Foreign Investment Review Board applications.

The centre supports foreign investment assessments by The Treasury and the FIRB. Foreign investment applications will continue to be assessed on a case-by-case basis. Early advice will provide buyers and some sellers with more certainty about potential requirements for asset sales.

More information is also available in the following fact sheets:

Telecommunications sector security reforms (TSSR)

On 18 September 2017, the Telecommunications and Other Legislation Amendment Act 2017 received Royal Assent. This legislation introduces important reforms to ensure the security and resilience of Australia's telecommunications infrastructure, as well as the social and economic wellbeing of our nation.

The centre is responsible for leading the implementation of the TSSR. The TSSR introduce security obligations on carriers and carriage service providers. Carriers and carriage service providers must comply with their obligations by 18 September 2018, which is the end of the 12-month transition period. The centre's aim is to assist industry to comply with their obligations by the end of this transition period.

Further information is available on the TSSR page.

Contact details

Phone: 02 5127 7387
Email: enquiries@cicentre.gov.au
Address: 3–5 National Circuit
BARTON ACT 2600

Related links

Related websites

Media release