Critical Infrastructure Protection
Australia’s critical infrastructure is important to our national security. To read more about national security go to the National Security web site.
- What is critical infrastructure?
- Who owns Australia’s critical infrastructure?
- What is critical infrastructure protection?
- What is the threat to critical infrastructure?
- Who is responsible for protecting critical infrastructure?
- How is Australia’s critical infrastructure being protected?
- The Trusted Information Sharing Network for Critical Infrastructure Protection
- What is the National Information Infrastructure?
- What do Computer Emergency Response Teams do?
- Other programs
What is critical infrastructure?
‘Critical infrastructure’ can mean different things to different people. To the Australian Government it means:
those physical facilities, supply chains, information technologies and communication networks which, if destroyed, degraded or rendered unavailable for an extended period, would adversely impact on the social or economic well-being of the nation or affect Australia’s ability to ensure national security.
Examples of critical infrastructure that all Australians rely on include essential services like power, water, health services, communications systems and banking.
Who owns Australia’s critical infrastructure?
In some parts of Australia, up to 90 per cent of critical infrastructure is privately owned or operated on a commercial basis. Other critical infrastructure may be owned by the Australian Government or State and Territory governments.
What is critical infrastructure protection?
A number of existing strategies, plans and procedures that deal with preventing, preparing for, responding to and recovering from disasters and emergencies come together to protect critical infrastructure. These include:
- law enforcement and crime prevention
- counter-terrorism
- national security and defence
- emergency management
- business continuity planning
- protective security
- e-security
- natural disaster planning and preparedness
- risk management
- professional networking, and
- market regulation, planning and infrastructure development.
What is the threat to critical infrastructure?
The Government believes terrorism is a real threat to Australia’s critical infrastructure. Other things, like cyclones, fires and accidents can also damage or destroy critical infrastructure. The Government therefore believes that arrangements for protecting critical infrastructure needs to cover ‘all hazards’.
If a disaster damages or destroys part of Australia’s critical infrastructure we need to get it up and running again as quickly as possible. The Australian Government is working with critical infrastructure owners and operators to make sure Australia’s vital services are suitably protected and, if they are damaged, that they can be restored quickly.Who is responsible for protecting critical infrastructure?
The responsibility for protecting critical infrastructure is shared between critical infrastructure owners and operators, the Commonwealth and State and Territory governments.
How is Australia’s critical infrastructure being protected?
As with most businesses, those who own or run critical infrastructure know the best way to protect it, how to manage an incident and how to get things up and running again.
The Trusted Information Sharing Network for Critical Infrastructure Protection
The Trusted Information Sharing Network for Critical Infrastructure Protection is one way that businesses and governments work together to protect critical infrastructure.
A diagram of the network
What does the network do?
The Trusted Information Sharing Network for Critical Infrastructure Protection, commonly called ‘the TISN’, is a forum where critical infrastructure owners and operators work together by sharing information on security issues.
The network’s members include businesses, State and Territory government agencies and Commonwealth government agencies that are concerned with protecting critical infrastructure.
Industry Groups
There are nine groups for different industries. These are:
- banking and finance
- communications
- emergency services
- energy
- food chain
- health
- mass gatherings
- transport, and
- water services.
These groups are called ‘Infrastructure Assurance Advisory Groups’.
More information about the different industry groupsAdvisory Council
The Critical Infrastructure Advisory Council oversees the work done by the industry groups. It is made up of delegates from each of the industry groups, State and Territory governments, the National Counter-Terrorism Committee and Australian Government agencies concerned with critical infrastructure.
The Council reports to the Attorney-General and links into Australia’s counter-terrorism arrangements.Critical Infrastructure Advisory Council
Expert advice
There are two Expert Advisory Groups that give the Critical Infrastructure Advisory Council advice on special matters. They are:
- the IT Security Expert Advisory Group, and
- the CIP Futures Expert Advisory Group.
Other Expert Advisory Groups are formed from time to time to consider specific issues.
Expert Advisory Groups
What is the National Information Infrastructure?
The communication networks that Australia relies on make up the National Information Infrastructure. These include data, telephone and computer networks.
National Information Infrastructure
What do Computer Emergency Response Teams do?
The Computer Security Incident Response Teams and the Computer Security Incident Readiness Team, both usually called ‘CSIRTs’, play an important role in keeping computer systems safe. There are CSIRTs in many countries which work together to protect computer systems.
At the national level, Australia has an Australian Government computer emergency readiness team (GovCERT.au) and a non-government computer emergency response team (AusCERT).
GovCERT.au—Australian Government Computer Emergency Readiness Team
GovCERT.au was established by the Australian Government to provide Australian critical infrastructure, and other identified businesses, with specific advice on computer security preparedness and readiness. It is also the Australian Government’s point of contact for foreign governments on CERT and computer security issues of national interest.
Specifically, GovCERT.au:
- coordinates enquiries from foreign governments about cyber-security issues that affect Australia’s critical infrastructure and the economy more broadly
- passes on specific computer security information to Australian critical infrastructure owners and operators, and
- develops and coordinates the Australian Government’s policy on how to prepare for, respond to, and recover from, computer emergencies.
Importantly, GovCERT.au does not handle day-to-day computer incidents, but works with AusCERT and others to secure Australia’s information infrastructure.
More information about GovCERT.au
AusCERT—Australian Computer Emergency Response Team
AusCERT is a not-for-profit organisation located at the University of Queensland and is the national Computer Emergency Response Team for Australia and a leading CERT in the Asia – Pacific region. As a trusted Australian contact within a worldwide network of computer security experts, AusCERT provides computer incident prevention and response and mitigation strategies for members on a subscription basis.
AusCERT’s web site
Other programs
Computer Network Vulnerability Assessment Program
Computer Vulnerability Assessment Program fact sheet
Critical Infrastructure Protection Modelling and Analysis Program
The Critical Infrastructure Protection Modelling and Analysis Program shows how different parts of Australia’s critical infrastructure rely on each other. It can also show in detail what the consequences would be if a piece of critical infrastructure fails.