A majority of critical infrastructure operators in Australia don’t have adequate visibility and management of their assets and would struggle to meet the requirements of the second critical infrastructure protection bill, estimates Lani Refiti, Regional Director of cyber-physical systems firm Claroty.
The second bill, which entered parliament in February and builds on the Security of Critical Infrastructure Act (SOCI Act), would require a wider range of organisations that own or operate critical infrastructure to develop and submit an asset ownership list to the Department of Home Affairs as part of the risk management program.
Crucial to this requirement is visibility of an organisation’s existing assets. The proposed amendments focus on this through a risk management program and other enhanced cyber security obligations – including vulnerability reporting and cyber incident response planning and exercises for entities responsible for assets most critical to the nation (known as systems of national significance).
This will include organisations in transport, food and grocery, health care and other sectors with industrial environments dependant on…
