You are here: Skip breadcrumbAttorney-General's Department >> National security >> Critical infrastructure resilience

Critical infrastructure resilience


Critical infrastructure provides services that are essential for everyday life such as energy, food, water, transport, communications, health and banking and finance.

A disruption to critical infrastructure could have a range of serious implications for business, governments and the community. Secure and resilient infrastructure supports productivity, and helps to drive the business activity that underpins economic growth.

The Critical Infrastructure Resilience Strategy, which comprises a policy statement and a plan for practical implementation, aims to ensure the continued operation of critical infrastructure in the face of all hazards.

This department is the lead agency for critical infrastructure. We are responsible for the Critical Infrastructure Centre and managing the Trusted Information Sharing Network (TISN), an environment where business and government can share information on critical infrastructure vulnerabilities and techniques to assess and mitigate risk. Through the TISN, members also share information on organisational resilience, to enhance business’s ability to adapt and evolve as the global market is evolving, to respond to short term shocks or long term challenges.

Critical Infrastructure Centre

The Critical Infrastructure Centre safeguards Australia from the national security risks of sabotage, espionage or coercion from foreign involvement in critical infrastructure.
The centre does this by:

  • identifying our most critical infrastructure
  • developing coordinated, whole-of-government national security risk assessments and security advice
  • developing risk management strategies
  • supporting compliance.

The centre focuses on the potential for malicious actors to gain access and control to Australia's critical infrastructure, through ownership, offshoring, outsourcing and supply chain arrangements. The centre's initial focus is on the risks of sabotage, espionage and coercion in the priority telecommunications, electricity, gas, water and ports sectors.

The centre works in close consultation with state and territory governments, regulators and private owners and operators. The centre also complements and supports initiatives under the Cyber Security Strategy, which aims to boost partnerships with critical infrastructure owners and operators, raise awareness and understanding of cyber security issues and promote strong cyber defences of Australia's networks and systems.

More information about the centre is available in the following fact sheet:

Through CERT Australia, we are working closely with industry to help mitigate cyber risks, including through the establishment of the Joint Cyber Security Centres.

Risk assessments

The centre assesses the risks of espionage, sabotage and coercion that may arise or increase from a change of ownership, conducts a strategic risk assessment, and then designs proportionate mitigations. The risks we assess fall into four categories: people, systems and data, physical, and strategic.

We conduct our risk assessments in close consultation with state and territory governments, regulators and private owners and operators, particularly to understand vulnerabilities. Information that we may require from companies to inform our understanding of vulnerability includes:

  • company’s security policies, i.e. data security and physical security
  • security audits undertaken by a company
  • emergency management plans
  • redundancies
  • offshoring and outsourcing of operations
  • existing regulatory regimes and controls.

These risk assessments take the form of proactive and reactive assessments.

Proactive risk assessments will provide a better understanding of where risks exist in a sector. We will undertake them in collaboration with states, territories and industry, focusing on the four high-risk sectors of telecommunications, electricity, water and ports.

Reactive risk assessments are asset-specific, and developed to support government decision-making, including Foreign Investment Review Board applications.

The centre supports foreign investment assessments by The Treasury and the FIRB. Foreign investment applications will continue to be assessed on a case-by-case basis. Early advice will provide buyers and some sellers with more certainty about potential requirements for asset sales.

More information is also available in the following fact sheets:

Legislative measures

The government introduced the Security of Critical Infrastructure Bill 2017 to the Senate on 7 December 2017. The Bill seeks to manage the complex and evolving national security risks of sabotage, espionage and coercion posed by foreign involvement in Australia's critical infrastructure. The Bill implements a critical infrastructure assets register and a ministerial last resort power.

For more information, and to read submissions on the draft bill, visit the Security of Critical Infrastructure Bill page.

The Bill and explanatory memorandum is available on the Parliament of Australia website.

Telecommunications sector security reforms (TSSR)

On 18 September 2017, the Telecommunications and Other Legislation Amendment Act 2017 received Royal Assent. This legislation introduces important reforms to ensure the security and resilience of Australia's telecommunications infrastructure, as well as the social and economic wellbeing of our nation.

The centre is responsible for leading the implementation of the TSSR. The TSSR introduce security obligations on carriers and carriage service providers. Carriers and carriage service providers must comply with their obligations by 18 September 2018, which is the end of the 12-month transition period. The centre's aim is to assist industry to comply with their obligations by the end of this transition period.

Further information is available on the TSSR page.

Back to top