The Cyber and Infrastructure Security Centre has set live its Critical Infrastructure Risk Management Program (CIRMP) requirement, aiming to address the risks that organisations face and create a baseline for security across all critical infrastructure sectors in the Australian economy.
The rules address risks that include cyberattacks and ransomware, fires and floods, malicious insiders and malign foreign powers.
With the rules, responsible entities for critical infrastructure (CI) assets are required to adopt, maintain and comply with a risk management program that identifies and manages material risks of hazards that could have a relevant impact on a critical infrastructure asset.
The plan must identify each hazard where there is a risk that the occurrence of that hazard could have a relevant impact on the asset, and should address how it would minimise or eliminate any risk of the hazard occurring.
CIRMP is the third and final of the three positive security obligations legislated within recent amendments to the Security of Critical Infrastructure Act 2018.
The other two obligations are Mandatory Cyber Incident Reporting, and the Critical Infrastructure Asset…
