Tuesday, 21 February 2023
Media release

World leading protection for Australia's critical infrastructure

Australia's critical infrastructure assets will be better protected following commencement of the Risk Management Program (RMP) obligation – a set of rules designed to strengthen the resilience of critical infrastructure and essential services vital to the security, prosperity and sovereignty of Australia.

Minister for Home Affairs and Minister for Cyber Security Clare O'Neil said critical infrastructure assets are vulnerable to natural disasters and attractive targets for foreign interference, cyber criminals and other malicious actors who seek to do Australia harm.

"As a nation we must continue to ensure the security of our essential services – things such as energy and water, food, health care, transport, supply chains and communications – and to protect them from a range of threats, including cyber, physical, personnel, supply chain and natural hazards," Minister O'Neil said.

"The RMP rules will strengthen the resilience of essential services by embedding preparation, prevention and mitigation activities into standard business practices, and provide responsible entities greater situational awareness of threats to critical infrastructure."

The RMP rules are the third and final positive security obligation legislated in recent amendments to the Security of Critical Infrastructure Act 2018. This obligation requires responsible entities to consider the hazards they may face as a business, and take tangible steps to manage risks to operations of critical infrastructure assets. Now that all three obligations have been switched on, Australians will benefit from world leading protection.

As part of this comprehensive suite of measures to enhance the security and resilience of critical infrastructure, the Government has also launched an updated Critical Infrastructure Resilience Strategy.

The Strategy provides a roadmap for protecting essential services and assets – everything from electricity and water, to healthcare and groceries. Accompanying the Strategy is a Critical Infrastructure Resilience Plan, setting out how the Strategy's objectives will be delivered.

The Strategy and Plan enshrines continued partnership and close engagement between industry and government, empowered by the Trusted Information Sharing Network, to collaboratively uplift the security and resilience of Australia's critical infrastructure.

The Strategy has three key objectives:

  • Support critical infrastructure owners and operators to effectively manage risks through mature risk based and resilience approaches
  • Deliver initiatives through​​​ strong industry-government partnerships​
  • Support critical infrastructure owners and operators to strengthen their security and resilience through regulatory frameworks, and improved collaboration

"The increasingly interconnected nature of critical infrastructure exposes vulnerabilities that could result in significant consequences to our security, economy and sovereignty," Minister O'Neil said.

"We need to ensure our critical infrastructure security arrangements keep pace with the evolving threat environment and continue to deliver the essential services we all rely on.

Further information on the RMP rules and the CIR strategy can be found on the Cyber and Infrastructure Security Centre website.