Reliable PNT services are vital for Australia’s national security, and the need for risk mitigation is growing.
All Australians rely on critical infrastructure to deliver the essential services that underpin our economy, security and sovereignty. The Cyber and Infrastructure Security Centre, within the Department of Home Affairs, assists critical infrastructure owners and operators to understand risk and meet regulatory requirements — for the shared benefit of all Australians.
The Security of Critical Infrastructure Act 2018
Critical infrastructure protection is also included in legislation. The CISC is responsible for implementing the Security of Critical Infrastructure Act 2018, or SOCI Act, which seeks to apply positive security obligations to critical infrastructure owners and operators.
The SOCI Act defines eleven critical infrastructure sectors: communications; data storage or processing; defence industry; energy; financial services; food and grocery; healthcare and medical; higher education and research; space technology; transport; and water and sewerage. What these diverse sectors all have in common is their importance to our everyday way of life, and the need for them to be protected for the benefit of all Australians.
The SOCI Act places certain security obligations on different types of critical infrastructure operators — for example, some may be required to register certain information with the CISC, or to notify the federal government about cyber security incidents.
Some companies may also be required to have a Critical Infrastructure Risk Management Program in place, which ensure entities identify, minimise and/or mitigate any material risks to the availability, integrity, reliability or confidentiality of the critical infrastructure asset. This program is intended to be address the impacts of all hazards, whether they be cyber, human-induced or natural hazards.
How does this relate to positioning, navigation and timing (PNT)? PNT is critical to the effective and efficient operation of Australia’s critical infrastructure, and the need for accurate and reliable PNT is growing.
Much of Australia’s critical infrastructure relies on space-based PNT services. But we also know that PNT services are vulnerable to interference — including from environmental effects such space weather, cyber security incidents, equipment failure or deliberate jamming of signals. Disruption to these services would have significant impacts to the Australian economy.
The CISC considers that a substantive loss of or loss of access to, or deliberate or accidental manipulation of, PNT services that would affect the functioning of a critical infrastructure asset, is a material risk. Critical infrastructure asset operators who are required to have a Risk Management Program in place will need to have a plan in place to mitigate material risks. Because we consider PNT to be so vital, a loss of PNT is actually explicitly mentioned in the Risk Management Program Rules as an example of a material risk. We’ve also referred to a loss of PNT services as a risk in our inaugural Annual Risk Review.
The CISC is working with critical infrastructure entities to better understand their dependencies on PNT services, as we know that different sectors and businesses will have differing requirements for accuracy and reliability. We are also engaging with industry to get a better understanding of the different technologies that can provide greater redundancy to critical infrastructure operators, and to help them to withstand and recover faster from outages to service. Partnering with industry will enable us to provide more tailored advice on how to mitigate the risk of a disruption to service.
How do we engage with industry?
The Trusted Information Sharing Network (TISN) is the primary way for industry and all levels of government to work together to enhance the security and resilience of critical infrastructure. The TISN brings together stakeholders from across the critical infrastructure community, including critical infrastructure owners and operators, supply chain entities, peak bodies, cross-sectoral interest groups, academics, research institutes and all levels of government.
Through the TISN, members of the critical infrastructure community collaborate to identify and manage risks to critical infrastructure. If you are interested in joining the TISN, contact cir@homeaffairs.gov.au. More information about the CISC can be found at cisc.gov.au.
Article provided by the Department of Home Affairs.
