Skip to content Skip to footer

Loading Results

Defending Australia’s critical infrastructure

As the cyber threat faced by critical infrastructure operators rapidly evolves and increases, and as the Government’s expectations expand, Australia has an opportunity to lead the world in how to place resilience at the heart of our essential service operations.

With this aim, the Australian Governments’ Protecting Critical Infrastructure and Systems of National Significance reforms was introduced to better secure the industries that are essential to our national interest – and our Australian way of life.

Why the threat to critical infrastructure is rising

69% of Australian executives expect an increase in state-sponsored attacks on critical infrastructure

Digital Trust Insights Survey 2022

The shift in the nature of the cyber threat faced by critical infrastructure is multi-pronged. 

Beyond Australia’s borders, competition between nation states is taking on a new and worrying shape. Efforts to undermine adversaries or achieve leverage via attacks on critical infrastructure represent a far less costly and more deniable way to wreak havoc than through traditional warfare. Proxies, amateurs and organised criminal cartel involvement adds layers of ambiguity to an already difficult attribution model and - especially with regard to critical infrastructure attacks - collateral damage is a very real possibility.

Within critical infrastructure organisations, technological innovation has accelerated faster than our ability to secure it, introducing significant risks and vulnerabilities even as it brings greater efficiencies and productivity.

Operational technology (OT) systems, such as Industrial Control Systems (ICS), are becoming closely integrated with corporate IT systems as the pressure to achieve efficiencies increases. Where these systems are old, or under-protected there is a higher rate of vulnerabilities - this increases their appeal as high value targets for cyber attackers looking for insecure entry points into critical infrastructure.

How our essential service providers can better protect us from cyber crime

A new survey from PwC shows Australian consumers may benefit from businesses being more transparent about cyber security incidents, not only because there are increasing regulatory requirements, but because consumers expect it.

Read more

Introducing the Security Legislation Amendment (Critical Infrastructure) Act 2021

The Security Legislation Amendment (Critical Infrastructure) Act 2021 (SLACI Bill) is an important marker for Australian businesses highlighting that the economy is changing and we need to take action now to protect businesses and the economy against cyber threats and disruption. 

The SLACI Bill establishes an “enhanced regulatory framework” for critical infrastructure, building on the Security of Critical Infrastructure Act (SOCI) passed back in 2018. The Bill expands the definition of what critical infrastructure sectors are from the original four named in the SOCI Act to a total of eleven sectors which will be subject to the enhanced regulatory framework. The extension of the broad-ranging Act to include a much wider range of industries creates much needed incentives to make sure that as we push ahead with recovery, we do so while putting in place the defences needed to protect ourselves from potentially devastating attacks.

Following the Parliamentary Joint Committee on Intelligence and Security recommendation the original bill identifying the sectors and positive security obligations they will be required to achieve, was split into two with the first part - Security Legislation Amendment (Critical Infrastructure) Bill 2021 (aka SLACI) enacted this year having passed the House of Representatives in October, the Senate on 22 November 2021 and receiving royal assent on 2nd December 2021.

SLACI, the first part of the original regulation, requires critical infrastructure owners notify the government of cyber security incidents and, if the owner is unwilling or unable to take responsible steps to resolve the cyber security incident, the legislation allows the government to step in and take control of the incident response. 

Further reforms are expected next year. The Department of Home Affairs is currently consulting on the second part of the SLACI Bill, which will include further risk planning requirements and “enhanced cyber security obligations” for operators of systems of national significance that could see companies directed to undertake certain defensive activities such as developing cyber security incident response plans, cyber security exercises, and vulnerability assessments. 

SLACI Bill passes the Senate

The changes implemented by the SLACI Bill are significant and reflect the increased focus of the Australian Government on ensuring it is able to meet evolving cybersecurity threats that have the potential to impact Australia’s critical infrastructure. 

Find out more

A critically important problem that we are committed to solve

For a firm whose purpose is to build trust in society and solve important problems, ensuring the critical services Australians rely on every day remain available, secure and stable is among the most fundamental. 

PwC works with partners to understand their specific threats and valued assets. We develop tailored recommendations on how to strengthen resilience and increase readiness to comply with obligations under the legislation. 

This is possible because our team includes both deep technical experts and specialists in specific industries who ensure that security recommendations align with broader business needs and take account of sector specific nuances. 

Our teams effectively enable resilience by connecting the dots within organisations, getting buy-in and collaboration between IT teams, engineering teams, and the boardroom, and speaking the right language to the right people.

PwC is proud to play a role in advancing critical infrastructure security, working across the industry spectrum. Proof of our expertise is the strength of voice to Government. That includes submissions on the SOCI 2018 Act, our role overseeing implementation of the Australia 2021 Cyber Strategy through representation on the Industry Advisor Committee, and our position within Engineering Australia’s Cyber Security subcommittee to promote the intersection of cyber security and engineering disciplines. 

Check out our two submissions on the SOCI Amendment Bill: 

Contact us

Robert Di Pietro

Partner, Cybersecurity & Digital Trust, PwC Australia

Tel: +61 418 533 346

Mike Younger

Partner, Cybersecurity & Digital Trust, PwC Australia

Tel: +61 490 093 981

Zoe Thompson

Director, Cybersecurity & Digital Trust, PwC Australia

Tel: +61 472 675 510

Garry Bentlin

Partner, Cybersecurity & Digital Trust, PwC Australia

Tel: +61 409 573 636

Follow PwC Australia