By James Boddam-Whetham, General Manager, Noggin
For Australia’s critical infrastructure sector, it’s been the best of times and the worst of times – an age of unbelievable advancements and an age of unprecedented threats.
Unfortunately, it is the unprecedented threats that have dominated the sector according to the 2023-2030 Australian Cyber Security Strategy. The strategy acknowledges the industrialisation of cybercrime, growing cost of cyberattacks, and major question marks surrounding critical and emerging technologies.
For the industry, there’s also the added complication of new regulations. What are they, and how to comply? Here, we’ll look at the most recent legislation and measures critical infrastructure entities can take to comply.
In November 2024, a new Cyber Security Legislative package passed through Parliament. The package consisted of the Cyber Security Bill, the Intelligence Services and Other Legislation Amendment Bill 2024, and the latest in a long line of amendments to existing Security of Critical Infrastructure legislation (SOCI Act).
In large part, the reforms aim to:
- Clarify existing obligations for systems holding business critical data
- Enhance government assistance measures to better manage the impacts of all-hazards incidents on critical infrastructure
- Give government the power to direct entities to address risk management program deficiencies
- Align regulation for the security of telecommunications into the SOCI Act
For those tracking, the compliance burden placed on critical infrastructure entities has only increased since the initial SOCI Act passed in 2018. After these latest reforms, organisations are likely asking, how can we ensure ongoing compliance?
Noggin recommends reading the relevant statutes. Although the law keeps changing, the direction of traffic is clear: policymakers demanding stronger security frameworks from industry.
To comply, Noggin recommends entities take a proactive approach to their security risk management with measures that make it simple to identify risks, assess inherent risk levels, implement controls and confirm their effectiveness, as well as monitor residual risk levels.
Ensuring standardisation across an organisation is challenging; but this is where dedicated resilience software comes in, with integrated incident management, threat intelligence, and vulnerability assessment capabilities.
Finally, policymakers are ratcheting up the pressure on the critical infrastructure sector. To comply, organisations will need to make smart software investments in solutions like Noggin that empower entities to meet obligations, by enabling their teams to work together to anticipate and manage threats, conduct preparedness activities, effectively respond to disruptions, and continually learn from insights to strengthen resilience.
For more information, visit noggin.io
