The Security of Critical Infrastructure Act (SOCI) is a national law which sets legal obligations for the owners and operators of critical infrastructure assets. “Critical infrastructure” includes facilities, supply chains or networks which, if damaged or disabled for an extended period, would significantly harm social or economic wellbeing, defence or national security.
SOCI is very broad and applies to 11 sectors that we all rely on for a safe, secure and well-functioning society and economy. SOCI applies to Communications, Data storage and processing, Defence, Energy, Transport and Water and Sewerage, Healthcare and others.
We should all be pleased that Australia has a system to place obligations on the owners and operators of these incredibly important assets. Obligations include reporting to government operation and ownership information, as well as cyber security incidents.
Critical infrastructure owners must also adopt, maintain and comply with a written risk management program.
For assets deemed as Systems of National Significance (SoNS), there are additional Enhanced Cyber Security Obligations (ECSO). These include preparing for cyber security incident response, building cyber response preparedness through exercises; vulnerability assessments, and sharing with government near real-time threat information.
Why is SOCI important? We all rely on Australia’s critical infrastructure. For everyday life we need safe, secure and reliable water, data, transport and healthcare.
While most of Australia’s critical infrastructure is in private hands, SOCI allows government to ensure that owners and operators implement safeguards to protect these assets and, in the end, us all. It is essential that this infrastructure is made impenetrable from cyber-attack.
It is hard to imagine the chaos which would result from our critical infrastructure being disrupted and damaged for a long or even a short period. Hackers infiltrating and controlling this infrastructure could see power and water turned off, and our roads, airports and seaports in dangerous chaos.
Next time: Where are the vulnerabilities and what could go wrong?
