What is Security of Critical Infrastructure (SOCI)?
Critical infrastructure in Australia delivers essential services for all Australians crucial to economic prosperity and way of life; examples of such services include electricity, communications, transport and banking.
Critical infrastructure is increasingly relied on, while network interconnects between services are required more and more.
Connectivity without proper controls in place creates significant risk. Interconnectedness means that compromising one critical infrastructure asset can have a flow-on effect that further affects other services and results in cascading consequences.
Threats across the range of hazards, from natural threats (including meteorological or climate hazards) to human-induced threats (including unlawful interference, cyber incidents, espionage, chemical or oil spills, and trusted insiders), all have the potential to disrupt critical infrastructure significantly.
As most of Australia’s critical infrastructure is owned and operated by private industry or state and territory governments, the approach to ensuring the resilience of Australia’s critical infrastructure must be clear, effective, consistent and proportionate.
Who does the Security of Critical Infrastructure Legislation apply to?
The Security of Critical Infrastructure Act 2018 currently covers specific entities in the following areas;
- Ports sectors
If the current bill before parliament is passed, the scope will be expanded to include
- Entities within Critical Infrastructure Sectors
- Entities who Operate Critical Infrastructure Assets
- Entities who Operate Systems of national significance
And expands its coverage from four sectors (electricity, gas, water and ports) to the following eleven critical infrastructure sectors:
- financial services and markets
- data storage or processing
- defence industry
- higher education and research
- food and grocery
- health care and medical
- space technology
- transport; and
- water and sewerage.
* The bill is expected to be passed in the coming months.
How Vectra can help with Security of Critical Infrastructure (SOCI) Compliance?
Vectra has the resources to help you comply with the Security of Critical Infrastructure Act. We can assist you by conducting the following;
- SOCI preliminary gap assessment
- Assist with implementing appropriate technical and organisational measures, including data protection policies, to ensure your organisation aligns with the framework for managing risks relating to critical infrastructure.
- Reviewing implications of compliance with the AESCSF
- SCADA security review services
- Penetration testing
- Infrastructure review
- Application code review
- Implementing security controls
- Ongoing monitoring and assurance
More information for Australian Businesses
The following resources may assist Australian businesses in understanding Security of Critical Infrastructure & The Security Legislation Amendment (Critical Infrastructure) Bill 2020.